How does a IP packet from a remote server "find" a home computer behind a NAT firewall?
Solution 1:
The IP address is not the only thing that the remote server sees. It also sees a port. The port is a 16-bit integer.
Think of a computer as an apartment building. The IP is like the street address. The port identifies which apartment. Thus, a browser, a mail client, and so on, all run on the one IP belonging to the computer but each is given, by the OS, one or more unique ports to use.
When a local computer sends a packet to a remote server, the packet is sent from a port on the local computer to a port on the remote server. The firewall receives that packet and sends it on to the remote server but it does so only after changing the from IP address to local network's public IP and also likely changing the from port to some other port of the firewall's choosing.
When the public server responds, it sends a packet back to the the public IP and the port number that it was given. The firewall receives that packet and sends it on to whichever computer initiated the connection on that port.
If the firewall receives a packet directed to a port that no local computer was using, it is the firewall's job to keep that packet out of the local network. It can silently drop it or it can noisily send a reject message back to the source.
Some common port numbers
When your browser sends a request to some remote server, that request very likely goes to the remote server's port 80.
- 22 = ssh
- 25 = smtp (mail)
- 53 = DNS (domain name server)
- 80 = http
- 194 = IRC
- 220 = IMAP
- 993 = POP (mail)
Typically, low number ports, up to 1024, are reserved for use by the operating system. High numbered ports, maybe 32000 to 65535, are used by user applications, like browsers.