routers, ips, and such . . .
drowd
Texas
ok, so i have some questions about just how exactly a router werks. i have asked a couple different folks, and everytime i get either variations in their responses or a few scratching heads. so the setup we have is a router that is given an ip address by the outside world. there is one computer outside of the router and two hooked up inside the router. so i got two different scenarios that dont make sense to me.
i run an ftp server constantly on my main computer. so i got to wondering what would happen if i ran an identical ftp server on the second computer within the router. all the info would be set up the same, from port numbers to id's. which ftp would it connect to? the user on the outside is only supplying 4 peices of information. the ip sends it to the router, but if the user/pass and port are all the same, how does it know?
so at first i thought this could be explained in this manner: all of the ports within the router are shared by other computers. in some fashion or another, certain ports were assigned to certain ip address on the inside. so if port 8080 was assigned to ip/pc 1, then no information would be recieved on port 8080 to ip/pc 2. but i did some more checking, and i am signed onto aim on two different accounts on both of these computers. so i checked the aim config of each, and it said it was using 5190, and then i verified with netstat, and sure enough, both computers were using 5190.
so, maybe if someone could clear all this up, that would be fabulous. i would really like to get a better understanding of this kind of stuff . . .
i run an ftp server constantly on my main computer. so i got to wondering what would happen if i ran an identical ftp server on the second computer within the router. all the info would be set up the same, from port numbers to id's. which ftp would it connect to? the user on the outside is only supplying 4 peices of information. the ip sends it to the router, but if the user/pass and port are all the same, how does it know?
so at first i thought this could be explained in this manner: all of the ports within the router are shared by other computers. in some fashion or another, certain ports were assigned to certain ip address on the inside. so if port 8080 was assigned to ip/pc 1, then no information would be recieved on port 8080 to ip/pc 2. but i did some more checking, and i am signed onto aim on two different accounts on both of these computers. so i checked the aim config of each, and it said it was using 5190, and then i verified with netstat, and sure enough, both computers were using 5190.
so, maybe if someone could clear all this up, that would be fabulous. i would really like to get a better understanding of this kind of stuff . . .
0
Comments
The AIM thing probably works by tagging an extra bit of info on the packets when they come from your machine, which is what the whole idea of NAT is (so it knows which machine requested it, so it knows what machine to send it back to).
NS
Sounds like you have 3 machines in the router with 2 behind the NAT firewall with one in the DMZ or outside the firewall.
Router gets its WAN IP from the modem (cable or DSL). This IP is used as the address for all public traffic.
Each of the three machines is assigned an "in-house" IP by the router as they log in (usually something like (192.168.1.10, then 11, 12, etc...).
Machine 1 at IP ..10 sends a packet to a website. The router grabs the packet, changes the IP address to the public IP and a few bits to show it came from machine 1 and forwards it on to the website. The website responds to the packet, the router grabs the packet and converts it from the public IP back to machine 1's ..10 IP and forwards it. Normally any packets coming in that have not been requested by a machine inside the NAT are dropped. Thus the firewall effect of NAT. This changes however when you do port forwarding. Say you want to run an ftp on machine 2 at IP 192.168.1.12. You tell the router to forward all requests at port 21 to machine 2. So again an internet request comes in on your public IP for ftp port 21. The Router grabs it and sends it to machine 2 at IP ..12 instead of throwing it away as it would have normally.
Now as for machine 3 in the DMZ. It's really not outside the firewall. It really is just that you tell the router to send all not requested traffic to machine 3 instead of dropping it. Kind of like mass port forwarding. Requested traffic would be traffic tagged as coming from machine 1 or 2.
As you probably know NAT stands for Network Address Translation. So a router is effectively translating IP addresses from public to in-house and vice versa and routing them to the appropriate machine in-house. Not much more complex than that.
It simply is scanning the packets to see if they are "tagged" and therefore asked for and if not dropping them giving you some basic firewall protection.
Hope some of this makes sense to someone besides me. Then again I'm not to sure it makes all that much sense to me.
Proto. Local Address . . . . .Foreign Address . . . .State
TCP .. 192.168.0.152:1304 . . 205.188.8.60:5190 . . .ESTABLISHED
TCP .. 192.168.0.152:1305 . . 205.188.1.60:5190 . . .ESTABLISHED
TCP .. 192.168.0.152:1585 . . 205.188.153.12:5190 . ESTABLISHED
That's a netstat -n (I put the dots in so the spaces wouldn't get unformatted). 192.168.0.152 is me. And all of the connections are from different ports on my computer. Outgoing connections as far as I know cannot use the same port twice simultaneously. But each of the AOL servers is running the server process on port 5190. THAT port is a listen port. This means that it's waiting for a computer to initiate a connection (if you want to run a listen port, meaning a server, you have to forward or DMZ). The point though is that many computers can be connected to that host on port 5190; it just forks off processes as more computers connect. It can always remain listening on 5190. So everyone is connected to (these?) 3 servers' port 5190.
As a final example, say the client program actually requested its outgoing port (this is rare and more difficult). So say AIM wanted port 1300 every time, for one of these connections. And then all of your computers used 1300 at the same time. What does the router do? It changes the port. One of you could be 1300, the others would be 1301 1302. These aren't the numbers it would use but just an example. The public ports must be distinct also, but it's no trouble for the router to change the port number. In fact it probably does that by default; when I didn't have a router counter-strike would report my client as port 27005 or 27015 (I forget) but with the router it would report it as [public ip]:2453 or something. But on my computer it was still 192.168.0.152:27005 or whatever it was before.
This stuff is too cool let me know if I need to clarify anything. The other explanations are also good. Public port 21 is only forwarded to 1 local (private) IP so it would know which computer to give the FTP to. If the 2 computers "behind NAT" (the DMZ one is too but not as perceptibly) both hosted FTP servers but not the DMZ, and there was no special rule for forwarding port 21, neither FTP server would be reached.