Getting around NATs

[cbranje]

Lets say I have two clients behind NAT(router) that know each others
routers global address.

I'm woundering if I set up a tcplistener (or maybe UDP scoket( on both
clients, and a tcpclient on both clients could I tunnel through to each
using the following:

1. Client A starts listening and attemps to connect to Client B's
global IP which will discarded by the firewall of B.
1. Client B also attemps to connect to A, and am I correct in assuming
that the router of client A will think the client Bs attempts to
connect is the response from the original connection attempt from A and
map the ports accordingly? Or is this a hopeless failure.

Thanks for your ideas
Carmen

 

[carion1]

Configure both routers to allow the traffic.

 

[cbranje]

Why would you waste bandwidth with such a pointless reply. Obviously if
this was an option I would do that.

Try explaining to clients what a router is, then try and explain to
them what ports are, and then port forwarding, and then have them
troubleshoot their shitty router. . . . and on and on.

Please save your words for useful responses.

Carmen

 

[Reginald Blue]

Lets say I have two clients behind NAT(router) that know each others
routers global address.

I'm woundering if I set up a tcplistener (or maybe UDP scoket( on both
clients, and a tcpclient on both clients could I tunnel through to
each using the following:

1. Client A starts listening and attemps to connect to Client B's
global IP which will discarded by the firewall of B.
1. Client B also attemps to connect to A, and am I correct in assuming
that the router of client A will think the client Bs attempts to
connect is the response from the original connection attempt from A
and map the ports accordingly? Or is this a hopeless failure.

Yeah, no. There's no way, in software, to resolve this issue.

Either you need a third server which is not behind a NAT(router) to hook the
two connections together (e.g. most IM protocols go through a third server)

Or you need to change the routing rules in the router to direct a specified
port (called port forwarding) to a specified machine behind the firewall (or
make a machine the DMZ machine, but I wouldn't do that). I've managed to
get the port fowarding to work with my firewall, and it was not hard to do.

HTH

--
Reginald Blue
"I have always wished that my computer would be as easy to use as my
telephone. My wish has come true. I no longer know how to use my
telephone."
- Bjarne Stroustrup (originator of C++) [quoted at the 2003
International Conference on Intelligent User Interfaces]

 

[carion1]

LOL. Ok.

 

[Chris Priede]

Hi,

1. Client B also attemps to connect to A, and am I correct in assuming
that the router of client A will think the client Bs attempts to
connect is the response from the original connection attempt from A
and map the ports accordingly?

No, you are not correct in that assumption. There is a difference between
packets related to an established connection and a new connection handshake,
which even the most primitive NAT router will be able to tell.

Or is this a hopeless failure.

The scenario you suggest is, but there are options.

Most SOHO routers these days are UPnP (Universal Plug and Play) aware. The
whole point of UPnP is for applications to be able to programatically
discover things like routers and instruct them to forward the required
ports. I don't have any practical experience to offer in that area, but it
is definitely something you should research.

Another option may be to provide a server, to which both clients can then
make an outbound connection. Some instant messaging programs use that as a
last resort for file transfers.