Solved

NAT, HTTP, and multiple internal IP's sharing an identical external IP

Posted on 2010-08-31
7
496 Views
Last Modified: 2012-05-10
I have a novice understanding of NAT and the ways a router can present multiple (internal) IP's to the world using a single (external) IP.  But I'm struggling to understand a pattern I have found across three different networks.  In each case, I browse to one of the web sites that tells you what your ip address is and different computers within a network all display the same ip address from the web site.  From what I've learned about NAT, if they're all showing the exact same external IP, then the router is probably using port addressing to distinguish the different computers.  But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.  Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

Any help, or references to explanations, greatly appreciated.

Thanks!
0
Comment
Question by:ottenm
7 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
Comment Utility
Port 80 is the destination TCP port.

Each packet sent has both source and destination IP address and port number.

So, if two users are behind the same NAT, and send packet to the same external web server (2.2.2.2), the two packets may have for example:

Source: IP 1.1.1.1, port 20000              Destination: IP 2.2.2.2, port 80

Source: IP 1.1.1.1, port 20001              Destination: IP 2.2.2.2, port 80

This way the web server will send back the correct reply to the right client - by answering to port 20000 and 20001, respectively.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
Comment Utility
NAT - Network address translation - in router you define NAT you configure how you can manage mapping internal IP's to the available external IP's. In you scenario you are using mapping external router IP address to the local IP addresses. The router rewrites in every packet flowing out to the INternet source address by NAT configured external IP and maintain translation table where are all active translations writen.
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
>But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.

Correct, as long as there is a port forward (static PAT) the you can not create another another ANT for the IP and port, however, as long as the IP is different, you can have more than one static PAT per port:

Example:
PAT 1:
Public IP: 64.79.20.100 Port 80
mapped to internal: 192.168.20.100 Port 80

PAT2
Public IP: 64.79.20.101 Port 80
mapped to internal: 192.168.20.101 Port 80



>Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

outgoing yes (This is call NAT overload)
Incoming now, typically you would have one webserver and then create name based sites.

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Billy
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ottenm
Comment Utility
I see perqr!  So the reply comes back to port 20000, which the router uses to rewrite to the correct internal IP and port 80 (just assuming here that browser is listening on 80 for the reply).  I was hung up on 80 not being changeable.  Thanks for the help!
0
 
LVL 24

Expert Comment

by:rfc1180
Comment Utility
I have a tendency not to check my grammar before I hit send:

Lets try this again

>But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.

Correct, as long as there is a port forward (static PAT) the you can not create another another NAT for the IP and port, however, as long as the IP is different, you can have more than one static PAT per port:

Example:
PAT 1:
Public IP: 64.79.20.100 Port 80
mapped to internal: 192.168.20.100 Port 80

PAT2
Public IP: 64.79.20.101 Port 80
mapped to internal: 192.168.20.101 Port 80



>Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

outgoing yes (This is call NAT overload)
Incoming no, typically you would have one webserver and then create name based sites.

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Billy
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Port 80 is only for the server.

The PC (client and browser) is using different ports (higher port numbers). For example, you may run many browsers at the same time, many tabs, etc. Since it is always the client that initiates the connection, it does not needs to use a specific port. However, we all need to know that the server listen on port 80.
0
 
LVL 16

Expert Comment

by:Michael Ortega (Internetwerx, Inc.)
Comment Utility
You're question is a little confusing. You state that you're using a site like "whatismyip.com" to determine that all your private computers are behind the same public ip. That essentially is the definition of NAT/PAT.

What do you mean about

"But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value."

Multiplexing is the process of taking many data streams and combinging them to flow over own medium. That's what your router does for you.

I guess I don't understand what you're really asking about using HTTP/80? Are you talking about redirecting inbound HTTP/80 traffic to a specific host on your private network? If so, that's called packet filtering or port forwarding.

MO
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Let’s list some of the technologies that enable smooth teleworking. 
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now