NAPT
See my Mastodon Post this is based off of!
Someone asked my for a cool fact I learned recently, so let me present a TIL from a couple days back!
I was trying to figure out how routers work. When you send a packet, your computer sends the packet to an external IP 54.54.54.540, and marks the return address as its local IP 192.168.1.4.
| Outbound, on the internal network | ||
|---|---|---|
| From: my pc | To: example.com | Via: router |
| 192.168.1.4 | 54.54.54.540 | 192.168.1.1 |
This is forwarded to the gateway between internal and external: your router. The router (who's local IP is often `192.168.1.1` replaces the return address with it's own external IP, issued by your internet provider, like `34.34.34.340`.
| Outbound, on the external network | |
|---|---|
| From: router | To: example.com |
| 34.34.34.340 | 54.54.54.540 |
Then the packet is sent over the external network to the remote server, gets processed, and the response is sent back to the return address: your router.
| Response, on the external network | |
|---|---|
| To: router | From: example.com |
| 54.54.54.540 | 34.34.34.340 |
Now the issue: the router succesfully got your packet *out*, but how can the response back to you? How does it know which computer on the local network needs this packet, since the 'to' address is just the router's external IP?
Ohh, here comes the magic! What I've describes is NAT: network address translation. *But!* What most routers do is more technically NAPT: network address **port** translation!
This method takes into account the port number: web requests have both an IP, as well as a port number, usually written `IP:port`. The port can be thought of as a socket for communication: websites usually talk on port 80, or port 443 if they're secure. Old mails stuff uses port 24, etc.... The packet transaction now goes:
| Outbound, on the internal network | ||
|---|---|---|
| From: my pc | To: example.com | Via: router |
| 192.168.1.4:80 | 54.54.54.540:80 | 192.168.1.1 |
When processed by the router, it changes the source IP to its external IP, and the source port to a unique port!
| Outbound, on the external network | |
|---|---|
| From: router | To: example.com |
| 34.34.34.340:150 | 54.54.54.540:80 |
Then, when the server sends the response packet, it sends it to the unique port address at the router, which can check it's table and see which machine that request is to!
| Response, on the external network | |
|---|---|
| From: example.com | To: router |
| 54.54.54.540:80 | 34.34.34.340:150 |
Ahh! Port 150 was my pc (192.168.1.4)
| Response, on the internal network | |
|---|---|
| From: example.com | To: my pc |
| 54.54.54.540:80 | 192.168.1.4:80 |
And then it finally makes it back to your computer!
How about that, huh?
