1. If more than one people are sharing the same ip and they open up the same port for incoming connections for p2p filesharing, how does the incoming connection know who to connect to?

2. If one of them gets attacked with DoS, do they all get attacked?

Via NAT, the router keeps a log of adresses
http://en.wikipedia.org/wiki/Network...ss_translation
DoS will use the external IP, so the connection is affected
http://en.wikipedia.org/wiki/Denial-of-service_attack

1. two computers cannot use the same port when they are behind a NAT router (I think that is what you mean by "IP sharing")
Generally, the computer that opens the port first gets the exclusive use of that port. With p2p applications, the other computer probably will warn about "firewall settings" or something similar.
You can solve this by using different ports on each computer.

2. A specific port is always mapped to a specific computer. So if a DoS attack starts on that port, only one computer is affected.
But to side with repo, when you are under a DoS attack, your adsl line will probably be saturated.

Sorry, I was talking about different adsl customers, not one customer with two computers attached to his router. I hear some isp's do ip sharing between different customers if necessary. In other words one external ip is shared by two customers, each with his own router and nat. Is that not true?

If it is true, please read the first post.

AFAIK the only thing that ISPs do over here is give dynamic IP addresses.
This means that when you reconnect, you get a new IP address.
In that case only one customer has the IP at the same time, so the IP isn't really shared. (more like time-shared)

If they give the same IP to more than one customer at the same time, the ISP has to use NAT. In that case, read my post above.

It should not be possible for two customers to have a same IP addresses at the same time. Allocating dynamic ip addresses can give same ip to customers on different times.

Thanks. Here's an off-topic issue, but recently I set up two computers to connect to the eMule p2p network at the same time in the hope of speeding up the download, and I used different ports as you said, but the two computers could not see each other's files on a p2p search. They connected to the same server and could not see each other. And then they connected to different servers and still they could not see each other, even after hours. How can that be?

It is possible that eMule supports only one client per IP.
I'm not sure about that.
Probably people at the eMule forum can help you better with this question: http://forum.emule-project.net/

Isn't there a shortage of ip's available for adsl users, now that so many people have such internet access? How can isp's have so many customers and therefore so many connected at any time, if the number of ip's available is not growing?

Could it be that the same nat we do with routers, is also done at another level by isp's with their own routers?

There must be a way to map several ports to one for outgoing connections, I think it's only incoming ones that need distinct ports - is that right?

They can add ip blocks.
Not all customers are cnnected at the same time.
There still are ip's available
And ipv6 will start if not :-)

Aren't those ip blocks owned by someone, perhaps an isp owns them who also needs more ip's for the same reasons. Isn't it easier to just add a second level of nat so one external ip corresponds to several connected customers?

That is true to some extent. I have seen some cable net providers who give private ip addresses to the customers and nat at their end.
But as repo said, not all customers are online at same time. So the number of customers can significantly outnumber number of ip addresses available and then ipv6 is also there.
And those who do nat'ing at their side usually provide private addresses. This will not empty the addresses.

Please read more carefully, it gets tiresome to hear the same over and over.

With Isp's who do nat'ing at their side, what happens if a customer wants to make their own lan? I used microsoft connection sharing once but didn't understand what was going on and it was unreliable. What's the proper thing to do in this case?

I get the impression that you keep rephrasing the same question. It might be a misunderstanding of me.

It boils down to this:
-Incoming ports need to be explicitly specified on the NAT router (there are techniques that allow applications to do that without user intervention: UPNP)
-Outgoing ports are opened by the NAT router automatically (connection tracking)
-Port mappings are always pointing to one port on one computer in the lan behind the NAT

-Because NAT at the ISP effectively blocks all incoming ports for the costumer, almost no ISP uses NAT on his (ADSL-) network.
-They can still do that because there still are a few IP addresses left.
-Even if the ISP is using NAT, the costumer can still use an extra layer of NAT, but AFAIK forwarding of incoming ports will be impossible.

Also: Do you want advise on how to share your internet connection? If so, please post more details, and do so in a new tread?

No, just thought it was the normal way of connecting several computers to one modem and ip for customers that do not use the router nat, as one might expect with isp's that do their own nat as you say.

What are incoming ports for? I only remember ever setting them up for better p2p performance, they were like a luxury. Can we live without them?