using local Inside IP and L4 Port the host use the router can forward traffic to right one. 

see below the Inside local + L4 Port is show in table 

". . . how does the router calculate the host to route the response to?"

By examination of the source IP of the response.

NAT uses a table of internal host's IP and external host's IP.  Basically, it translates/replaces internal host's IP with NAT router's external interface IP.

Consider, for your question, you have internal hosts 192.168.1.10 and 192.168.2.20 and external web servers 1.1.1.1 and 2.2.2.2.  Further the first internal host communicates with the first external web server, and second internal host communicates to second external web server.

As those hosts make their requests, NAT router creates a table of:

192.168.1.10 1.1.1.1
192.168.2.20 2.2.2.2

The NAT router's external interface IP is 3.3.3.3.

Packet received by first web server would be src: 3.3.3.3 dst: 1.1.1.1 and second web server src: 3.3.3.3 dst: 2.2.2.2

Response packet sent by first web server would be: src: 1.1.1.1 and dst: 3.3.3.3 and second web server src: 2.2.2.2 dst: 3.3.3.3

NAT server looks up each external packet's source IP, and changes destination address to internal host IP.

And if both host send to same web server?

The l4 port + local is key factor, 

And that why nat table show l4 port user use.

"And if both host send to same web server?"

Great question!!!

My prior posting is in error, because in NAT (not PAT, although PAT is often also just called NAT) there's an external IP for every (active) internal IP.

i.e. table would be more like:

192.168.1.10 3.3.3.1
192.168.2.20 3.3.3.2

The NAT router's external interface IPs are 3.3.3.1, 3.3.3.2, 3.3.3.3, . . .

(BTW, NAT, network address translation, is basically just that, outbound change interior IP to an [and one of our] exterior IP, inbound the converse.  I.e./e.g. 192.168.1.10 => 3.3.3.1 and 3.3.3.1 => 192.168.1.10)

(Our exterior IPs are in a pool, and each IP is made available for reuse after some amount of inactivity time.)

Packet received by first web server would be src: 3.3.3.1 dst: 1.1.1.1 and second web server src: 3.3.3.2 dst: 2.2.2.2

Response packet sent by first web server would be: src: 1.1.1.1 and dst: 3.3.3.1 and second web server src: 2.2.2.2 dst: 3.3.3.2

Sorry for earlier incorrect posting, but the above is what I had in mind why only IP addresses were needed.

That said, what @MHM Cisco World is describing is PAT, which allows a single external IP to support multiple internal IPs.

Without going in PAT, what is the NAT/PAT table, like in the example MHM posted, is not always actual L4 port numbers.  Or to turn MHM's question - And if both hosts ping the same web server?  (Laugh - MHM's posting actual shows IGMP in the NAT table, but IGMP doesn't have port numbers.)

so ICMP can not pass PAT because it dont have L4 Port ?
again you are in wrong direction, the Router add L4 Port to ICMP otherwise any ICMP can not pass PAT. 

and why I mention PAT because he mention two host same IP, so sure it PAT not NAT.

"so ICMP can not pass PAT because it dont have L4 Port ?"

Didn't write that.

". . .  the Router add L4 Port to ICMP . . ."

Add it where or to what?

We're debating, I suspect, semantics, as what's in the PAT/NAT table isn't (at least always) a true L4 port number, as ICMP doesn't have those, but a pseudo L4 port number based on something specific to the packet's kind.  That what would allow PAT/NAT to pass ICMP.  (BTW, there are a whole bunch of issues you can get into when doing PAT, which is why PAT, to handle different protocols, gets rather involved.  I remember decades ago engineers asking why a $50 home router could do "PAT" better [generally on non-TCP/UPD protocols] than a $20,000 Cisco router [NB: one might find some very old postings on that on these forums].)

In other words, even when "show ip nat translations" displays what appears to be port numbers, PAT might not be active at all and for non-TCP/UDP protocol traffic, the "port number" is not a port number.

"and why I mention PAT because he mention two host same IP, so sure it PAT not NAT."

Agreed, OP did in a follow up posting.  And you're 100% correct, PAT does answer that, but you did not mention PAT, as PAT, until I did (although as I also noted, PAT is often referred to as NAT, but they are different).  Basic NAT, when using a pool of external IPs, though, does answer the original posting too.  Again, as I noted, my original posting was incorrect.

Anyway, going back to the OP, I'll directly address all the questions.

"If I send a web request to an external host (web server), what mechanism is used to ensure the response is directed to the correct host on the local network."

If using private IPs internally and public IPs, you need NAT or PAT.  (BTW, I believe PAT always does NAT, but NAT might not be doing PAT.)

"Along the way the ip source and destination addresses do not change but the layer 2 addressing changes with each hop."

Incorrect, private source IPs are changed.

"My difficulty in understanding is not knowing what ip address the web host will respond to if the original source ip address is a private address."

External host responds to the source IP it received, which has been translated from a private IP to a public IP, i.e. Network Address Translation.

"Does the router change the source ip address when it forwards the frame to the web server and the web server sends its response to the public router address?"

Yes.

"How does the router know which host on the local network is supposed to receive the reply?"

It (NAT router) is able to identify "pairs" of each conversation.  With NAT, this can be done using just IP addresses.  (With PAT, a single external IP can be used, along with other pair identifying attributes.  For TCP/UDP traffic, port numbers can be translated too, hence Port Address Translation (but non-TCP/UDP traffic doesn't have ports).

Consider two HTTP conversations between a pair of hosts.  Each conversation has the same source and destination IPs, and the same destination port number (e.g. port 80), but different source port numbers.

PAT makes another host, appear to other (e.g. web server) host, much like the prior noted dual conversations (on same host), i.e. it translates both source IP addresses and (for TCP/UDP) source port numbers.  For non-TCP/UDP it needs to use some other protocol attribute to distinguish between hosts.  Whatever it's using, which likely might be proprietary to that PAT implementation, but for display purposes, like in MHM's example, it can show a (pseudo) port number.

PS:

BTW, another difference between real L4 port numbers and pseudo port numbers, TCP/UDP port numbers are a 16 bit field and ranges of port number have meaning, e.g. "well known" port 80 for HTTP.  Pseudo port numbers need not be also sized as a 16 bit field and do not have TCP/UDP port number usage definitions. E.g. in MHM's example, you might see IGMP have a :80 value, but that has nothing to do with a HTTP server.

"the port number is the differentiator"

Again, the interior/exterior traffic may not have a port number.  If so, what is the "port number" used in the NAT table?

Also again, there's traffic, even with port numbers, that using those alone, isn't "enough" for NAT to work correctly.

In your reference, in you look at section Limitations of NAT you'll find:

• There are certain NAT operations that are currently not supported in the hardware data plane. The following are such operations that are carried out in the relatively slower Software data plane:

• Translation of Internet Control Message Protocol (ICMP) packets.

• Translation of packets that require application layer gateway (ALG) processing.

• ALG support is currently limited to FTP, TFTP and ICMP protocols. Also, although TCP SYN, TCP FIN, and TCP RST are not part of ALG traffic, they are processed as part of ALG traffic.

Using Application-Level Gateways with NAT

Yes, Cisco's documentation lumps what it's doing into the terminology of port numbers, but let's look at RFC2663, beginning with its preface:

Preface

   The motivation behind this document is to provide clarity to the
   terms used in conjunction with Network Address Translators.  The term
   "Network Address Translator" means different things in different
   contexts. The intent of this document is to define the various
   flavors of NAT and standardize the meaning of terms used.

Hmm, interesting purpose, to define clarity to terminology.

They do have a section defining TCP/UDP ports:

2.4. TU ports, Server ports, Client ports

   For the reminder of this document, we will refer TCP/UDP ports
   associated with an IP address simply as "TU ports".

   For most TCP/IP hosts, TU port range 0-1023 is used by servers
   listening for incoming connections. Clients trying to initiate a
   connection typically select a source TU port in the range of 1024-
   65535. However, this convention is not universal and not always
   followed. Some client stations initiate connections using a source TU
   port number in the range of 0-1023, and there are servers listening
   on TU port numbers in the range of 1024-65535.

   A list of assigned TU port services may be found in RFC 1700 [Ref 2].

In their section on NAPT (or what we generally call PAT) has:

4.1.2. Network Address Port Translation (NAPT)

   NAPT extends the notion of translation one step further by also
   translating transport identifier (e.g., TCP and UDP port numbers,
   ICMP query identifiers). This allows the transport identifiers of a
   number of private hosts to be multiplexed into the transport
   identifiers of a single external address. NAPT allows a set of hosts
   to share a single external address. Note that NAPT can be combined
   with Basic NAT so that a pool of external addresses are used in
   conjunction with port translation.

   For packets outbound from the private network, NAPT would translate
   the source IP address, source transport identifier and related fields
   such as IP, TCP, UDP and ICMP header checksums. Transport identifier
   can be one of TCP/UDP port or ICMP query ID. For inbound packets, the
   destination IP address, destination transport identifier and the IP
   and transport header checksums are translated.

The RFC is using the term "transport identifier" because it's not just a TCP/UDP "port number".  (Actually, of course, "port" has a very wide generic meaning too, and to be fair, one might term the "port number" shown in Cisco's NAT/PAT table as a "port number", but then it might be easily confused with a TCP/UDP "port number".  This, I suspect, is why the RFC uses two different terms, i.e. to make clear they are NOT one and the same.)

In my posts I've been using the term "pseudo port number" in a NAT table because a) it looks like a TCP/UDP port number, but b) it can be more than just a TCP/UDP port number, as it supports "PAT" for traffic without TCP/UDP port numbers.  The RFC's "transport identifier", I believe, is trying to convey the same.  I.e. when doing IP address overload, "more" is needed to keep flows distinguished.  (BTW, there, I believe @MHM Cisco World are in 100% agreement.)

However, where MHM and I appear to disagree, although a NAT table has, what appears as TCP/UDP port numbers, there is a deeper meaning attached to those NAT table "port numbers".  Once you understand that, it makes it easy to understand how traffic like ICMP can transit NAT when, ICMP doesn't have port numbers.

Hopefully to make clear what's happing, let's use the example of two hosts contacting the same (web) server, but just happen to be using the same source port.

e.g.

192.168.1.1:4000 => 1.1.1.1:80
192.168.1.2:4000 => 1.1.1.1:80

using a single PAT overloaded IP of 2.2.2.2

what could could be sent is:

2.2.2.2:8000 => 1.1.1.1:80
2.2.2.2:8001 => 1.1.1.1:80

With the "changed" TCP source ports, the web server "sees" two different flows, both from the same address.

Return traffic can be identified and re-translated to original source IPs and port:

I.e.:

1.1.1.1:80 => 2.2.2.2:8000 => 192.168.1.1:4000
1.1.1.1:80 => 2.2.2.2:8001 => 192.168.2.1:4000

The forgoing a great example of NAT/PAT.

But if we have IGMP, like ping, we have:

192.168.1.1 => 1.1.1.1
192.168.1.2 => 1.1.1.1

We have no TCP/UDP port numbers!!!

Yet, if IGMP has something we can "translate" like the RFC's mention of query identifiers, we can do something like:

192.168.1.1(qID 123) => 2.2.2.2:0 => 2.2.2.2(qID 456)
192.168.1.2(qID 123) => 2.2.2.2:1 => 2.2.2.2(qID 789)

The Cisco NAT/PAT table shows "port numbers", but they are not TCP/UDP port numbers, they are, as the RFC describes, transport identifiers, which allows the two way translation, for the outgoing pings and the return ping replies.

As I've noted a couple of times NAT supporting overloading IPs, can get complicated. ICMP, has a RFC describing additional NAT issues, see RFC5508.

BTW, MHM, I hadn't meant to imply that you don't know what you're talking about, but as excellent as Cisco documentation/information often is, there can be deeper concepts being concealed by it, which can, sometimes, lead to confusion.  In this case, again, Cisco's presentation of PAT and port numbers, which works great for TCP/UDP traffic, conceals issues that port number translation alone cannot deal with, like ICMP traffic.

Of course, for practical day-to-day network engineering, deep understanding is often not needed, yet when trouble shooting, a deeper understanding can sometimes be very valuable.