Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
05-02-2017, 12:43 PM
|
#1
|
Member
Registered: Nov 2015
Posts: 397
Rep:
|
Source IP address in IP packets
I see examples where the source
and destination IPs are on same
network were used to illustrate the IP header.
If you send a packet to a destination
on a different network, meaning through
the Internet and finally reaching another
network, NAT (network address translation)
at router occurs.
The source IP of local host, e.g. 192.168.1.100,
is a private IP address, and the receiver
cannot just send a respond to 192.168.1.100
because there are thousands if not millions
of such private IP addresses.
How is the source IP preserved (embedded) in the
IP packet by the time the packet reached the
destination network (which is not the same
network as the sender's network) just before
it is unpacked by the destination router?
Last edited by fanoflq; 05-02-2017 at 12:51 PM.
|
|
|
05-02-2017, 01:13 PM
|
#2
|
Senior Member
Registered: Dec 2011
Location: Simplicity
Distribution: Mint/MATE
Posts: 2,931
|
The NATting router needs to replace the original source IP by a public source IP, then forward the packet to the outer network.
And vice versa when it receives the answer.
|
|
|
05-02-2017, 01:37 PM
|
#3
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by fanoflq
How is the source IP preserved (embedded) in the
IP packet by the time the packet reached the
destination network (which is not the same
network as the sender's network) just before
it is unpacked by the destination router?
|
The Private IP is not preserved in the Packet. It is preserved with Connection Tracking.
|
|
|
05-02-2017, 02:23 PM
|
#4
|
Moderator
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,894
|
This does not necessarily have to employ NAT either, the function of the router is to allow public access for the local private network, by using the public IP and keeping track of the individual MAC addresses of your local stations for all communications that go through the router.
|
|
|
05-02-2017, 03:16 PM
|
#5
|
LQ Guru
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,870
|
To clarify, (Source ...) NAT ("Network Address Translation") uses a randomly-assigned source port-number to disambiguate the returning traffic. When it makes a connection to the outside world, it associates a randomly-assigned port-number with your internal IP-address, and includes that number in all traffic that "you" are sending. This is what enables it to return the replies to "you."
The public never knows your internal IP-address within your home network. All outbound traffic appears to originate from your router and will be returned to your router. (Where it goes from there is unknown to the outside world.) The assignment of source port-numbers is random and meaningless, and never intrudes into the range of "well-known port numbers."
- - - - -
If inbound traffic, which is not a reply to something that you previously sent, is being sent to your IP, then port forwarding is required to cause the traffic to be delivered to the proper internal IP. For instance, if you are running an HTTP server on your box, your router must have a port-forwarding rule that says that inbound traffic to "port 80" must be sent to "your box" and not your sister's iPhone.
Last edited by sundialsvcs; 05-02-2017 at 03:23 PM.
|
|
|
05-02-2017, 03:33 PM
|
#6
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,792
|
Quote:
Originally Posted by sundialsvcs
To clarify, (Source ...) NAT ("Network Address Translation") uses a randomly-assigned source port-number to disambiguate the returning traffic.
|
In Linux, at least, it assigns a new source port if necessary to disambiguate the connection. If the tuple of (SPORT, DEST, DPORT) is not currently present in connection tracking, the source port is left as it is.
|
|
|
05-02-2017, 04:11 PM
|
#7
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Thank you for all your responses.
I also read this link:
Here are what I know when a tcp packet leaves the router from sender:
In tcp header, you have the sender's port and destination port.
In ip header, the sender's IP address was replaced by router's IP address.
When the destination server respond, it send back these information:
In tcp header, you have the respondent's port and destination port.
In ip header, the respondent's IP address was replaced by router's IP address. You also have destination (public) IP address.
Now if you have two local hosts using same port number, and sending a tcp packet to same server's IP address at same port number, and when the local host' router receives a packet from respondent, it was not clear to me these information (respondent's public IP address and its port as well as destination (local host) port number and its public (router) IP address) are adequate to determine the correct destination of the packet since we now have two local hosts using the same port number.
Summary of question:
Respondent (server) sends tcp packet that has:
(respondent IP, respondent port, destination router IP and port number of original sender. )
Destination router has to resolve above tcp packet
from respondent to two local hosts which coincidentally use same port number and tcp protocol when sending packets to same server..
Inadequate information for local hosts' router to resolve destination local host for incoming tcp packet.
What did I missed?
Last edited by fanoflq; 05-02-2017 at 04:57 PM.
|
|
|
05-02-2017, 05:01 PM
|
#8
|
LQ Guru
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524
|
From wikipedia:
Quote:
PCP allows deployed equipment and applications to create explicit mappings between an external IP address, protocol and port, and an internal IP address, protocol and port. With such explicit mappings in place, inbound communication can reach the hosts behind a NAT or firewall, which either expands their server roles beyond boundaries of local networks, or makes use of various services simplified and less resource-consuming. Created mappings are permanent to the extent of having a known lifetime that can be extended, which is similar to the way Dynamic Host Configuration Protocol (DHCP) implements its leases. At the same time, PCP allows applications to create additional mappings dynamically as required, which reduces or eliminates the need for having ALG-enabled NAT devices and firewalls.[1][3]
Created explicit mappings are permanent, with no need for application-level keepalive messages to be exchanged between hosts and servers for the purpose of preserving the mapping. As a result, network usage and power consumption are reduced, and application-level keepalive logic no longer needs to be implemented at client and server sides. After a PCP-based mapping is created, associated externally visible parameters (IP address, protocol and port) need to be announced to clients so incoming connections can be established, which is performed in application-specific ways. Additionally, PCP provides the functionality required to inform applications when the external IP address is changed while a mapping is already established.[1][3]
Various types of NAT can be handled by PCP, providing support for IPv6/IPv4 NAT (NAT64, sharing of an IPv6 address) and IPv4/IPv4 NAT (NAT44, sharing of an IPv4 address); inclusion of PCP into IPv4 and IPv6 firewall devices is also supported. PCP is designed to be used on both large-scale aggregation points (for example, as part of carrier-grade NATs), and inside low-cost consumer-grade devices. Both long-term (for an IP camera or a temperature sensor acting as a server, for example) and short-term mappings (while playing an online computer game, for example) are supported.
|
The important part is that the mappings, internal and external port, protocol and address; are unique.
Last edited by AwesomeMachine; 05-02-2017 at 05:05 PM.
|
|
|
05-02-2017, 06:00 PM
|
#9
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,792
|
Quote:
Originally Posted by fanoflq
Now if you have two local hosts using same port number, and sending a tcp packet to same server's IP address at same port number, and when the local host' router receives a packet from respondent, it was not clear to me these information (respondent's public IP address and its port as well as destination (local host) port number and its public (router) IP address) are adequate to determine the correct destination of the packet since we now have two local hosts using the same port number.
|
For at least one of those connections, NAT will have substituted a different source port number so that the tuple (SPORT, DST, DPORT) uniquely identifies the connection. When a reply packet comes back, the (DPORT, SRC, SPORT) tuple of the reply packet will match the translated (SPORT, DST, DPORT) of exactly one tracked connection, and the destination address and port number can be translated back to the original source address and port number.
Last edited by rknichols; 05-02-2017 at 06:01 PM.
|
|
1 members found this post helpful.
|
05-02-2017, 06:05 PM
|
#10
|
Member
Registered: Nov 2015
Posts: 397
Original Poster
Rep:
|
Quote:
Originally Posted by rknichols
For at least one of those connections, NAT will have substituted a different source port number so that the tuple (SPORT, DST, DPORT) uniquely identifies the connection. When a reply packet comes back, the (DPORT, SRC, SPORT) tuple of the reply packet will match the translated (SPORT, DST, DPORT) of exactly one tracked connection, and the destination address and port number can be translated back to the original source address and port number.
|
That solves the posted question.
Thank you.
|
|
|
05-04-2017, 07:46 AM
|
#11
|
Senior Member
Registered: Dec 2003
Location: The Key Stone State
Distribution: CentOS Sabayon and now Gentoo
Posts: 1,249
Rep:
|
Quote:
Originally Posted by rknichols
For at least one of those connections, NAT will have substituted a different source port number so that the tuple (SPORT, DST, DPORT) uniquely identifies the connection. When a reply packet comes back, the (DPORT, SRC, SPORT) tuple of the reply packet will match the translated (SPORT, DST, DPORT) of exactly one tracked connection, and the destination address and port number can be translated back to the original source address and port number.
|
If I am not mistaking the only time this will happen is when you have 2 internal hosts talking to the same external host using the same internal ports. Now your are talking PAT and not NAT.
|
|
|
05-04-2017, 08:54 AM
|
#12
|
Senior Member
Registered: Aug 2009
Distribution: Rocky Linux
Posts: 4,792
|
Quote:
Originally Posted by lazydog
If I am not mistaking the only time this will happen is when you have 2 internal hosts talking to the same external host using the same internal ports. Now your are talking PAT and not NAT.
|
Exactly. The NAT modules will also do port translation automatically if necessary to disambiguate the connection.
|
|
|
All times are GMT -5. The time now is 12:47 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|