Let us imagine a simple home network comprised of an ISP -> router -> host. The host has a listening port 12345 and a listening port 443. For completeness sake port 12345 is used by a P2P application (torrent, used to download/upload legal unix distro) over TCP port and 443 is a webserver.
My router is configured to have NAT enable and UPNP disabled. Also the P2P app has settings and I have a nice checkbox saying "UPNP and NAT-PMP" is disabled.
I can ask the ISP to either put me in the NAT pool (and have a private ip showing up on my WAN router interface) or a dyn public address pool (and have a public ip showing up on my WAN router interface).
If I get a public IP, I must set my router to forward port 12345 to my host's IP. Otherwise people from the internet won't be able to connect to it. Same thing for 443.
But If I get a NAT IP, even without any port forwarded, people from outside are able to connect to port 12345 on my host. But not on 443.
Question is: how does the second scenario (NAT) work? Why does 12345 work but 443 doesn't? How are people able to reach my host? Even if I was the only one using port 12345 on the nat public ip x, how in the world does the ISP know it should forward the packets to my router and in turns my router to the host?
Thanks!
