Hey everyone,

I had a question regarding Page 674 of the 6th Ed.
It is regarding the port numbers.

On the first line of the chart, why does the Inside Local IP Address & Port use 10.1.1.3:1723 and the Inside Global IP Address & Port use 170.168.2.2:1492

I understand that the IPs are different because one is private and one is public, but why is the port number different?

Doesn't the port number come directly from the TCP Segment created by the sender?

Source ports are generally chosen at random, only the destination port will reflect the application it is intended for, and therefore remain the same. Source ports can be changed with no problems.

For instance, if a different local machine had sent a request through the NAT router using a source port of 1723 previously, that port would not be available to use again or the router would not be able to distinguish between the two computers.

Source ports are generally chosen at random, only the destination port will reflect the application it is intended for, and therefore remain the same. Source ports can be changed with no problems.

For instance, if a different local machine had sent a request through the NAT router using a source port of 1723 previously, that port would not be available to use again or the router would not be able to distinguish between the two computers.


So after the local host has already created a TCP Segment which it sends to the router... the router can add on a different source port number? (different from what is in the TCP header?)

Yes, because the destination port is the one that is significant. It is the one that identifies the upper layer protocols to the receiving host. The source port simply identifies which application requested the data, usually a random number above 1024. As long as the NAT router can identify both the orginal IP address and port, it can translate the source port address aswell. Think of the source port as an extension of the IP address, rather than a specific mapping to a protocol or application.

Thanks Fuzz.

Can you help me with this example?

Lets say HostA wants to send an Http request to a remote web server. HostA would generate a TCP Segment with a destination port 80, and lets say, a source port of 2000. When the NAT router receives the packet generated by HostA, does it use 2000 as source port number when sending it out? Or does it make up a random port number?

I guess what I'm trying to figure out is if the router uses the Source Port number from the original TCP Segment, or does it make one up?... Or can it do both?

Thanks for the help!

It can do both. I don't know the specifics, but if an inside global source port has been used by another computer, it is unavailable to use for translation.

HostA sends it's http request, and the NAT router translates the IP address but uses source port 2000 still. Now HostB sends a packet out to the internet, also using source port 2000. The translation cannot use port 2000 again (unless there are spare IP addresses in the pool) as it will not be able to identify HostA's traffic from HostB's. So it can translate the port address too, hence it is referred to as port address translation.

Thanks for your help Fuzz. I understand how it works now.

There is still one thing I'm not clear about...

Can you have a look Page 679?

This is what throws me off:

"...but you can type this in and have it work too: ip nat pool Todd 102.1.2.105 192.1.2.110 netmask 255.255.255.248."

Correct me if I am wrong, but I believe the 102 should be 192?

But why are we using the range from .105 to .110?

Shouldn't we be using .109 to .114 (from the last paragraph of Page 687)?

Yes the 102 should be 192, but as for the host addresses, it uses 109 to 114 as in the example. I'm not sure where you've got 105 - 110 from.

Yes the 102 should be 192, but as for the host addresses, it uses 109 to 114 as in the example. I'm not sure where you've got 105 - 110 from.

Thanks again Fuzz!

This is really strange....For some reason in my book (6th Ed) it uses 105 - 110 in the example...

It's in the errata, http://www.sybex.com/WileyCDA/SybexTitle/productCd-0470110082,navId-290611,pageCd-errata.html

Caught my eye, too.