Solved

NAT, HTTP, and multiple internal IP's sharing an identical external IP

Posted on 2010-08-31
7
501 Views
Last Modified: 2012-05-10
I have a novice understanding of NAT and the ways a router can present multiple (internal) IP's to the world using a single (external) IP.  But I'm struggling to understand a pattern I have found across three different networks.  In each case, I browse to one of the web sites that tells you what your ip address is and different computers within a network all display the same ip address from the web site.  From what I've learned about NAT, if they're all showing the exact same external IP, then the router is probably using port addressing to distinguish the different computers.  But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.  Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

Any help, or references to explanations, greatly appreciated.

Thanks!
0
Comment
Question by:ottenm
7 Comments
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
ID: 33567361
Port 80 is the destination TCP port.

Each packet sent has both source and destination IP address and port number.

So, if two users are behind the same NAT, and send packet to the same external web server (2.2.2.2), the two packets may have for example:

Source: IP 1.1.1.1, port 20000              Destination: IP 2.2.2.2, port 80

Source: IP 1.1.1.1, port 20001              Destination: IP 2.2.2.2, port 80

This way the web server will send back the correct reply to the right client - by answering to port 20000 and 20001, respectively.
0
 
LVL 9

Expert Comment

by:Tomas Valenta
ID: 33567414
NAT - Network address translation - in router you define NAT you configure how you can manage mapping internal IP's to the available external IP's. In you scenario you are using mapping external router IP address to the local IP addresses. The router rewrites in every packet flowing out to the INternet source address by NAT configured external IP and maintain translation table where are all active translations writen.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33567470
>But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.

Correct, as long as there is a port forward (static PAT) the you can not create another another ANT for the IP and port, however, as long as the IP is different, you can have more than one static PAT per port:

Example:
PAT 1:
Public IP: 64.79.20.100 Port 80
mapped to internal: 192.168.20.100 Port 80

PAT2
Public IP: 64.79.20.101 Port 80
mapped to internal: 192.168.20.101 Port 80



>Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

outgoing yes (This is call NAT overload)
Incoming now, typically you would have one webserver and then create name based sites.

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Billy
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ottenm
ID: 33567477
I see perqr!  So the reply comes back to port 20000, which the router uses to rewrite to the correct internal IP and port 80 (just assuming here that browser is listening on 80 for the reply).  I was hung up on 80 not being changeable.  Thanks for the help!
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33567492
I have a tendency not to check my grammar before I hit send:

Lets try this again

>But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value.

Correct, as long as there is a port forward (static PAT) the you can not create another another NAT for the IP and port, however, as long as the IP is different, you can have more than one static PAT per port:

Example:
PAT 1:
Public IP: 64.79.20.100 Port 80
mapped to internal: 192.168.20.100 Port 80

PAT2
Public IP: 64.79.20.101 Port 80
mapped to internal: 192.168.20.101 Port 80



>Is there another NAT mechanism I'm missing that would allow multiple internal IP's to share an identical external IP?

outgoing yes (This is call NAT overload)
Incoming no, typically you would have one webserver and then create name based sites.

http://httpd.apache.org/docs/1.3/vhosts/name-based.html

Billy
0
 
LVL 17

Expert Comment

by:pergr
ID: 33567524
Port 80 is only for the server.

The PC (client and browser) is using different ports (higher port numbers). For example, you may run many browsers at the same time, many tabs, etc. Since it is always the client that initiates the connection, it does not needs to use a specific port. However, we all need to know that the server listen on port 80.
0
 
LVL 16
ID: 33567567
You're question is a little confusing. You state that you're using a site like "whatismyip.com" to determine that all your private computers are behind the same public ip. That essentially is the definition of NAT/PAT.

What do you mean about

"But from what I understand about HTTP, it uses port 80, so the router would not be free to multiplex that value."

Multiplexing is the process of taking many data streams and combinging them to flow over own medium. That's what your router does for you.

I guess I don't understand what you're really asking about using HTTP/80? Are you talking about redirecting inbound HTTP/80 traffic to a specific host on your private network? If so, that's called packet filtering or port forwarding.

MO
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now