To understand routing, first you should have an understanding of the OSI model and you should also have an understanding of CIDR.

This is going to be fairly basic:

When a packet leaves a computer on a standard home network, the computer knows it is a private network and understands that the final destination is outside the network because of CIDR, and so sends the packet to the default gateway. The default gateway looks at the IP and sends it up the chain of routers until it reaches the target network (based on IP information in the packet header), that gateway will then forward it to the right IP on the network (sometimes this is based on the port in the packet details, sometimes just the IP, depending on the far end server/network). When the requested information is sent back, your router knows which computer it goes to because of a port that was chosen to mark the session and it knows which private IP that session belongs to. There is a whole lot more to it, but this is a fairly high level explanation to get the concept of routing. I'm sure others will correct me or add upon this.

What it comes down to for the answer for your question, yes, it is possible, you only need to know the public IP at the end point and the port that the connection needs to be made on. The router will be responsible for knowing which computer to forward that port onto to reach the server on the private network (based on NAT rules).

Here is a basic overview of routing.

Basically, the first thing to realize is that there are various levels of routers, and routing.

The first bit of routing is really done by your PC, and its routing table. Part of the routing table includes a destination of 0.0.0.0, which is a catch all for anything it does not know how to specifically route itself, so it sends that traffic to the default gateway. The routing table keeps track of the local networks it is connected to, and for anything it does not know about, it uses that default gateway.

Next is your home router and cable modem. Both are similar in nature in that they are VERY basic. They really only know about the networks that are on either side of them. They also use routing tables, which are pretty simple, and also have a similar catch all route for anything they do not know about, so they can pass the traffic on.

Once the traffic gets to your ISP and beyond, you get into very complex routers, which have many interfaces to allow for multiple routes, and have VERY complex routing tables. These routers can cost $500,000 and up. They mostly use the BGP (Border Gateway Protocol) to keep their routing tables up-to-date dynamically, so they can find the shortest route, and if a particular router along that route goes down, they can re-route the traffic. They talk to other routers regularly to find out what paths are open, and update their routing tables based on that.

http://en.wikipedia.org/wiki/Border_Gateway_Protocol#Basic_update_processing

As far as how the traffic finds its way back, when you send out a data packet, there is a header that keeps track of where it came from, and where it is going to.

I am not sure what you were asking at the end.

I am trying to answer this old question in the hope of helping someone looking for something like this. Also, please let me know if I made any mistakes.

For the information to flow from your computer to a web server on the Internet there are a lot of different component, devices and algorithms in play but we will focus on the networking algorithms that make this possible.

I believe that there are mainly 2 Internet technologies that play the biggest role in making the flow of information between your computer and an Internet web server possible. The routing protocol and NAT.

We will focus on the IP packet as it is the unit of data the routing protocol and NAT work on.

1. When the IP packet sent from your browser to the Internet server reaches the home router, it is inspected and it has its source IP changed from the Local LAN IP of the original sender to that of the home router’s public IP and then routed to the destination IP. This translation is recorded in the connections table. This is NAT’s job.
2. If the destination is part of the network of the router’s public IP then it is sent to that IP else it will be evaluated against the routing table for a match. If the router can’t find one it forwards the packet to its own default gateway. This process continues until eventually a router finds a match. This where the routing protocol comes into play.
3. If no route was found, an ICMP Destination Unreachable-Host Unreachable message is sent to the source host.
4. Once the final host is found it accepts the IP packets which it decapsulates, processes the request contained within and then sends back a response. The response will have in its destination IP the IP of the source router.
5. The response will follow the same process followed by the request until it reaches the originator. Note that when packets take a certain route to their destination they DO NOT necessarily have to take the same route back.
6. Once it reaches the destination Internet IP then the router matches incoming traffic against its connection table, perform reverse translation and then forwards the packets to the appropriate machine.

This is how the IP packets flow from the browser to the target web server.

• There are 4 connections because I think page I opened used 4 different requests to build the page.
• The client initiating the connection can use whatever source port is available. This port will be reserved as temporarily in use until both machines agree on closing the connection. The IANA suggests to use the range 49152 to 65535 for these so-called ’ephemeral ports’. Web servers generally run on port 80, the default port for HTTP traffic, so clients would send their requests to view a web page to that port.
• In the home router swimlane is as snapshot of the connection table of the router.
• In the SuperUser server swimlane is snapshot of the connections established with the server.

The connection table ensures uniqueness by mainly using the combination of source IP, source port, destination IP, and destination port. Obviously the most important factor to determine uniqueness is the source port so in case a different internal host tries to use an existing source port then the router changes that port and notes that change in the connections table

This should answer all your questions except this one, Is it possible to establish a connection to a pc controlled by a router, from outside that router I.e. can you direct a packet to a pc not directly connected to the Internet?

If you know the NAT port used on the router for a specific Internet IP and you are able to spoof the IP packets and send it to the router while the router has his NAT port open then theoretically it should be possible but I am sure that most of the routers use more parameters to identify the uniqueness and authenticity of IP packets.

I used the following references to construct my answer:

• How does a router keep track of multiple computers on its network connecting to the same IP?
• How IP Routing Works