This article focuses on how public IPs, private IPs, NAT, routing tables, forwarding tables, and MAC addresses work together. It clarifies common confusion around what it means to be “on-link,” how route selection differs from packet forwarding, and how Layer 2 and Layer 3 divide responsibilities. Keywords: NAT, routing table, MAC address.
Technical Specifications at a Glance
| Parameter | Details |
|---|---|
| Domain | Computer networking fundamentals |
| Protocol layers | IPv4, ARP, Ethernet |
| Core concepts | Public IP, Private IP, NAT, Routing Table, Forwarding Table, MAC |
| Typical scenarios | Home networks, enterprise internet egress, host communication troubleshooting |
| Source popularity | Approximately 3.6k views, 65 likes, 43 bookmarks in the original article |
| Core dependencies | Route lookup, ARP resolution, NAT mapping, Ethernet frame forwarding |
These Concepts Must Be Understood on the Same End-to-End Path
Public IPs, private IPs, MAC addresses, routing tables, and forwarding tables all describe network communication, but they exist at different layers and solve different problems.
If you do not first distinguish who handles final destination addressing, who handles the current hop, who selects the route, and who performs high-speed forwarding, concepts like the default gateway, ARP, and NAT will remain confusing.
You Can Start by Remembering These Four Statements
- A public IP is routable on the internet.
- A private IP is used for addressing inside a local network.
- A MAC address delivers traffic for the current hop on the local link.
- The routing table selects the path; the forwarding table moves the packet.
Application sends a request
-> Host checks the routing table
-> Determines whether the destination is directly connected
-> If not directly connected, sends it to the default gateway
-> Uses ARP to get the next-hop MAC address
-> Encapsulates and sends a Layer 2 frame
-> Router performs NAT and forwardingThis flow shows the shortest core path from a Layer 3 decision to Layer 2 transmission.
Public IPs, Private IPs, and NAT Together Form the Egress Communication Model
A public IP address can participate in routing across the internet. Other networks on the internet can usually identify only the public IP of your edge device, not the private address of your home computer.
A private IP address can only be used inside a local network. Typical ranges include 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Common home device addresses include 192.168.1.2 and 192.168.1.100.
NAT Is Not an Address Type but a Translation Mechanism
The core purpose of NAT is to map a private host’s private IP and port to a public IP and port, allowing multiple internal devices to share one or a small number of public addresses when accessing the internet.
For that reason, 192.168.x.x should be called a private IP, not a “virtual IP.” The real issue is not virtualization, but that the address cannot be routed directly on the public internet.
Internal host: 192.168.1.100:52341
|
| Sent to the router
v
NAT mapping: PublicIP:40001 <-> 192.168.1.100:52341
|
v
Internet serverThis shows that NAT rewrites egress addresses. It does not replace routing or ARP.
“On-Link” Means the Destination Is Directly Reachable
When you see “On-link” in Windows route print, it literally corresponds to on-link. It does not mean that some hidden gateway exists. It means the target network is directly connected to the current interface.
For example, if a host address is 192.168.1.100/24, then 192.168.1.0/24 is the directly connected local subnet. When the host accesses 192.168.1.50, it does not need to send the packet to a router first.
In a Directly Connected Scenario, ARP Is What Actually Happens
The host first checks the routing table and finds that the destination belongs to the local subnet. It then triggers ARP to request the MAC address associated with the target IP. After learning the MAC address, it encapsulates the packet in a Layer 2 frame and sends it directly.
So, “on-link” describes the result of a Layer 3 decision, while actual delivery is completed through Layer 2 address resolution and frame transmission.
# View the local routing table
route print
# View the ARP cache
arp -aThese two commands are usually enough to verify whether traffic goes through the gateway or is sent directly on the local network.
The Routing Table Makes Decisions, and the Forwarding Table Executes Them Efficiently
The routing table belongs more to the control plane. It stores information such as destination network, mask, next hop, outbound interface, and metric, and answers the question: “In principle, how should traffic reach this destination subnet?”
The forwarding table belongs more to the data plane. It is the result set that a device organizes for fast forwarding, often optimized for hardware lookups or high-speed matching logic, with low-latency execution as the priority.
They Are Not Duplicate Structures but Upstream and Downstream Components
On most devices, routing information converges first and is then transformed into a forwarding table optimized for fast matching. In other words, the routing table determines policy, and the forwarding table carries out the action.
When you see terms like FIB, Forwarding Table, or CEF in practice, you can usually interpret them as the data structures that actually participate in forwarding.
routing_table = [
{"prefix": "0.0.0.0/0", "next_hop": "192.168.1.1", "iface": "eth0"},
{"prefix": "192.168.1.0/24", "next_hop": None, "iface": "eth0"},
]
def forward_packet(dst_ip):
# Core logic: prefer the most specific route prefix
route = longest_prefix_match(dst_ip, routing_table)
if route["next_hop"] is None:
return "on-link" # Destination is directly connected, so use ARP directly
return route["next_hop"] # Not directly connected, so send it to the next-hop gatewayThis pseudocode shows how a host or router performs route selection first and then decides whether the packet should be sent directly or forwarded to the next hop.
MAC Addresses and IP Addresses Serve Different Layers
A MAC address belongs to the data link layer and is used to deliver frames on the current hop. It answers the question: “Which network interface should receive this frame right now?”
An IP address belongs to the network layer and is used to identify the final destination host across networks. It answers the question: “Where should this packet ultimately go?” These roles do not conflict. They cooperate across layers.
In Cross-Subnet Communication, the Destination IP Stays the Same While the MAC Changes at Each Hop
When your computer accesses a public server, the destination IP in the IP header remains the remote server’s address. But in the Ethernet frame, the destination MAC for the first hop is usually the MAC address of the default gateway.
Each time the packet passes through a Layer 3 device, the Layer 2 header is re-encapsulated. As a result, the MAC address often changes hop by hop, while the destination IP usually remains the same unless NAT modifies it.
First-hop frame:
Source MAC = computer NIC MAC
Destination MAC = home router MAC
Source IP = 192.168.1.100
Destination IP = remote server IPThis shows that IP determines the final destination, while MAC determines the current hop. Their responsibilities are strictly different.
Connecting the Full Communication Flow Makes the Model Easier to Understand
Assume the computer’s address is 192.168.1.100, the default gateway is 192.168.1.1, and the router’s WAN interface has a public IP address. When you access a public server, the host first checks its routing table.
If the destination is not within 192.168.1.0/24, the host matches the default route and sends the packet to 192.168.1.1. It then uses ARP to learn the gateway’s MAC address and encapsulates the packet into a Layer 2 frame addressed to the router.
The Router Then Handles Egress Translation and Continues Route Selection
After receiving the frame, the router decapsulates the IP packet, performs NAT by rewriting the private source address to a public address and port, and then forwards the packet upstream according to its own routing information.
When return traffic matches the NAT translation table, the router restores the original internal mapping and delivers the traffic back to the host. This is the most typical path for a private network accessing the public internet in a home network.
Accessing a public server
1. Host checks the routing table -> matches the default route
2. Host ARPs for the gateway -> learns the gateway MAC
3. Frame is sent to the router -> the packet destination IP is still the remote server
4. Router performs NAT -> rewrites the private source address to a public address
5. Router checks the forwarding table -> sends traffic to the internetThis path ties together private IPs, public IPs, ARP, routing tables, forwarding tables, and MAC addresses into one coherent model.
The Images in the Original Content Are Mostly Decorative Site Elements
The original Markdown contains many images for site logos, buttons, avatars, ads, and entry points. Most of these are navigational or branding elements and do not carry technical information about networking principles.
Therefore, under standard processing rules, these logos and brand markers do not require additional visual technical interpretation. If topology diagrams, packet captures, or routing table screenshots are added later, include structured explanations under each image that describe the key fields, paths, and state indicators.
FAQ
Q1: Why does same-subnet communication not need to go through a router?
Because the host checks the routing table and determines that the destination is on-link, which means it is directly reachable. At that point, the host only needs to use ARP to get the peer’s MAC address and then send the Layer 2 frame directly.
Q2: Can the routing table and the forwarding table be treated as the same thing?
No. The routing table belongs more to the control plane and is responsible for route selection policy. The forwarding table belongs more to the data plane and is responsible for fast forwarding execution. The former produces the decision; the latter carries out the result.
Q3: If we already have IP addresses, why do we still need MAC addresses?
Because IP handles final destination identification across networks, while MAC handles one-hop delivery on the current link. Without MAC addresses, a host cannot deliver an Ethernet frame to the correct next-hop device.
AI Readability Summary
This article systematically explains the relationship among public IPs, private IPs, NAT, routing tables, forwarding tables, and MAC addresses. It clarifies the real meaning of “on-link” and uses a complete packet delivery path to connect network-layer and link-layer concepts, making it a practical guide for developers who want a clear mental model of networking fundamentals.