1

I have a PC in home network that is behind a router running NAT. I wanted to set up an FTP server on the PC, so I forwarded all the ports required, etc, and now it's working. Then I, just out of curiosity, run Wireshark to see what packets run there. I connected to myself using the router WAN IP, and that's what I saw:

that's what I saw

Here's 192.168.1.3 is my PC IP, 95.105.x.x is my router WAN IP, and 192.168.1.1 is the router LAN IP.

I understand why there are 2 copies of both request and reply—I'm running both client and server on the same machine. What I do not understand here is why the 2nd and 3rd packets contain the router LAN IP.

When a person connects to my server I see this:

this

As you can see, packets contain just my PC LAN IP and the person's IP. The same thing is when I connect to some other server.

So why router replies with it's LAN IP in case when I'm connecting to myself?

techraf
  • 4,163
  • 8
  • 27
  • 44
c_spk
  • 21
  • 1
  • 4
  • To make sure I understand exactly what you're asking, are you expecting a different behavior? Did you expect that your computer would be addressing packets to it's own private IP? – lutze Nov 08 '16 at 19:23
  • @lutze, I expect that no packets contain router LAN IP, just my PC local IP and router WAN IP. – c_spk Nov 09 '16 at 03:14
  • This other question is related though it might not answer your question: http://serverfault.com/q/55611/214507 – kasperd Nov 09 '16 at 08:33

1 Answers1

2

The router cannot preserve the source IP address because that would cause the return traffic to be delivered directly across the LAN without going through the NAT. And applying NAT to only one direction of traffic and not the other will break communication.

The source IP needs to be chosen in such a way that the return traffic is sent to the router. That means it could have used any IP address outside of the LAN, and the connectivity would have worked.

One approach to NAT is to use the IP address of the outgoing interface as source IP. In at least one implementation this is known as masquerading. And that would explain what you are seeing. Connections from your LAN to the outside world gets masqueraded as the WAN IP of your router. And connections from your LAN through your port forwarding and back to your LAN gets masqueraded as the LAN IP of your router.

An added benefit of this approach is that the connections won't break in case the WAN IP of your router changes.

kasperd
  • 29,894
  • 16
  • 72
  • 122