-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 21 May 2004 18:15, Ian Clarke wrote: > Roger Oksanen wrote: > > Tunneling packets in UDP when both hosts are behind NAT has the > > following problems: > > * Generic NAT tunneling implementations don't work; They require > > that one host is on a routable address. > > Not true in 85% of cases, most NATs will forward UDP packets that > come from a host to which they recently sent a packet, allowing the > establisment of bi-directional UDP between two NATted nodes.
Yes, it will match the "connection" based on the source and destination IP address. Of course, when both computers are behind NAT:s (and I'm talking of NAPT), the source port will be changed when it passes the NAPT gw. Thus when it reaches the other NAPT gw, it's source address is unknown to both A and B, and B:s NAPT gw. The NAPT GW won't let the packet pass to B because it has no way to tell where it should go. Scenario A: Node A:s AP address G1: Node A:s NAPT GW A1: Node A:s NAPT GW IP B: Node B:s IP.. G2: Node B:s NAPT GW A knows B and B1, B knows A and A1 1) A sends UDP packet 1234:B1:1234 (sourcep:destip:destp - source IP is not intreseting here, so I left it out) 2) G1 changes it to 5678:B1:1234 and remembers it. 3) G2 receives 5678:B1:1234 and drops it, it can't possibly know where it was going 4) Now B could send a packet 1234:A1:5678 (because G1 remembers the route) but how would it know the NAPT port (5678). It can't. So it would have to walk through every possible port. => Out of luck And to make things worse, G2 will also change the source port number, so G1 won't accept the new packet even if B would successfully hit the right destination port. > > > - Since NAT changes the source port number. A would have > > to send the initializing UDP packet to every port on B > > (essentially port scan B). > > Not if it has been informed of what port to use through out-of-band > means (ie. via an introduction). Introduction works only when the destination node has a public IP and thus can receive the introduction message, from wich it figures out the random port number that the NAPT gw has invented. - -- Roger Oksanen <[EMAIL PROTECTED]> +358 50 355 1990 CS Student at Helsinki University PGP id 1B125A3E Homepage http://www.cs.helsinki.fi/u/raoksane/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAriTa78OZUBsSWj4RAm+zAJ9ahDR7y+gGd3BfH6jBf0BPiUQZrwCfSLmA T+v5vsy7a0clyXww+Zh3ECw= =Vtu3 -----END PGP SIGNATURE----- _______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
