Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
DVoropaev2019-12-09 23:50:10
Computer networks
DVoropaev, 2019-12-09 23:50:10

Is it possible to link two hosts behind NAT directly in this way?

There are three hosts:
host A is connected via NAT on router R1
host B is connected via NAT on router R2
host C is a server connected directly to the Internet, has a static IP
The algorithm of action is as follows:
1) host A knocks on server C via UDP
2) NAT on the router R1 opens a dynamic port (port1), substitutes the port number and external IP in the source of the packet that A sends to C
3) Server C receives this packet and remembers that host A is accessible by IP and port (port2) from the previous paragraph
4. ..6) Similarly, C learns the IP address and dynamic port on R2 for host B
7) The server reports information about host B to host A.
8) The server reports information about host A to host B.
And then there is such communication between hosts A and B (already without intermediary C):
A -> R1 -> R2:port2 -> B
Host A sends a packet to the address R2:port2,
the packet passes through R1, which substitutes its IP and its port1
R2 receives the packet, looks at port2 and sees that it is assigned to host R2.
The packet arrives at R2
In a similar way, the sending goes from host A to host B. The
question is, in what cases will this method work, and in what cases will it not?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
A
antonwx, 2019-12-10
@antonwx

Um, congratulations on inventing hole punching . The easiest way is to use something ready- made .

Report
M
Mikhail Vasilyev, 2019-12-10
@vasilyevmn

Kind of an addiction, to be honest.
Just bring up tinc and everything will work.
https://habr.com/ru/post/468213/
In your case, it's even easier like this:
https://habr.com/ru/company/flant/blog/338628/

Report
X
xmoonlight, 2019-12-10
@xmoonlight

Read
Symmetric NAT here.Until recently, this was the most common implementation. Its characteristic feature is that in the NAT table, the mapping of the IL address to the IG address is hard-wired to the OG address, that is, to the destination address that was specified in the outgoing packet that initiated this mapping. With the specified implementation of NAT in our example, host 192.168.0.141 will receive translated incoming UDP packets only from host 1.2.3.4 and strictly with source port 53 and destination port 1053 - from no one else. Packets from other hosts, even if the destination address and destination port specified in the packet are present in the NAT table, will be dropped by the router. This is the most paranoid implementation of NAT, providing more security for hosts on a local network, but in some cases making life difficult for system administrators. And users too.
Full Cone NAT.This implementation of NAT is the exact opposite of the previous one. With Full Cone NAT, incoming packets from any external host will be translated and forwarded to the appropriate host on the local network if there is a corresponding entry in the NAT table. Moreover, the source port number in this case also does not matter - it can be 53, 54, or whatever. For example, if some application running on a computer on the local network initiated the receipt of UDP packets from an external host 1.2.3.4 on local port 4444, then UDP packets for this application can also be sent by 1.2.3.5, and 1.2.3.6, and in general by all until the entry in the NAT table is removed for some reason. Once again, in this implementation of NAT, only the transport protocol, destination address and destination port are checked in incoming packets,
Address Restricted Cone NAT (aka Restricted NAT). This implementation is intermediate between the Symmetric and Full Cone NAT implementations - the router will only forward incoming packets from a specific source address (in our case 1.2.3.4), but the source port number can be anything.
Port Restricted Cone NAT (or Port Restricted NAT). Same as Address Restricted Cone NAT, but in this case, the router pays attention to the matching source port number and does not pay attention to the source address. In our example, the router will broadcast incoming packets with any source address, but the source port must be 53, otherwise the packet will be destroyed by the router.

Report
S
Saboteur, 2019-12-10
@saboteur_kiev

Yes, that will work. But you need to understand that if there is a pause in the transmission of packets, then the routers can "forget" about this session, and your A and B will not be able to restore the connection without C.
It is safer to do normal port forwarding on routers.

Similar questions
J
jnkraft2018-11-24 23:45:03
How to make a separate dns response for the host on which the dns server is running? 3Reply
D
Dmitry Bay2016-06-27 09:29:13
What to tell the provider about closed ports? 2Reply
T
Tanzen2014-05-22 11:20:25
How to find a service for broadcasting streaming video to the network for lectures or webinars? 0Reply
S
s2d1ent2022-01-24 19:40:15
How to work with RAM in the network? 2Reply
S
shell_guy2022-01-25 12:19:34
How to determine why a python script/library is loading the network? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question