Re: Direct connections through NAT/firewall

From: Carl Farrington (carl_at_000compsup000.net)
Date: 07/23/03 

Date: Wed, 23 Jul 2003 00:40:13 +0100

/dev/rob0 wrote:
> In article <Xns93C0AB1E2CA4Ejbuserspc9org@205.200.16.73>,
> Jem Berkes wrote:
>> method for reliably establishing direct connections over the Internet
>> between two hosts that are both behind NAT gateways.
>> [snip]
>> Does anyone know if something like this already exists? The only
>> technology
>
> I use OpenVPN in such a manner. It relies upon kernel support in the
> form of the universal tun/tap driver, which is ported to numerous
> Unix-like OS's already, and [if someone interested wanted to do so]
> could probably be implemented on Windows easily enough. But IIUC
> you're talking about something *entirely* in userspace? Not setting
> up a
> virtual network interface, but rather just making a peer-to-peer
> connection inside your own software?

there must be a trigger on each end.. in order to set the nat incoming port
redirection ready... i'm intrigued - the website didn't seem to mention
anything.

Maybe machine@net1 tries to establish connection to machine2@net2 which
doesn't work 'cause of the nat router/firewall getting in the way at net2,
but machine2@net2 is trying to establish a similar connection to
machine@net1 and therefore the nat firewall at net2 is awaiting an incoming
connection from machine@net1 that it will happily direct over to
machine@net2

must be some kind of packetfoolery going on..

hey.. that's a cool name "packetfoolery" .. i'm off to register it :-)

Relevant Pages

  • Re: Processs PreciseMail AntiSpam Gateway - any experience so far ?
    ... Client sending system ... >> ISP using dynamic NAT with port overloading. ... >> 10.11.12.1 is the clients real address and it opens a connection from its port ...
    (comp.os.vms)
  • Re: WinRoute Pro
    ... If a RST is sent to a TCP protocol host, ... 1/ Check the NAT table. ... 2/ Open a TCP connection to a host using a port tool. ... Winroute's logs are no substitute for a decent packet sniffer. ...
    (comp.security.firewalls)
  • Re: Establish external trust over a NAT device
    ... suggesting hardware over Windows built-in functionality for a VPN solution. ... even a fairly cheap router will likely have much better throughput ... L2TP and routing over it with or without NAT on that connection. ...
    (microsoft.public.win2000.active_directory)
  • Re: NAT and keepaliveopen connection over TCP
    ... sent after 10 minutes of inactivity on the TCP connection. ... There's no minimum set time how long a NAT router should ... time-out inactive connections at the server. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Direct connections through NAT/firewall
    ... >> method for reliably establishing direct connections over the Internet ... >> between two hosts that are both behind NAT gateways. ... > connection inside your own software? ... doesn't work 'cause of the nat router/firewall getting in the way at net2, ...
    (comp.os.linux.networking)
Quantcast