Skip to main content
Super User

Return to Answer

added 10 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.3k
  • 66
  • 977
  • 1.1k

I think I get it: there are several layers of "internal networks" between the public IP address (24.253.65.208) and my modem.

No, there shouldn't be. In the usual case, your home router is directly bordering your home LAN and the ISP's network – and the modem doesn't get involved in IP at all, it just transforms the lower layer signals.

Though what gets called "the modem" is often a modem and a home router in one unit, in which case it could indeed create an additional layer of routing and NAT – it's entirely possible to chain several layers of NAT devices, not that you should, but it can happen.

In that situation, the outermost home router (e.g. the one built into the modem) would get assigned the public IP address.

Is it correct, then, that each of these layers of "internal networks" implement a NAT (as in John's comment) so that inbound packets from the layer closer to the public get routed to the layer closer to my modem?

No, typically there's just one such layer (unless you chain several home routers and they're all configured to think each of them is connected directly to an ISP).

There are indeed many networks and many routers that a packet goes through, but as a general rule, routers do not translate IP addresses – they only forward packets. Your home router doing NAT is an exception, not the default.

I think I get it: there are several layers of "internal networks" between the public IP address (24.253.65.208) and my modem.

No, there shouldn't be. In the usual case, your home router is directly bordering your home LAN and the ISP's network – and the modem doesn't get involved in IP at all, it just transforms the lower layer signals.

Though what gets called "the modem" is often a modem and a home router in one unit, in which case it could indeed create an additional layer of routing and NAT – it's entirely possible to chain several layers of NAT devices, not that you should, but it can happen.

In that situation, the outermost home router (e.g. the one built into the modem) would get assigned the public IP address.

Is it correct, then, that each of these layers of "internal networks" implement a NAT (as in John's comment) so that inbound packets from the layer closer to the public get routed to the layer closer to my modem?

No, typically there's just one such layer (unless you chain several home routers and they're all configured to think each of them is connected directly to an ISP).

There are indeed many networks and many routers that a packet goes through, but as a general rule, routers do not translate IP addresses – they only forward packets. Your home router doing NAT is an exception, not the default.

added 10 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.3k
  • 66
  • 977
  • 1.1k

Address translation isn't a built-in part of routing though, but is done as a separate feature (and can be enabled/disabled separately from routing). As many home routers run a variant of Linux inside, the NAT functionality is commonly just implemented through standard Linux iptables – you can find various examples of iptables SNAT and MASQUERADE rules online. You can imagine that the router has something like this:

Address translation isn't a built-in part of routing though, but is done as a separate feature (and can be enabled/disabled separately from routing). As many home routers run a variant of Linux inside, the NAT functionality is commonly just implemented through iptables – you can find various examples of iptables SNAT and MASQUERADE rules online. You can imagine that the router has something like this:

Address translation isn't a built-in part of routing though, but is done as a separate feature (and can be enabled/disabled separately from routing). As many home routers run a variant of Linux inside, the NAT functionality is commonly implemented through standard Linux iptables – you can find various examples of iptables SNAT and MASQUERADE rules online. You can imagine that the router has something like this:

added 384 characters in body
Source Link
grawity_u1686
grawity_u1686
  • 465.3k
  • 66
  • 977
  • 1.1k

If you ran ifconfig or ip addr on the router itself, it would probably look something like this (I made it up and the interfaces are probably not called "wan0" and "lan0", but you get the idea):

wan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 24.253.65.208  netmask 255.255.255.0  broadcast 24.253.65.255

lan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255

Address translation isn't a built-in part of routing though, but is done as a separate feature (and can be enabled/disabled separately from routing). As many home routers run a variant of Linux inside, the NAT functionality is commonly just implemented through iptables – you can find various examples of iptables SNAT and MASQUERADE rules online. You can imagine that the router has something like this:

iptables -t nat -A POSTROUTING -i lan0 -o wan0 -j MASQUERADE

But note that recently, with some ISPs running out of IP addresses even more and implementing CGNAT ("carrier-grade" NAT) as a result, the translation to a public address may be done by a router (or a dedicated NAT appliance) at the ISP instead. More precisely, with CGNAT ISPs there are two layers of translation – your router still has NAT as before, masquerading your entire LAN as a single IP address, but it's not the public address anymore; the ISP adds a second translation layer which provides the public address. It's a bit ugly.

On the opposite side though, many ISPs are now deploying IPv6 to customers – you don't have it yet (not seen in the ifconfig output, at least), but if you did have IPv6, then you would indeed find your computer's own public IP address directly on its "wlan0" interface, and the router would be just that, a router that forwards packets without doing any kind of address translation. (That is, it'd still do NAT for IPv4, but not anymore for IPv6.)

If you ran ifconfig or ip addr on the router itself, it would probably look something like this (I made it up but you get the idea):

wan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 24.253.65.208  netmask 255.255.255.0  broadcast 24.253.65.255

lan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255

But note that recently, with some ISPs running out of IP addresses even more and implementing CGNAT ("carrier-grade" NAT) as a result, the translation to a public address may be done by a router (or a dedicated NAT appliance) at the ISP instead. More precisely, with CGNAT ISPs there are two layers of translation – your router still has NAT as before, masquerading your entire LAN as a single IP address, but it's not the public address anymore; the ISP adds a second translation layer which provides the public address. It's a bit ugly.

If you ran ifconfig or ip addr on the router itself, it would probably look something like this (I made it up and the interfaces are probably not called "wan0" and "lan0", but you get the idea):

wan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 24.253.65.208  netmask 255.255.255.0  broadcast 24.253.65.255

lan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.1  netmask 255.255.255.0  broadcast 10.0.0.255

Address translation isn't a built-in part of routing though, but is done as a separate feature (and can be enabled/disabled separately from routing). As many home routers run a variant of Linux inside, the NAT functionality is commonly just implemented through iptables – you can find various examples of iptables SNAT and MASQUERADE rules online. You can imagine that the router has something like this:

iptables -t nat -A POSTROUTING -i lan0 -o wan0 -j MASQUERADE

But note that recently, with some ISPs running out of IP addresses even more and implementing CGNAT ("carrier-grade" NAT) as a result, the translation to a public address may be done by a router (or a dedicated NAT appliance) at the ISP instead. More precisely, with CGNAT ISPs there are two layers of translation – your router still has NAT as before, masquerading your entire LAN as a single IP address, but it's not the public address anymore; the ISP adds a second translation layer which provides the public address. It's a bit ugly.

On the opposite side though, many ISPs are now deploying IPv6 to customers – you don't have it yet (not seen in the ifconfig output, at least), but if you did have IPv6, then you would indeed find your computer's own public IP address directly on its "wlan0" interface, and the router would be just that, a router that forwards packets without doing any kind of address translation. (That is, it'd still do NAT for IPv4, but not anymore for IPv6.)

Source Link
grawity_u1686
grawity_u1686
  • 465.3k
  • 66
  • 977
  • 1.1k