Answer the question
In order to leave comments, you need to log in
Ways to bypass NAT?
If I understand correctly, one-to-many NAT works as follows:
The user's computer sends a request to socket 8.8.8.8:80 from socket 192.168.0.10:10000, the packet arrives at the router, from where it retrieves information about the ip address and port of the sender, selects a free port (let's say 15000), replaces the ip and port of the sender and stores something like the following in the depths of memory:
If a packet arrives on my external interface with such and such an ip and the recipient's port is 15000, forward it to the address 192.168.0.10 of the internal network and change the destination port to 10000.
But it's not entirely clear how ping works, because it is at a level lower than tcp and udp, but oh well.
So, is it possible to connect 2 computers behind NAT like this:
PC1 establishes a connection with the address 8.8.8.8 port 80 on the outgoing socket 192.168.0.10:10000, its router P1, which has the address 45.160.10.1, remembers this and allocates port 5000 to it and sends all packets coming to the socket 45.160.10.1:5000 P1 to PC1 .
At the same time, PC2 establishes a connection with the same server 8.8.8.8 on port 80 from socket 192.168.0.20:10000, its router P2 with ip address 165.123.10.2 allocates port 10000 to it and sends all packets arriving at 165.123.10.2:10000 to PC2.
Further, the server 8.8.8.8 tells PC1 the address of PC2 (165.123.10.2:10000) and PC2 the address of PC1 (45.160.10.1:5000) and they start communicating by sending packets to each other, and not to the server 8.8.8.8
Is this possible or will routers P1 and P2 ignore packets that come not from 8.8.8.8, for communication with which the connection was opened, but from another address?
How is NAT bypass implemented in bittorrent or is it not there and everything is exchanged through clients with "white addresses"?
Answer the question
In order to leave comments, you need to log in
Breaking through NATA is a very complicated and controversial topic. It uses a whole range of different procedures, which is called Interactive Connectivity Establishment .
What you described is the most elementary version of the technique. Which is applicable in 15-20% of cases.
For torrent clients, in fact, this is not as important as, for example, for streaming video or voice. But they also use a lot of things for this task: from UPnP and NAT-PMP to rather complex techniques from the ICE standard . DHT
is also used in torrents , which often has bootstrap nodes with permanent white addresses, then the entire system is initialized through these nodes, and the subsequent search for addresses in it.
In general, if you are interested, you can do research, but the bottom line is that the result will depend on the provider's NATA settings. It will work on your provider, but the neighbor will no longer ... Corporations like Google, for example, are struggling with this. And even then, with a variable result.
If you need to play around, you can use an existing library like PJNATH or libnice . If for a serious project, then it’s better to tear the implementation out of Google’s WebRTC, it will be more stable there.
Think Right:
https://ru.wikipedia.org/wiki/STUN
https://ru.wikipedia.org/wiki/Traversal_Using_Relay_NAT
The only real reliable way to bypass NAT on a carrier network is to use IPv6. Everything else is a collective farm, easily blocks on operator equipment, has a bunch of restrictions and a very narrow range of applications.
What you propose has been implemented in various protocols for a long time, examples were given to you. But this option still does not negate the fact that there must be a 8.8.8.8 server under your control. And if there is such a server, it is much more flexible and practical to install vpn or some kind of proxy on it.
The "bypass" of NAT that you mean is done by sending a connection request to the server from the side that has the white IP.
Doesn't work at all. Only white ips can be pinged, ping to LAN does not make sense since gray ips are not routable on the Internet.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question