After learning about DHCP, ARP, DNS, TCP, and NAT, I ran into a question that completely changed how I thought about home networking.
I already understood the basics of NAT.
My laptop might have:
192.168.1.100
while my router has a public address such as:
49.43.12.10
The router replaces the private address with its public address before sending packets to the Internet.
That part made sense.
But then a new question appeared.
The Problem
Imagine a home network with three devices.
Laptop
192.168.1.100
Phone
192.168.1.101
Tablet
192.168.1.102
All three devices are browsing websites simultaneously.
After NAT, every packet appears to originate from:
49.43.12.10
To the Internet, all three devices look identical.
Which raises an obvious question:
When replies come back, how does the router know which device should receive them?
This is where ports become extremely important.
Think of NAT Like an Apartment Building
Imagine a large apartment building.
The building has a single address:
49.43.12.10
Inside the building are:
Apartment 101
Apartment 102
Apartment 103
The public IP address is the building.
The ports are the apartment numbers.
Without apartment numbers, a package arriving at the building could not be delivered to the correct resident.
[Insert Figure 1: Apartment Building Analogy Here]
A Real Example
Suppose we have:
Laptop:
192.168.1.100
Phone:
192.168.1.101
Router:
49.43.12.10
The laptop performs a DNS lookup.
Its operating system chooses a temporary source port:
53001
The packet looks like:
Source IP:
192.168.1.100
Source Port:
53001
Destination IP:
8.8.8.8
Destination Port:
53
The Phone Does the Same Thing
Now the phone also performs a DNS lookup.
It chooses:
53001
as well.
The packet becomes:
Source IP:
192.168.1.101
Source Port:
53001
Destination IP:
8.8.8.8
Destination Port:
53
At first glance this looks problematic.
Both devices chose the same source port.
Surprisingly, this is completely valid.
Why?
Because their source IP addresses are different.
Inside the LAN they are still unique connections.
The Router Receives the First Packet
The router sees:
192.168.1.100:53001
and creates a translation entry:
192.168.1.100:53001
↓
49.43.12.10:40001
Notice something interesting.
The router did not keep:
53001
It selected:
40001
instead.
This becomes the public-facing connection.
The outgoing packet now looks like:
Source IP:
49.43.12.10
Source Port:
40001
Destination IP:
8.8.8.8
Destination Port:
53
The Router Receives the Second Packet
Now the phone's packet arrives.
The router creates another entry:
192.168.1.101:53001
↓
49.43.12.10:40002
Notice what changed.
The public IP stayed the same.
The public port changed.
The translation table now contains:
192.168.1.100:53001
↓
49.43.12.10:40001
192.168.1.101:53001
↓
49.43.12.10:40002
This table is the real magic behind modern home networking.
[Insert Figure 2: PAT Translation Table Here]
The Replies Return
Google sends a reply to:
49.43.12.10:40001
The router checks its translation table.
It finds:
40001
↓
192.168.1.100:53001
The packet is rewritten and delivered to the laptop.
A second reply arrives:
49.43.12.10:40002
The router checks the table again.
It finds:
40002
↓
192.168.1.101:53001
The packet is forwarded to the phone.
Both devices receive the correct response even though they share the same public IP address.
[Insert Figure 3: Reply Mapping Diagram Here]
This Is Actually PAT
Most people casually refer to this process as:
NAT
More specifically, what is happening here is:
PAT
which stands for:
Port Address Translation
Another common name is:
NAT Overload
because many devices are sharing a single public IP address.
Why PAT Is So Powerful
A port number can range from:
0
to
65535
This provides roughly:
65,000+
possible ports.
That means thousands of simultaneous connections can share the same public IP address.
Without PAT, home networking as we know it would be much more difficult.
What Does the Router Actually Store?
The router does not simply remember IP addresses.
It maintains a connection table.
A simplified entry might look like:
Inside IP:
192.168.1.100
Inside Port:
53001
Outside IP:
49.43.12.10
Outside Port:
40001
Destination IP:
8.8.8.8
Destination Port:
53
Real routers store additional information such as:
- Protocol
- TCP state
- Timeouts
- Flags
- Session metadata
This is what allows thousands of connections to coexist simultaneously.
What Happens When the Connection Ends?
Suppose the browser tab is closed.
Eventually the TCP session terminates.
The router notices.
The translation entry is removed.
For example:
49.43.12.10:40001
becomes available for reuse.
This process happens continuously behind the scenes.
Why Random Incoming Traffic Gets Dropped
Imagine a random server sends a packet to:
49.43.12.10:45000
The router checks its translation table.
No matching entry exists.
The router effectively says:
I don't know who requested this connection.
The packet is dropped.
This behavior is one reason home routers provide a basic level of protection against unsolicited traffic.
The Insight That Changed My Mental Model
Initially I thought NAT was simply:
Private IP
↓
Public IP
That is only part of the story.
The real magic is the translation table.
The router continuously maintains mappings between:
(Private IP, Private Port)
↔
(Public IP, Public Port)
for every active connection.
That is how one public IP address can support dozens of devices and thousands of simultaneous network conversations.
And once this idea clicked, ports stopped feeling like random numbers and started feeling like apartment numbers in a giant building.
Top comments (0)