How does the final next-hop router forward a frame to the destination device if the public IP address is that of its router

Question

We know that all device’s connected to the same local network will have the same public IP address as each other, which belongs to their local router.

So, since the IP packet’s destination address is the public IP address of the destination device (e.g., a DNS resolver or web server), how does the final next-hop router know the device to forward it to since the destination device’s public IP address really belongs to its router?

Let’s consider a simple example of a computer sending a DNS query packet to a DNS resolver to better illustrate this. Let’s not consider a local DNS server to make things more straightforward. I may have gotten a few things incorrect, so please correct if I did.

Suppose there’s a computer connected to its local router’s network wirelessly and two additional routers outside the local network are used as next-hop routers. The second next-hop router is the router of the DNS resolver. The web browser constructs a DNS query packet intended for the ISP’s DNS resolver.

Before the computer sends the query to its local router, the IP packet and Wi-Fi frame look like this:

IP Packet:

Source Address: The private IP address of the client device (the computer).

Destination Address: The public IP address of the destination device (the DNS resolver).

Wi-Fi Frame:

Source Address: The MAC address of the client device.

Destination Address: The MAC address of the local router’s Wi-Fi interface.

Upon receiving the frame, the local router does what it typically does (decapsulates the frame, inspects the destination address, performs NAT on the source address, consults its routing table, performs ARP, and re-encapsulates the IP packet with a new frame). The router then sends the frame to the next-hop router.

Before the local router sends the query to the next-hop router, the IP packet and Wi-Fi frame look like this:

IP Packet:

Source Address: The public IP address of the local router (the result of NAT).

Destination Address: The public IP address of the destination device.

Wi-Fi Frame:

Source Address: The MAC address of the local router’s Wi-Fi interface.

Destination Address: The MAC address of the next-hop router’s Wi-Fi interface.

The first next-hop router receives the query and repeats the same steps, except NAT.

Before the next-hop router sends the query to the second next-hop router, the IP packet and Wi-Fi frame look like this:

IP Packet:

Source Address: The public IP address of the local router.

Destination Address: The public IP address of the destination device.

Wi-Fi Frame:

Source Address: The MAC address of the first next-hop router’s Wi-Fi interface.

Destination Address: The MAC address of the second next-hop router’s Wi-Fi interface.

The second next-hop router receives the query (which is the router of the ISP’s DNS resolver). It decapsulates the frame, inspects the IP packet’s destination address, which is its own. So, how does it know which device on its network to forward the query to?

Answer 1

how does it know which device on its network to forward the query to?

Without explicit, additional setup it doesn't.

Forwarding a packet with a public IPv4 destination to a server with a private address requires some form of translation. Commonly, destination NAT aka reverse NAT aka port forwarding is used with transport-layer protocols . The router translates the destination publicIP:publicport tuple to a privateIP:privateport one, and then forwards the packet. The return traffic must also run through the same router so it can reverse the translation (on the source IP:port that time).

Alternatively, the connecting device between public and private address space is a reverse proxy, forwarding data based on application-layer data (e.g. HTTP) - off topic here.