Public and Private IP

[ngoc_pbn]

Hi all!
I have one question, I need to your help.
Question : A LAN have some host and one modem ( router) is provided one IP address by ISP then use NAT to provide private IPs to host. So when host in other LAN want communicate one host in this LAN, it will use IP address is provide by ISP or use private IP of host.
Explain me for detail, pelase!!!

Tks
Ngoc_pbn

[lildeezul]

the lan traffic will only be translated if its going egress out of the outside interface (pointing to sevice provider).

if the lan wants to communicate with another lan, (different subnetworks, same enterprise) then no translation will be necessary. But if a lan somewhere across the world wants to communicate over the internet, then their address will be translated, and your addresses will be translated. and the session will be seen as the translated address.

[gabrielshorn]

It uses the public address provided by the ISP.

On most NATs, though, the host on the local LAN has to communicate with the remote host first. This creates a connection that the router remembers. When it receives return communication from the remote host on a specific port, it passes the data to the host inside the LAN. You can configure a NAT so that a remote host can initiate communication with a host on the local LAN. It just requires a little additional configuration where you tell the router to allow communication on a specific, external port to map to a host and port on the LAN.

[Fuzz]

No, it uses the private address. There is no need to use the public address as it is not crossing the modem to outside. There is perhaps only one public address assigned, so how would a host on the inside LAN know which machine was being refferenced?

Host to host inside the same internetwork (private) always use private addresses. They only use the public IP address when translated. In fact, they don't actually use this address, the NAT router uses it as a reference so that outside devices can communicate to different hosts on the inside. The hosts themselves have no idea about NAT or public addresses, it's completely transparent to them.

[gabrielshorn]

I think there's some misunderstanding about the question. I interpreted ngoc's question to be "what IP does a remote host use to communicate with a host on a private LAN that is behind a NAT?"

I tried to "reader's digest" my reply too much. A host on the local, NAT'd LAN communicates with a remote host using the remote IP address. However, the remote host never sees the private address of the local host in the packets it receives. The NAT router strips those out of packets bound for the remote host, replacing both the source host and private IP with the public IP and a port that the router then stores in it's NAT translation table. You can see what the router is doing by issuing the "show ip nat translation" on the router.

The remote host returns data using the public IP address and port of the remote system listed in the IP header of the packets it received.

When the router receives return traffic from the host, it looks up the local port in its NAT translation table, finds the "inside local" address and port of the local host, puts that IP and port into the IP header destination info, and passes it to the internal interface to be sent to the host on the LAN.

Is this clearer?

[Fuzz]

You may be right in his question there, I took LAN to LAN to mean within the same enterprise internetwork. He may have meant between LANs from different enterprises.

[ngoc_pbn]

Thanks all so much!
With your help I understood my problem.