RE: NAT Help
From: Craig (saiph@tamu.edu)Date: 09/13/02
- Previous message: bernhard.albler@bfi-stmk.at: "Antwort: help with network problem"
- In reply to: Akash Malhotra: "NAT Help"
- Next in thread: Nathan: "RE: NAT Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Craig" <saiph@tamu.edu> To: "'Akash Malhotra'" <akash@me.umn.edu>, <security-basics@securityfocus.com> Date: Fri, 13 Sep 2002 13:00:55 -0500
Akash, et. al:
NAT handles this situation easily.
Here's a brief example of NAT works at the IP level:
User 1 and 2 are surfing the web (they could be playing the same
multiuser game, doesn't matter - theory is the same). User 1 (call his
IP 192.168.0.1), sends a request to texsans.com, port 80, with _source_
port 2000. That means user1 expects a response from texsans.com:80 on
192.168.0.1:2000.
The NAT will take the request and rewrite 192.168.0.1 to the external
real IP (call it 1.2.3.4) AND change the source port to something like
32000. The NAT will also keep note of who originally made the request.
(192.168.0.1:2000). Thus when texsans.com replies with source port 80,
destination 1.2.3.4:32000, the NAT rewrites the response's destination
back to 192.168.0.1:2000 but keeps the source info (texsans.com:80) the
same.
Meanwhile user2, (say 192.168.0.2) can also be requesting from
texsans.com:80 with the same source port 2000. The NAT will rewrite the
source request to 1.2.3.4:32001 and again, will keep note of who
requested it, so it can correctly be mapped back into the private IP
space when the response comes back.
Neither user1 nor user2 ever knows their packets were changed, and
texsans.com thinks there's only one computer at 1.2.3.4, with two
concurrent requests.
The only time this will setup fails is when you need a connection
originating from outside to map to a specific port on each computer
inside. This is why things like "AIM Direct Connection" fail if both
computers are behind a NAT/firewall. Most games do not operate this
way, since the game is usually a client, not a server. Hence, if you
were running some game like Total Annihilation or TetriNet version <2,
you could not "host" two games behind a NAT (easily). There are a few
ways around this, but is beyond the scope of your question here.
Another interesting side note: Quake 3 (and a few other games) will let
you use the same CDKEY on multiple machines if they are behind a NAT -
the server seems to think one computer is just running several copies of
Quake :-) This does not work for stateful key-based connections such
as Battle.NET (Diablo, etc)
Hope this helped.
-- Craig Wellington Texas A&M University-----Original Message----- From: Akash Malhotra [mailto:akash@me.umn.edu] Sent: Friday, September 13, 2002 10:10 AM To: security-basics@securityfocus.com Cc: focus-ids@securityfocus.com Subject: NAT Help
Hi
I just want to know how NAT wokrs in general.Any help is appreciated.
The reason me asking help abt NAT is i want to know how NAt will behave when two users are behind NAT is contatcting same applictaion.For Eg
If two users want to play multiuser game and both of them are behind NAT than how NAT is gonna know who is what??? and how is NAT gonna response to different packet.
situation can be described below
Website -> Game Application | (Multi User Game) | NAT | ------ | | user1 user2 ( both are playing with each other)
ANy suggestion on this issue ?? I Want to know the behaviour of NAT
-Akash
------------------------------------------------------------------------ ------_ Akash Malhotra MEnet EMAIL: PHONE: akash@me.umn.edu Off: (612)626-9800 akash@ece.umn.edu Apt: (612)623-9193
- Previous message: bernhard.albler@bfi-stmk.at: "Antwort: help with network problem"
- In reply to: Akash Malhotra: "NAT Help"
- Next in thread: Nathan: "RE: NAT Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
