• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 152
  • Last Modified:

Is it true that the internal IP address of a computer stays in the packet header as the source IP when it goes outside of the network?

I am working through my CCNA and came across the concept that the internet layer adds the source and destination IP to the Frame header.
For example, if the computer's internal IP is say and the destination is say Google DNS which might be
So even though the packet leaves the internal network the CCNA course explains the source and destination IP remains the same. Only the MAC addresses change each hop to the destination.  Say your are pinging from How does know where to reply to since is an internal IP address and not externally routable?
It seems like somewhere the external IP address of the router on the internal network would have to be added, but the CCNA course doesn't say that. Otherwise, how would know where to respond?
Is that true then that there is an internal IP and an external source IP get added to the packet at the internet layer for packets that leaves an internal network? If not, how does the destination computer know where to reply to?

Thanks for your help in advance,
Confused Shaun
  • 2
  • 2
1 Solution
The topic to search on is something like "How does NAT work?" -- Network Address Translation.

The piece you are missing is that at the gateway router, the router's own external IP address is substituted for the internal IP address and generally a new port number replaces the original port number. The internal IP and port number are not disclosed to the outside.

While the transaction is in flight, and as long as the connection subsequently remains open, the router remembers the association between the outbound port number and the internal IP address and port number.

When the router receives an inbound packet, it uses the port number to back-translate the internal IP and port before sending the packet along.

In this way, a sort of firewall is created: an external host cannot initiate a connection with a given internal (protected) host because it has no way to know which port number connects to the target. Connections have to be initiated by the internal host (but I go on to talk about port forwarding below).

NAT routers can also be configured to do port-forwarding. When a connection requests arrives for one of the forwarded ports, it is translated into a connection request on the configured internal IP address and port.
shaunwoyAuthor Commented:
Thanks heaps for the reply! This is all really interesting.
So what you are saying is I might not have gotten to the part of the course that explains the contents of the frame header when it leaves the internal network.  So the gateway router strips off the internal source IP and port and puts on the router's external IP, leaves the original destination IP and adds a unique source port so it can remember which communication is destined for which computer? When it gets back the reply, it strips off the external IP as destination and puts back the original internal source IP and port?
I think you've got it!
shaunwoyAuthor Commented:
That's awesome! Thanks for that. It makes heaps more sense now!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now