ip nat ports

jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
I'm in packet tracer and I got nat to work with webpages. When I look at the translations, the computers have the same port numbers. But when I was looking at the second and the last address on the list there are different ports between the inside global and local. Why is that? I thought they had to have the same port number in order to know what computer to send the information to.



zero#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
tcp 192.168.10.1:1026 192.168.0.2:1026 192.168.1.2:80 192.168.1.2:80
tcp 192.168.10.1:1024 192.168.0.34:1026 192.168.1.2:80 192.168.1.2:80
tcp 192.168.10.1:1025 192.168.0.35:1025 192.168.1.2:80 192.168.1.2:80
tcp 192.168.10.1:1027 192.168.0.35:1026 192.168.1.2:80 192.168.1.2:80
Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****

Comments

  • MonkerzMonkerz Member Posts: 842
    The nat table tells the router what IP to send the packets to. Port numbers do not have to be the same, they are subject to availability.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    But wouldn't the port number need to be same between the inside local and inside global to send the data to the right application?
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • alan2308alan2308 Member Posts: 1,854 ■■■■■■■■□□
    What if two different computers tried to access the Internet using the same port number? If the port numbers had to match, the whole scheme would break here.
  • MonkerzMonkerz Member Posts: 842
    But wouldn't the port number need to be same between the inside local and inside global to send the data to the right application?

    To answer your question, no they do not. Let me try to lay this out:

    Lets say the hosts using 192.168.10.5 and 192.168.10.6 want to access the Cisco homepage (198.133.219.25). They would both send a request to 198.133.219.25:80. The PC would randomly select ports that will direct traffic to the certain applications requesting it, in this case IE. This is what those requests would look like:
    Host (192.168.10.5)
    Source 192.168.10.5:4444 Destination 198.133.219.25:80

    Host (192.168.10.6)
    Source 192.168.10.6:1246 Destination 198.133.219.25:80

    The router receives the requests and NATs the 192.168.10.0/24 IPs to 66.11.33.129, but both ports 4444 and 1246 have been used by other hosts. The router then randomly selects two available ports (2545 and 3111) and adds the translations to the NAT table:
    Inside local
    Inside Global
    Outside local
    Outside Global
    192.168.10.5:4444 --66.11.33.129:2545--198.133.219.25:80--198.133.219.25:80

    192.168.10.6:1246 --66.11.33.129:3111--198.133.219.25:80--198.133.219.25:80

    The packets leave the router looking like this:
    Host (192.168.10.5)
    Source 66.11.33.129:2545 Destination 198.133.219.25:80

    Host (192.168.10.6)
    Source 66.11.33.129:3111 Destination 198.133.219.25:80

    The Cisco server gets the packets. Creates replies, attaches the requested data and sends them back to the Inside Global Address. The packets look like this:
    Host (192.168.10.5)
    Source 198.133.219.25:80 Destination 66.11.33.129:2545

    Host (192.168.10.6)
    Source 198.133.219.25:80 Destination 66.11.33.129:3111

    The router receives these packets and translates them to inside local addresses that are in the NAT table:
    Host (192.168.10.5)
    Source 198.133.219.25:80 Destination 192.168.10.5:4444

    Host (192.168.10.6)
    Source 198.133.219.25:80 Destination 192.168.10.6:1246

    Hope this helps...
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Wow, thanks monkerz!
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Sign In or Register to comment.