Internet Video Series, Part 1


Episode 12, Segment 08 of 11

In our "Simple Routers for Small Networks Part 1: Client Firewalls", movie, you saw how a small router could serve as a hardware - "firewall" - for a single, protected personal computer, assigning it a - "private" - IP address and automatically translating its Internet messages to preserve the confidentiality of that address.

We showed how that single PC could simultaneously run two browser processes. The NAT router automatically learned about those two processes and launched two corresponding processes of its own to relay and translate the traffic.

Here's an illustration of that same NAT router, using the same mechanism, to support those same two browser processes in - TWO - separate PCs.

Let's assume that the PC facing us is running a browser process that has been assigned TCP process number 2020 (as in the previous movie). Let's then assume that another browser process, which just happens to be assigned TCP process number 2021 is running on the other PC.

Both of these PCs have - "private" - IP addresses that were issued by the NAT router when it was installed, and the NAT router will make sure that those addresses are always hidden from Internet traffic. There could be more than just 2 PCs addressed in this way, and all of those - "private" - IP addresses will always begin with 192.168.0 dot - "something" - in this example. (From now on during this movie, when we want to refer to one of these private IP addresses, we'll generally use only the last digit, so we'll say that the PC facing us has local IP address 2 and the other one has local IP address 3, etc).

Let's further assume that the Internet Service Provider ( ISP ) has assigned just one single IP address to this household or small business. The ISP thinks we have only one PC and that it can simultaneously execute a maximum of - "only" - "65,535" TCP processes and 65,535 UDP processes.

By responding to that IP address for all incoming packets, and by translating the IP addresses of all outgoing addresses to that IP address, the NAT router deceives the ISP into thinking that - it - is the only PC at this location. Even though that router doesn't have as much computing power as the array of PCs it is protecting, it doesn't need to be very smart because it is set up astride the network path, as a kind of a - "middleman" - in all of these conversations, and so for each of these message exchanges, it always learns exactly what to say from the PC processes for which it acts as a kind of a - "proxy" - or - "agent"). It doesn't need to - understand - the messages: it just re-addresses and relays them. It simply discards any incoming messages addressed to local PC processes about which it has no information.

Episode 12, Segment 09 of 11