Project 14: Software Router with NAT

A user-space router that forwards packets between interfaces and performs NAT.

Quick Reference

Attribute	Value
Difficulty	Level 4: Expert
Time Estimate	3-4 weeks
Main Programming Language	C
Alternative Programming Languages	Go, Rust
Coolness Level	Level 4: Hardcore Tech Flex
Business Potential	4. The “Open Core” Infrastructure
Prerequisites	See concepts below
Key Topics	IP Addressing, Subnetting, and Routing (Including NAT), Transport and Ports (TCP and UDP)

---

1. Learning Objectives

1. Build and validate: A user-space router that forwards packets between interfaces and performs NAT..
2. Explain protocol behavior and verify it with a capture or trace.
3. Handle edge cases and produce reproducible results.

2. All Theory Needed (Per-Concept Breakdown)

IP Addressing, Subnetting, and Routing (Including NAT)

Fundamentals IP is the addressing and routing system of the internet. IPv4 uses 32-bit addresses and relies on subnet masks (CIDR) to determine which destinations are local versus remote. Your device sends local traffic directly and remote traffic to the default gateway (your router). Routing is a hop-by-hop decision made by routers using the longest prefix match in the routing table. NAT (Network Address Translation) is common at the edge: it maps many private addresses to a single public address. Subnetting is the tool that partitions a network into smaller segments, which is critical for performance, security, and scaling in home/office environments.

Deep Dive An IP address has two parts: the network prefix and the host identifier. CIDR notation (for example, /24) tells you how many bits belong to the prefix. The prefix defines the boundary of local delivery. If the destination IP shares the same prefix, the host uses ARP to find the destination MAC and sends directly. If not, it sends to the default gateway. This simple rule explains most “why can’t I reach this device” problems. Subnetting is the practice of choosing a prefix length that fits your network size and segmentation goals. Too large a subnet creates unnecessary broadcast traffic and larger failure domains. Too small a subnet causes address shortages or awkward routing rules.

Routing decisions are made by examining the destination IP and finding the most specific (longest) match in the routing table. A default route (0.0.0.0/0) catches everything else. Each router decrements the TTL field, which prevents routing loops from persisting forever. When TTL reaches zero, the router drops the packet and sends an ICMP Time Exceeded message. This is the mechanism that traceroute exploits. In home networks, your router usually has a handful of routes: the local LAN, perhaps a guest LAN, and a default route to your ISP. But in small office networks, you might add static routes to reach a lab subnet, or a VPN route to reach a remote office. Misconfigured routes cause asymmetric paths, which are hard to debug without captures.

NAT adds a stateful translation table at the edge. It replaces private source IPs and ports with a public IP and a chosen source port (often called PAT). When replies come back, the router uses this table to translate them back to the internal host. This is how many devices share one public address. NAT also breaks the original end-to-end model of the internet, which is why inbound connections typically require explicit port forwarding. Understanding NAT is critical for troubleshooting “I can browse the web but cannot host a server” issues, and for understanding why some peer-to-peer applications struggle. NAT is not a firewall, but it has similar observable effects because unsolicited inbound traffic is dropped by default when no translation table entry exists.

IPv6 changes the addressing landscape. It uses 128-bit addresses, removing the need for NAT at the edge. Instead of ARP, IPv6 uses Neighbor Discovery (ND). IPv6 hosts often use Stateless Address Autoconfiguration (SLAAC) to build their own addresses from router advertisements. In practice, many home networks operate dual-stack (IPv4 and IPv6). This means troubleshooting can involve two parallel protocol stacks, with different failure modes. A device might fail over IPv4 but work over IPv6, or the reverse. Understanding IP addressing at both versions makes you far more effective at diagnosing real-world issues.

Finally, routing and addressing are where policy is enforced. VLANs map to IP subnets. Firewall rules frequently reference IP ranges. VPNs create new routes. If you know how to design and reason about addresses and routing tables, you can predict how traffic will flow before you even run a packet capture. That ability is what transforms you from a user of networks into an engineer of networks.

How this fit on projects Subnet math and routing logic are required for Projects 1-3, 9, 14, 18, and 19.

Definitions & key terms

• CIDR: Prefix notation for networks (e.g., /24).
• Default gateway: Router used for off-subnet traffic.
• Longest prefix match: Routing rule that chooses the most specific route.
• NAT/PAT: Translation of internal addresses to a public address with ports.

Mental model diagram

LAN 192.168.1.0/24       Router/NAT          Internet
Host 192.168.1.50  ->  [NAT table]  ->  203.0.113.5:45001

How it works

1. Host checks if destination is in local subnet.
2. If local, ARP and send directly; if not, send to gateway.
3. Router chooses route via longest prefix match.
4. NAT rewrites source IP/port for outbound flows. Invariants: TTL always decrements at routers. Failure modes: wrong subnet mask, missing default route, NAT table exhaustion.

Minimal concrete example

Routing table snippet:
192.168.1.0/24 -> eth0 (direct)
0.0.0.0/0 -> 192.168.1.1 (default)

Common misconceptions

• “Two devices with the same IP will work if they are on different switches.” They will conflict if on the same subnet.
• “NAT protects me from all inbound attacks.” It does not replace a firewall.

Check-your-understanding questions

1. Why does a /24 network have 254 usable addresses?
2. What happens when no route matches a destination?

Check-your-understanding answers

1. Two addresses are reserved: network and broadcast.
2. The packet is dropped (and often an ICMP unreachable is sent).

Real-world applications

• Planning guest and IoT subnets.
• Diagnosing port forwarding and inbound access problems.

Where you will apply it

• Projects 1-3, 9, 14, 18, 19

References

• “TCP/IP Illustrated, Vol 1” by Stevens - Ch. 3
• RFC 791 (IPv4), RFC 8200 (IPv6)

Key insights Addressing and routing are the map; NAT and policy are the gatekeepers.

Summary If you can compute subnets and read routing tables, you can predict traffic flow.

Homework/Exercises to practice the concept

1. Divide 192.168.10.0/24 into four /26 subnets.
2. Sketch a routing table for a network with a guest VLAN and a VPN.

Solutions to the homework/exercises

1. /26 blocks at .0, .64, .128, .192.
2. Include routes for each subnet plus a default route to the ISP.

Transport and Ports (TCP and UDP)

Fundamentals The transport layer provides end-to-end communication between applications. TCP offers reliable, ordered delivery through acknowledgments, retransmission, and flow control. UDP provides minimal overhead without reliability guarantees, which makes it ideal for low-latency or simple query/response protocols like DNS. Ports are the addressing mechanism for applications. A network connection is identified by a 5-tuple: source IP, source port, destination IP, destination port, and protocol. Understanding how TCP and UDP differ is essential for building tools like ping-like diagnostics, port scanners, and proxies.

Deep Dive TCP is a stateful protocol. It begins with a three-way handshake that establishes initial sequence numbers on both ends. Once established, each side maintains a sliding window of bytes that have been sent but not yet acknowledged. Retransmission occurs on timeout or after duplicate acknowledgments. Flow control uses the receiver’s advertised window to prevent buffer overflow, while congestion control reacts to signs of network congestion by reducing the sending rate. These behaviors are not just theoretical: they explain why a large file transfer can slow down after packet loss, and why a connection may stall if ACKs are filtered or delayed.

UDP is the opposite: it simply wraps application data with source and destination ports and a checksum. There is no handshake, no retransmission, and no ordering. This makes UDP great for short queries, live streaming, or gaming, where timeliness is more important than perfect delivery. But it also means that the application must handle loss, duplication, or reordering if those problems matter. This is why protocols like DNS and DHCP include their own retry logic and transaction IDs.

Ports are the multiplexing mechanism of the transport layer. A single IP address can host many services because each service listens on a different port. Clients use ephemeral ports chosen by the OS to distinguish their connections. Firewalls and NAT devices often make decisions based on ports and protocol state, which is why understanding TCP states (SYN_SENT, ESTABLISHED, FIN_WAIT) is crucial for debugging. For example, a firewall that drops inbound SYN packets but allows inbound ACKs can cause mysterious failures in connection setup while established connections continue to work.

Transport behavior is also shaped by MTU and fragmentation. TCP segments are sized to fit within the path MTU. If a segment is too large and fragmentation is blocked, the connection can stall in ways that appear random. UDP has no built-in recovery for lost fragments, which can make large UDP payloads unreliable. This is why many UDP-based protocols keep messages small or implement their own segmentation and reassembly.

When you build transport-layer tools, you are interacting with a state machine. A port scanner that uses TCP SYN packets is testing how a host responds to a state transition. A proxy server is managing two concurrent TCP state machines and relaying data between them. A VPN tunnel often runs over UDP or TCP and must handle reliability differently depending on the transport. The more you understand transport mechanics, the more precise your debugging and design choices become.

How this fit on projects Projects 2, 3, 9, 11, 17, and 19 depend directly on transport behavior.

Definitions & key terms

• 5-tuple: The identifiers of a transport flow.
• Handshake: TCP connection establishment.
• Window: Flow control mechanism for TCP.
• Ephemeral port: Temporary client port assigned by the OS.

Mental model diagram

Client                     Server
SYN  -------------------->  (listening)
SYN-ACK <------------------
ACK  -------------------->  (established)

How it works

1. TCP establishes state via handshake.
2. Data is sent with sequence numbers and ACKs.
3. Loss triggers retransmission and window reduction.
4. UDP sends without state; application handles retries if needed. Invariants: TCP guarantees order if the connection stays up. Failure modes: half-open connections, blocked SYNs, dropped ACKs.

Minimal concrete example

UDP request/response:
Client -> UDP:53 query id=0x1234
Server -> UDP:53 response id=0x1234

Common misconceptions

• “UDP is always faster.” It can be, but loss may negate benefits.
• “TCP guarantees delivery across the internet.” It only guarantees delivery within the connection’s lifetime.

Check-your-understanding questions

1. Why does a TCP connection need both sequence and acknowledgment numbers?
2. When would you choose UDP over TCP for a home network tool?

Check-your-understanding answers

1. To track sent bytes and confirm receipt in order.
2. For low-latency, small messages where retries are acceptable.

Real-world applications

• Reliable file transfer versus real-time streaming.
• Port scanning and service discovery.

Where you will apply it

• Projects 2, 3, 9, 11, 17, 19

References

• RFC 9293 (TCP), RFC 768 (UDP)
• “TCP/IP Illustrated, Vol 1” by Stevens - Ch. 11-16

Key insights Transport protocols are state machines; your tools must respect their state.

Summary TCP and UDP make different promises. Your designs must align with those promises.

Homework/Exercises to practice the concept

1. List three application protocols that use UDP and why.
2. Draw the TCP close sequence and label each side’s state.

Solutions to the homework/exercises

1. DNS (small queries), NTP (time sync), VoIP (latency).
2. FIN/ACK exchange with TIME_WAIT on the side that closes last.

3. Project Specification

3.1 What You Will Build

A user-space router that forwards packets between interfaces and performs NAT.

Included:

• CLI tool with clear output
• Validation steps and logging
• Documentation of assumptions

Excluded:

• Production-grade performance tuning
• Full security hardening

3.2 Functional Requirements

1. Core function: Implement the primary behavior described in the project goal.
2. Observable output: Produce deterministic output comparable to the Real World Outcome.
3. Error handling: Handle timeouts, invalid inputs, and unreachable hosts gracefully.

3.3 Non-Functional Requirements

• Performance: Complete typical tasks within a few seconds on a LAN.
• Reliability: Fail safely and clearly on errors.
• Usability: Provide concise CLI flags and helpful messages.

3.4 Example Usage / Output

$ sudo ./soft_router --lan en0 --wan en1
Routing table loaded: 2 routes
NAT enabled: public 203.0.113.5
Translation: 192.168.1.12:51510 -> 203.0.113.5:40002

3.5 Data Formats / Schemas / Protocols

Protocols: IP Addressing, Subnetting, and Routing (Including NAT), Transport and Ports (TCP and UDP).

3.6 Edge Cases

• Target unreachable or timing out
• Malformed or unexpected responses
• Multiple interfaces or subnets

3.7 Real World Outcome

$ sudo ./soft_router --lan en0 --wan en1
Routing table loaded: 2 routes
NAT enabled: public 203.0.113.5
Translation: 192.168.1.12:51510 -> 203.0.113.5:40002

3.7.1 How to Run (Copy/Paste)

• Build: make (or create a virtual environment as needed)
• Run: ./P14-software-router-with-nat
• Config: update any constants in a config file or flags
• Working directory: project root

3.7.2 Golden Path Demo (Deterministic)

Run against a known local target and compare with the expected output.

3.7.3 If CLI: provide an exact terminal transcript

$ sudo ./soft_router --lan en0 --wan en1
Routing table loaded: 2 routes
NAT enabled: public 203.0.113.5
Translation: 192.168.1.12:51510 -> 203.0.113.5:40002

4. Solution Architecture

4.1 High-Level Design

CLI Input -> Core Engine -> Output/Logs

4.2 Key Components

Component	Responsibility	Key Decisions
CLI Parser	Parse flags and inputs	Keep interface minimal
Core Engine	Protocol logic and state	Keep deterministic timing
Output/Logs	Present results and errors	Use consistent formatting

4.4 Data Structures (No Full Code)

Request:
  - target
  - protocol fields
Response:
  - status
  - timing
State:
  - retries
  - cache entries

5. Implementation Guide

5.1 Development Environment Setup

• Ensure required tools (tcpdump, dig, ip) are installed.
• Use elevated privileges where raw sockets are required.

5.2 Project Structure

project/
  README.md
  docs/
  src/
  tests/
  data/

5.3 The Core Question You’re Answering

“How does a home router actually forward and translate traffic?”

5.4 Concepts You Must Understand First

1. Routing table logic
   • How does longest prefix match work?
   • Book Reference: “Computer Networks” - Ch. 5
2. NAT/PAT behavior
   • How do you map many internal hosts to one external IP?
   • Book Reference: RFC 3022
3. Checksum updates
   • Which headers must be updated after NAT?
   • Book Reference: “TCP/IP Illustrated, Vol 1” - Ch. 3

5.5 Questions to Guide Your Design

1. Forwarding pipeline
   • In what order do you apply route lookup and NAT?
2. State tracking
   • How do you expire idle translations safely?

5.6 Thinking Exercise

Inbound flow

How does a reply packet know which internal host to reach after NAT?

Questions to answer:

• What key does the NAT table use?
• What happens if the entry has expired?

5.7 The Interview Questions They’ll Ask

1. “Why does NAT break the end-to-end model?”
2. “How do routers decide which interface to forward on?”
3. “Why must checksums be updated after translation?”
4. “What does port forwarding do?”
5. “How can NAT table exhaustion affect a network?”

5.8 Hints in Layers

Hint 1: Start with pure forwarding Get routing without NAT working first.

Hint 2: Implement a small NAT table Use a fixed-size table with clear expiration rules.

Hint 3: Pseudocode outline

- receive packet on interface
- look up route by destination IP
- if outbound: rewrite src IP/port and update checksum
- if inbound: reverse-lookup NAT table and rewrite dst
- forward to next hop

Hint 4: Verification Use a test host behind the router and confirm internet access.

5.9 Books That Will Help

Topic	Book	Chapter
Routing	“Computer Networks”	Ch. 5
IP header	“TCP/IP Illustrated, Vol 1”	Ch. 3
NAT	RFC 3022	Spec

5.10 Implementation Phases

1. Establish core protocol I/O and a minimal success path.
2. Add parsing, validation, and timeouts.
3. Add logging, metrics, and polish for output.

5.11 Key Implementation Decisions

• Which interface and capture point provides visibility?
• What timeout and retry strategy balances speed and accuracy?
• How will results be validated against reference tools?

6. Testing Strategy

6.1 Test Categories

• Unit: parsing and validation logic
• Integration: protocol exchange with a real device
• System: full run with reference tools

6.2 Critical Test Cases

• Successful request/response path
• Timeout and retry behavior
• Invalid or unexpected input handling

6.3 Test Data

• Local gateway IP and a known reachable host
• A non-routable IP to trigger timeouts

7. Common Pitfalls & Debugging

7.1 Frequent Mistakes

Problem 1: “Forwarding works, NAT fails”

• Why: Checksums not updated or NAT table lookup wrong.
• Fix: Recompute checksums and log table entries.
• Quick test: Capture packets and compare pre/post translation.

Problem 2: “Inbound traffic never reaches host”

• Why: No NAT state or port forward.
• Fix: Ensure translation exists or configure port forwarding rules.
• Quick test: Inspect NAT table on inbound packet.

7.2 Debugging Strategies

• Capture traffic with tcpdump or Wireshark.
• Compare against a known-good tool.
• Log timestamps and retry logic.

7.3 Performance Traps

• Excessive retries causing long runtimes.
• Inefficient parsing under high packet rates.

8. Extensions & Challenges

8.1 Beginner Extensions

• Add basic configuration flags for interface and timeout.
• Improve output formatting and sorting.

8.2 Intermediate Extensions

• Add caching or state persistence.
• Add CSV or JSON output export.

8.3 Advanced Extensions

• Add concurrency with careful rate limiting.
• Add visualization or integration with a dashboard.

9. Real-World Connections

9.1 Industry Applications

• Network diagnostics and troubleshooting
• Security monitoring and policy enforcement

9.2 Related Open Source Projects

• tcpdump / Wireshark
• nmap / dnsmasq / unbound (as applicable)

9.3 Interview Relevance

• Explaining protocol behavior
• Diagnosing failures by layer

10. Resources

10.1 Essential Reading

Topic	Book	Chapter
Routing	“Computer Networks”	Ch. 5
IP header	“TCP/IP Illustrated, Vol 1”	Ch. 3
NAT	RFC 3022	Spec

10.2 Video Resources

• Wireshark or tcpdump walkthroughs (search for recent tutorials)
• Vendor or RFC explainers for the relevant protocol

10.3 Tools & Documentation

• RFCs for the protocols used in this project
• man tcpdump, man ip, man ss

10.4 Related Projects in This Series

• Project 1: Network Device Scanner (ARP Discovery Tool)
• Project 2: Build Your Own ping Utility
• Project 3: Build Your Own traceroute Utility
• Project 5: DNS Resolver (Client-Side)
• Project 6: DHCP Client
• Project 7: Simple DNS Server (Authoritative)
• Project 8: DHCP Server
• Project 9: Port Scanner
• Project 11: Simple HTTP Server
• Project 13: Simple Packet Filter Firewall
• Project 17: HTTP Proxy Server
• Project 18: Network Topology Mapper
• Project 19: Simple VPN Server
• Project 20: Complete Home Network Stack (Capstone)