let's say we have a local address of 192.168.10.3 and we want to send a packet to 18.2.*.1 on port 21, we send the data to our default gateway, the source ip now becomes our routers external IP address(19.3.*.18) and the source port is let's say 1023,

the router will store information of the connection such as local ip address, local port of sending machine so that when it gets a response from the server it knows where to forward that response to.

But let's say the local network address (of the machine on the 18.2.*.1 network that we want to connect to using port 21) is 192.168.2.40, when the 18.2.*.1 router receives the packet from 19.3.*.18, how does it know which host machine to send the packet to?? the router knows it will be on port 21 but to what local machine?


**edit : or maybe this isn't even possible without port forwarding?
Thanks

the source ip now becomes our routers external IP address(19.3.*.18) and the source port is let's say 1023,

Note that the source IP and port only change if the router is performing NAT.

when the 18.2.*.1 router receives the packet from 19.3.*.18, how does it know which host machine to send the packet to??

It assigns an external source port (i.e. the source port at the router) to each host in the local network. It can even assign them per host per destination (e.g. 192.168.0.2 may get 45 when connecting to google.com and 77 when connecting to www.cplusplus.com), since all that's required is that there are no conflicts when handling the server's response.
Of course, the limitation is that NAT may not work correctly with any transport layer protocols that don't have port equivalents. It will work as long as there aren't two clients sending packets to the same server at the same time.

That makes sense, it's been while since I've done any networking

Thanks Helios

we want to send a packet to 18.2.*.1 on port 21,

You cannot send directly to an IP address with a '*'.

Also, it's unlikely that a network would have the variable part in the middle of the address. In other words, I think you meant 18.2.1.*, not 18.2.*.1.

If you know that some host on the 18.2.1.* network is monitoring port 1023, then you can send a broadcast to that that network by sending to 19.2.1.255:1023 The "255" tells the network that it's a broadcast (technically all 1's in the zero bits of the subnet mask). Now any host that's monitoring port 1023 will respond. The original program listens for the response(s) and then starts a connection with one of the respondents.

None of this negates what helios wrote. NAT and broadcast are separate issues.

You cannot send directly to an IP address with a '*'. Also, it's unlikely that a network would have the variable part in the middle of the address. In other words, I think you meant 18.2.1.*, not 18.2.*.1.

very good point.

If you know that some host on the 18.2.1.* network is monitoring port 1023, then you can send a broadcast to that that network by sending to 19.2.1.255:1023 The "255" tells the network that it's a broadcast (technically all 1's in the zero bits of the subnet mask). Now any host that's monitoring port 1023 will respond. The original program listens for the response(s) and then starts a connection with one of the respondents.

I could do this (send a broadcast using 255) if I was connected to the internal network but
main questions would be how can you determine 19.2.1.255 is the broadcast for 18.2.1.* ?

also so it is possible to actually send a broadcast an external ip?( public interface of the network )

main questions would be how can you determine 19.2.1.255 is the broadcast for 18.2.1.* ?

The broadcast address is the network IP bitwise-ORed with the complement of the network mask.

Example:
Network IP: 192.168.0.0
Network mask: 255.255.0.0
~Network mask: 0.0.255.255
Broadcast address: 192.168.255.255

also so it is possible to actually send a broadcast an external ip?( public interface of the network )

If the only path to the network you want to broadcast on passes through the public Internet then that network's gateway must implement NAT and it must forward the port in question to the network's broadcast address. This is necessary because you can't route through the Internet a packet with a destination like 192.168.255.255. Since it's impossible to know which of the thousands of networks you mean, Internet infrastructure simply drops packets addressed to private IP ranges.

If instead you're connected to an internet (not the Internet, just some network of networks intended for use by an organization) and you want to broadcast on some subnetwork, then yes, you can simply send the packet to the intended broadcast address, and as long as no firewall blocks it, it will work.

makes sense thanks Helios :)