How do IP answer packets reach their destination inside of a private LAN? [duplicate]

This is a little theory question that has been confusing me for a pretty long time.

Basically, if we are inside of a private LAN, and we want incoming packets to reach, for example, an HTTP server located on one of the machines, we forward ports so that incoming packets reach exactly that computer.

Now, I'm quite confused as to how 'response' packets reach their destination inside of a LAN, like, when we open a web page or so. Can't really find any useful information on that topic.

I hope someone can give me a couple of clues or link me to some information that might explain it. Thanks.

EDIT: I think I should clarify. An example of what I'm asking would be something like this:
1. A computer inside of a LAN with a single external IP tries to load a web-page from a web-server outside of this LAN (Basically on the Internet)
2. The web-server responds and sends the web-page back to that computer.

What quite confuses me at this point is, how does the router know what computer to send the incoming data (given the router is connected to a LAN with multiple computers) without previous port forwarding.


Even though the question has been fully covered. I feel like this process should best be described step-by-step.

For this example, I sit in a private LAN connected to the Internet through a router. Because our network shares a single public IP address, we use NAT.

So when I request the page superuser.com that will generate many IP packets. Let's look at a single one.

IP Packet
Source: 192.168.1.12 (my IP)
Destination: 64.34.119.12 (superuser.com)

Now, my system is most likely set up similar to the one in question. I have my own IP address (192.168.1.12), a subnet mask (255.255.255.0) and a default gateway (192.168.1.1). Now, because my Destination field in my IP packet points to a network different than my own, it is sent to my default gateway (rather than to the computer directly).

But how can the packet get to the default gateway, if the Destination points somewhere completely else?

Ethernet

That's easy, because we use the addressing of the Ethernet protocol for that. We just set our destination IP address in the IP packet and the MAC address of our default gateway as the destination in the Ethernet Frame.

Now that will make sure our default gateway gets the packet for superuser.com. Yay!

Now the gateway has our packet and could send it right on its path. But to make sure it will get the answer, it first need to replace the packet Source address (otherwise superuser.com would try to send the answer to some (possibly) non-existent device with my IP address on their network. Now that wouldn't be very nice.)
So my router will place its public IP address in the Source field:

IP Packet
Source: 92.69.127.243 (my public IP)
Destination: 64.34.119.12 (superuser.com)

Now that same game goes on and on with all the routers on the world until the packet finally arrives at superuser.com and an answer is generated.

The Answer

Answer IP Packet
Source: 64.34.119.12 (superuser.com)
Destination: 92.69.127.243 (my public IP)

Ok, the answer got to my router, now what? How does my router now know to send the answer to 192.168.1.12?

TCP

Well, that actually works because we have only looked at the IP and Ethernet parts of the communication. What makes this work is the TCP part.

You most likely know that web servers usually run on port 80. IP has no notion of ports. That comes from TCP. In TCP we have (like in IP) a source and destination port.

My TCP Packet to superuser.com
Source: 192.168.1.12 (my IP)
Source Port: 11111 (the port my computer made up)
Destination: 64.34.119.12 (superuser.com)
Destination Port: 80

When your router sends that initial packet (that's addressed to superuser.com on port 80), he will put a new source port in there (like 12345).
And this is the important part! He will remember that replacement!

My router's TCP Packet to superuser.com
Source: 92.69.127.243 (my public IP)
Source Port: 12345 (the port my router made up)
Destination: 64.34.119.12 (superuser.com)
Destination Port: 80

So the answer packet received by the router actually looks like this:
Answer TCP Packet from superuser.com
Source: 64.34.119.12 (superuser.com)
Source Port: 80
Destination: 92.69.127.243 (my public IP)
Destination Port: 12345 (the port my router made up)

So now he gets that packet and sees that it is for a port it previously remembered was assigned to NAT operations for IP address 192.168.1.12 (my IP address).

Answer TCP Packet from my router
Source: 64.34.119.12 (superuser.com)
Source Port: 80
Destination: 192.168.1.12 (my IP)
Destination Port: 11111 (the port my computer made up)


Network Address Translation. Briefly, when the private LAN's gateway router replaces the private LAN source address with its own public address, it modifies the packet in some way such as assigning a unique and otherwise locally meaningless port number which it maps back to the originating LAN node and outgoing request. It remembers this port mapping so when a reply comes back to the public IP/unique port #, it (the router) knows how to unmap that back to the one of its originating node. This is also how you can run multiple tabs, browsers or browser-instances and the replies to each browser request come back to the correct browser and tab.