One more important rule we missed for establishing network connectivity is the communication between private and public IPs.
Before that let's see what is Public IP and Private IP.
Every networking device has its unique Private IP to identify each device and for connecting to the internet, every device needs a Public IP address. A private IP is already assigned to your device when you buy it, but if you want to browse the internet, you will need a public IP, which you have to pay for to your Internet Service Provider (ISP).
Rule:
Now the RULE is: Private IP can only communicate with Private IP, and Public IP can only communicate with Public IP. NO CROSSOVER IS ALLOWED.
So, here the question arises, how are we able to connect to the internet, i.e., the public network, from a private IP ?
The answer is Network Address Translation (NAT). It acts like a translator between private and public IP addresses and is typically performed on a device at the border between a private network and a public network. This border device is most commonly a router or a firewall.
Let's see how a router performs NAT with a workflow diagram:
We will see here how network packets (formatted units of data that travel across a network) carry data from the source (your device) to the destination (server, e.g., google.com) and bring response data back to your device.
In the above illustration, there are two devices or servers or instances connected inside the LAN (A = 192.168.1.6 and B = 192.168.1.8) that want to connect to the internet.
Let's breakdown the process:
Device Makes a Request: A device on your private network, say A, sends a request to access a website (google.com) on the internet.
Private IP Used Initially: The request includes the private IP address of A i.e., 192.168.1.6 in this case.
Router Receives with Private IP: The router has both a private and a public IP. In this case, the private IP is 192.168.29.235 and the public IP is 49.47.152.201. The router receives the request with device A's private IP address as the source. ( A -> NP1 )
Translation to Public IP: The router performs NAT (Network Address Translation). It translates the private IP address of device A, i.e., 192.168.1.6, to its own public IP address assigned by the ISP, i.e., 49.47.152.201. ( ROUTER )
This is called SNAT.
Request Sent to Internet: The router then forwards the request, now with the public IP address, out to google.com in this case. ( NP2 -> 8.8.8.8 )
Website Responds: The website responds to the request and sends data back to the public IP address of the router. ( 8.8.8.8 -> NP3)
Translation Back to Private IP: The router recognizes that the incoming data is meant for device A based on the original request. It translates the public IP address back to the private IP address of the device. ( ROUTER )
This is called DNAT.
Response Delivered: The router delivers the data (website response) to device A within your private network using its private IP address. ( NP4 -> A )
This is how a device connects to the internet behind the scenes.
Let's simplify this a bit more with an analogy:
Your house is the private network.
Your devices (phones, laptops) have unique room numbers (private IP addresses).
The router is the mailroom, with its own address within the house (private IP).
The router also has a mailbox on the street (public IP address) assigned by the mail carrier (ISP).
When you order something online (device makes a request), the package is addressed to your house (private network) with your name (device's private IP).
The mailroom (router) receives the package, translates the address to its mailbox address (public IP), sends it out to the street (internet), and upon receiving it back, uses your name (device's private IP) to deliver it to you inside the house (private network).