two way communication using NAT and port forwarding

From: Vikash K Agarwal (vikash.agarwal@tallysolutions.com)
Date: 03/30/02 

From: vikash.agarwal@tallysolutions.com (Vikash K Agarwal)
Date: 30 Mar 2002 05:53:25 -0800

How does instant messengers like ICQ work from behind the firewall. It
seems to be done using NAT or port forwarding. But i do not understand
it clearly.

Say
1. client messengers r running on 192.168.1.1, 192.168.1.2 and so on
2. There is a single public IP with firewall 202.54.54.1
3. A central server maintained by the creators of the messenger
111.111.111.111

When the client messenger initiates a request from private IP like
192.168.1.1 the NAT at gateway/router/proxy will
1. do the translation to public IP from private IP
2. send and recv the response from server
3. do the transaction from private to public IP
4. the client recieves the response

and everything looks fine BUT

when the server (111.111.111.111) wants to send something to the
client, the client is behind the firewall so all request by default
will terminate at the firewall. Even if port forwarding is enabled the
request will go to a fixed machine and port.

The problem is that there are or may be multiple messeners clients
behind the firewall and the server wants to communicate with a
particular one or all which does not seem likely with port forwarding.

what will the server need to send so that it can reach the targetted
client like 192.168.1.1 behind the firewall.

thx for help

vikash

Relevant Pages