This question deals with IP addressing and home internet routers.
When a home internet router is used in conjunction with a DSL or cable
modem, multiple computers can access the internet via the single IP
address assigned to the modem by the ISP.  This IP address for example
might be 24.85.46.125.  This means that all the computers on this
local network (behind the home router) access the internet and are
seen by other computers on the internet by the IP address
24.85.46.125.  Locally, each computer on the home network is usually
assigned an IP address such as 192.168.1.x and the router's local
address would be 192.168.1.1.  These IP addresses which begin with 
192.168 are unique within the home network but aren't unique between
different networks (i.e. a different home).

What I don't understand is how a computer on the internet (a
web-server, for example) can route a data packet to a specific
computer within a home network.  The server can't simply route the
packet to 192.168.1.2 because this IP address isn't unique and is used
in many homes.  It would have to specifically route the packet to
24.85.46.125.  But, upon receiving this packet, how does the home
router know which computer to send this packet to?  The only
explanation that makes sense to me would be that the packet would have
to contain both IP addresses, but to my knowledge they only can have
one destination IP address.  MAC addresses may play a role in the
process, but I'm not quite sure how.

I would appreciate any kind of insight that you may be able to offer me.

brad84-ga:

Please allow me to try to Answer your Question.

The 'secret' behind this puzzle is a technique called Network Address
Translation (NAT). For most home networking users, 'NAT' is simply one
of many acronyms that appear on the box that their cable/DSL router
comes in, but it is actually the most important one. Without NAT,
there would be no way that two computers on the home network can share
the single IP address assigned by an Internet Service Provider to the
cable/DSL router.

You can learn everything (and more than everything) that you would
ever want to know about NAT from the following tutorial at the 'How
Stuff Works' website:

How Network Address Translation Works
http://computer.howstuffworks.com/nat.htm

This excellent (although sometimes overly-technical) article written
by a Cisco systems engineer describes the complete concept called NAT;
the part you are interested in, is the idea of 'overloading', first
found on the second page:

-----
http://computer.howstuffworks.com/nat1.htm

"Overloading - A form of dynamic NAT that maps multiple unregistered
IP addresses to a single registered IP address by using different
ports. This is known also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT."

-----

In short, every packet that is transmitted contains in its header both
the IP address and the TCP/UDP port for both the source device and the
destination device. The secret in NAT overloading is that the
cable/DSL router maintains a table of all active communications
between computers on the 'inside', and computers on the 'outside'. The
router not only substitutes the external IP address for the internal
IP address in each packet that passes through it, but also associates
a unique TCP/UDP port with traffic that is intended for a specific
computer on the inside, so that it knows which computer to send
returning packets to. This is described in more detail on page 3 of
the article:

http://computer.howstuffworks.com/nat2.htm
(see the section that begins "Here's how overloading works...")

In particular, check out the example table about halfway down the page.

This also sheds some light on why certain applications, such as
instant messenger programs, video-conferencing, and streaming content,
sometimes do not work on some cable/DSL routers. Some online
applications expect to only work with certain ports on the destination
machine. Well, when both ends of an exchange happen to be behind NAT
routers (for example, a video conference session using web-cams and
peer-to-peer software), the routers need to be configured to use and
expect packets on specific external ports, and to route that traffic
to the appropriate machine on the inside using those same specific
ports, or else the applications will not work. Most routers allow the
user to configure 'port forwarding' in order to do this. With port
forwarding, you can specify, ahead of time, that any traffic received
on, say, port 80, will be forwarded to a specific IP address (and
optionally, a TCP/UDP port) on your home network, so that the right
machine handles the request.

Many current-generation routers actually have 'typical' port
forwarding profiles preloaded for the most common applications, so
that they work without the user needing to do much configuration at
all. You can also configure a specific machine as being in the
'demilitarized zone' (DMZ), so that all traffic from the outside, that
is not already expected as returning packets for other machines on the
home network, will be directed to the DMZ machine for handling rather
than simply being discarded.

Yet another enhancement, Universal Plug 'n' Play (UPnP), allows
applications to intelligently request that the router predefine
certain port mappings to allow traffic through to the machine running
the application. You can read a bit more about this technology here:

http://www.upnp.org/about/default.asp#technology


So, to summarize, the specific answer to your question is that the
router uses NAT overloading and port assignments to differentiate
between traffic meant for different computers on the local network.
MAC addresses are only involved on the LAN side of things as part of
the authentication and authorization steps used in first assigning the
private IP address to the inside machine.

I hope that this helps!

Regards,

aht-ga
Google Answers Researcher


==========================
Additional Links

PF: Network Address Translation (NAT)
http://www.openbsd.org/faq/pf/nat.html

Network Address Translation
http://www.enterasys.com/products/whitepapers/ssr/network-trans/


==========================
Search Strategy

://www.google.com/search?q=%2bhow+network+address+translation+works

://www.google.com/search?q=UPnP+routing

This answer was exactly what I was looking for.  I'm very impressed
with the format the answer was in and how  the researcher understood
my question exactly.

Routing is the process of deciding the disposition of each packet that
a router handles. This applies to incoming packets, outbound packets
leaving your network for external destinations, and those packets
being routed among your internal networks.

There can be only two dispositions: forward or discard. The routing
mechanism decides between these two using the destination IP address
in the packet header. This decision process is governed by a data
structure called the routing table.

Routers are one of several types of devices that make up the
"plumbing" of a computer network. Hubs, switches and routers all take
signals from computers or networks and pass them along to other
computers and networks, but a router is the only one of these devices
that examines each bundle of data as it passes and makes a decision
about exactly where it should go. To make these decisions, routers
must first know about two kinds of information: addresses and network
structure.

When a friend mails a birthday card to be delivered to you at your
house, they probably use an address that looks something like this:


Joe Smith
123 Maple Street
Smalltown, FL 45678

The address has several pieces, each of which helps the people in the
postal service move the letter along to your house. The ZIP code can
speed the process up, but even without the ZIP code, the card will get
to your house, as long as your friend includes your state, city and
street address. You can think of this address as a logical address
because it describes a way someone can get a message to you. This
logical address is connected to a physical address that you generally
only see when you're buying or selling a piece of property. The survey
plat of the land and house, with latitude, longitude or section
bearings, gives the legal description, or address, of the property.

Every piece of equipment that connects to a network, whether an office
network or the Internet, has a physical address. This is an address
that's unique to the piece of equipment that's actually attached to
the network cable. For example, if your desktop computer has a network
interface card (NIC) in it, the NIC has a physical address permanently
stored in a special memory location. This physical address, which is
also called the MAC address (for Media Access Control) has two parts,
each 3 bytes long. The first 3 bytes identify the company that made
the NIC. The second 3 bytes are the serial number of the NIC itself.

The interesting thing is that your computer can have several logical
addresses at the same time. Of course, you're used to having several
"logical addresses" bring messages to one physical address. You
mailing address, telephone number (or numbers) and home e-mail address
all work to bring messages to you when you're in your house. They are
simply used for different types of messages -- different networks, so
to speak.

Logical addresses for computer networks work in exactly the same way.
You may be using the addressing schemes, or protocols, from several
different types of networks simultaneously. If you're connected to the
Internet (and if you're reading this, you probably are), then you have
an address that's part of the TCP/IP network protocol. If you also
have a small network set up to exchange files between several family
computers, then you may also be using the Microsoft NetBEUI protocol.
If you connect to your company's network from home, then your computer
may have an address that follows Novell's IPX/SPX protocol. All of
these can coexist on your computer. Since the driver software that
allows your computer to communicate with each network uses resources
like memory and CPU time, you don't want to load protocols you won't
need, but there's no problem with having all the protocols your work
requires running at the same time.

Hope this helps you out a bit

I've read that already and it doesn't really clarify my question.