In which I finally resolve something that’s been bugging me for years.

I am not a network engineer.  I run email servers and write code for a living.

So I’ve always wondered how I can have a /16 subnet* running behind my router with a dozen devices talking to the net through a single external IP address, and the net somehow knows how to get back to the right machine with the right information.  In other words, I’ve been using NAT** behind the router for years, but never had time to go do the research into why and how it works.

I did know already that the internal IP information was not part of the TCP/IP packet, which almost would have made sense.

But today I had to deal with something that was closely related and had to actually do a little research.

How, then, is this magic act performed?

Apparently, the router keeps a lookup table for every outbound connection made by every device on your internal network, and records the correlation between the IP of your device and the random “high” port number it used on the outbound side to communicate with, say, Google.  When you connect to Google, and Google sends you back its front page, it sends that page to that same specific “high” port on your router that was used for your outbound connection.  Your router reads the data coming in on that port, checks its lookup table, and fires the data over to your computer on the same port your computer used to connect to the router in the first place (port 80 if you connected to Google insecurely, or 443 if you connected via https).

There’s actually more to it, and as I understand it, commercial “big iron” routers work somewhat differently when you have internal, soi-disant “non-routable” networks (think 192.168.x.x) hooked up to them, but that’s the basic concept.

It only goes to show that when something works, you just let it work and don’t worry about why or how it works . . . until someone asks 🙂


* Which can contain up to 65,536 addresses, but I think we have about 12 🙂  And in reality, I have only a single /24 subnet with 255 possible addresses configured on the internal side of my router.

** Or, actually, PAT, or even NAPT.  NAT is “Network Address Translation”, which isn’t really what’s happening; PAT is “Port Address Translation”, which is more accurate; and NAPT is “Network Address Port Translation”, which may or may not be even more accurate.  Bottom line, it’s all “IP Masquerading”.

At work, we have servers with many IP addresses assigned to them (“multi-homed”) that are all “external”, and workstations with single IP addresses (“single-homed”) that are also all external, and all those addresses go through our router without benefit of NAT.  Technically we COULD do NAT in the office and save a bunch of external IPs for other purposes, but it would make certain functions difficult to perform.