Getting older, not necessarily wiser!
In this installment we are going to discuss your home router, Network Address translation (NAT), and how they interact with devices on your home Local Area Network (LAN) allowing you to access the Internet.
The last free blocks of IPv4 addresses was issued on October 31, 2011. At that point the IPv4 address space was technically exhausted. NAT is one of several stop gap measure against IPv4 address exhaustion.
Technically, you can not have two devices with the same IP address on the same network. NAT basically allows the use of select groups of addresses on your home network behind your router, segregating them from the rest of the Internet. Because of this design, referred to as a network segment, you can use any number local IP addresses with only one public facing address. These addresses will not interfere with the same addresses on other private LANs.
For the record there are there three common private (reserved) IP address ranges; class A from 10.0.0.0 to 10.255.255.255 (16.7 million addresses), class B from 172.16.0.0 to 172.31.255.255 (1 million addresses), and class C from 192.168.0.0 to 192.168.255.255 (65 thousand addresses).
There are a few different versions of NAT. The most common form in the home is many to one. That is you have multiple internal IP addresses within your LAN. Your router will use NAT to translate them to a single public IP address that is exposed to the Internet.
An interesting property of NAT, any traffic coming from the internet that is not in response to an internal query will be automatically dropped. When discussing firewalls, this type of in-bound traffic is known as established or related. Any non related inbound traffic should be automatically discarded.
To better understand how NAT works, we will go over an example. In the below illustration we have a local computer with a private IP address 192.168.7.23. The router has a private IP address of 192.168.7.1 (default gateway) and a public IP address of 126.96.36.199 (which was acquired from the ISP when the modem was turned on, using a process like DHCP). The LAN computer wants to talk to a public server with a public IP address of 188.8.131.52.
Because you have physical possession and control of the router, you can modify, to some extent, how NAT functions. One of the common things to do is create a rule for an internal server, so you can reach it from the internet. This is generally referred to as Port Forwarding.
When you forward a port, you are telling your router that when an external packet comes in, and it is requesting a specific port, check the rules instead of the NAT Translation table. The rule tells the router to forward the packet to a specific IP address on the LAN (your server). Address translation is still done. But there is no check for an originating request.
We have covered a very brief example of NAT, and discussed port forwarding. The major reason to do this is because you are running some sort of server that you need to access form the Internet.
In the next post we will take a look at CGNAT and why it prevents you from connecting with your server from the internet.
Cloudflared vs CGNAT Part 2 NAT Router