How incoming traffic pass through a port with no port forwarding in home router

Question

Analyzing the incoming/outgoing traffic of my telegram bot hosted on a raspberry pi inside my home network, I had got a trivial doubt.

09:38:13.299379 IP 149.154.167.220.443 > 192.168.1.16.43576: Flags [P.], seq 7171:7954, ack 1798, win 33, options [nop,nop,TS val 1583794963 ecr 1448315541], length 783
09:38:13.303060 IP 192.168.1.16.43576 > 149.154.167.220.443: Flags [P.], seq 1798:2120, ack 7954, win 501, options [nop,nop,TS val 1448318515 ecr 1583794963], length 322
09:38:13.303718 IP 192.168.1.16.43576 > 149.154.167.220.443: Flags [P.], seq 2120:2198, ack 7954, win 501, options [nop,nop,TS val 1448318516 ecr 1583794963], length 78
09:38:13.319200 IP 192.168.1.16.43564 > 149.154.167.220.443: Flags [P.], seq 3271:3595, ack 4613, win 501, options [nop,nop,TS val 1448318532 ecr 1712535163], length 324
09:38:13.319403 IP 192.168.1.16.43564 > 149.154.167.220.443: Flags [P.], seq 3595:4362, ack 4613, win 501, options [nop,nop,TS val 1448318532 ecr 1712535163], length 767
09:38:13.350168 IP 149.154.167.220.443 > 192.168.1.16.43576: Flags [.], ack 2198, win 34, options [nop,nop,TS val 1583794976 ecr 1448318515], length 0
09:38:13.357032 IP 149.154.167.220.443 > 192.168.1.16.43564: Flags [.], ack 4362, win 47, options [nop,nop,TS val 1712541039 ecr 1448318532], length 0
09:38:13.400400 IP 149.154.167.220.443 > 192.168.1.16.43564: Flags [.], seq 4613:5841, ack 4362, win 47, options [nop,nop,TS val 1712541049 ecr 1448318532], length 1228
09:38:13.400434 IP 192.168.1.16.43564 > 149.154.167.220.443: Flags [.], ack 5841, win 501, options [nop,nop,TS val 1448318613 ecr 1712541049], length 0
09:38:13.400843 IP 149.154.167.220.443 > 192.168.1.16.43564: Flags [P.], seq 5841:6151, ack 4362, win 47, options [nop,nop,TS val 1712541049 ecr 1448318532], length 310
09:38:13.400865 IP 192.168.1.16.43564 > 149.154.167.220.443: Flags [.], ack 6151, win 501, options [nop,nop,TS val 1448318613 ecr 1712541049], length 0

The snippet above describes the traffic between the Telegram server and my home-hosted BOT. Outgoing traffic passes through the 443 port but I don't understand how the incoming traffic can pass through port 43357 without any port forwarding on my home router.

Answer 1

A TCP connection has 2 ports and 2 IP addresses, one source set and one destination set.

You can see that port 443 and 43357 are there for every packet. In the case of PNAT the client opens a connection to the server, the router does NAT and tracks the original source and destination, (it might also change the source port). When the response comes back the tracking knows that this packet is related to the connection from "inside" and as such it knows where to send the packet (perhaps changing the destination port, if the source port was modified in the outgoing packet)