Flutterby™! : NAT and inbound

Next unread comment / Catchup all unread comments User Account Info | Logout | XML/Pilot/etc versions | Long version (with comments) | Weblog archives | Site Map | | Browse Topics

NAT and inbound

2011-06-13 22:56:29.916054+02 by Dan Lyke 4 comments

Help: Post Skype, I was pretty sure that there now exists a technology that lets a machine behind a NAT firewall allow an inbound connection. Use pattern would be that Machine A publishes its availability to Server S, Machine B gets credential information from Server S and can then initiate a connection from B to A.

Any hints? This is basically what Skype does, and I know I read an article about how they did it at some point, but I'd like to be able to implement something similar.

comments in ascending chronological order (reverse):

#Comment Re: made: 2011-06-14 01:04:53.341206+02 by: spc476 [edit history]

For UDP, both sides just need to send a packet to each other to establish a "connect" through the NAT.

The TCP state machine does allow for a simultaneous open, where both sides send a SYN packet. I think it might be prone to some form of race condition, but it's something I've been wanting to try for some time. Given A, B and S, you have:

A opens connection to S, sends port it will listen on

B opens connection to S, sends port it will listen on

S sends B's public address and port to A

S sends A's public address and port to B

A connects to B/B connects to A

In theory, the simultaneous open should work.

#Comment Re: made: 2011-06-14 01:32:06.605808+02 by: JT [edit history]

Here is a nice explanation.

And your explanation is backwards spc, UDP is connectionless and requires no session information, TCP is reliable with a three-way handshake of SYN, SYN/ACK, and ACK which establishes the sequence and acknowledgement numbers for data verification. Here's the rfc outlining TCP, it's a boring but informative read, page 30 is where they talk about the three-way handshake.

#Comment Re: made: 2011-06-14 02:48:25.190036+02 by: spc476

You're right in that UDP has no session data, but the article you pointed out says as much, and pretty much describes in greater detail what I was getting at.

A normal TCP connection is three way (one side does an active open, the other a passive open). What I'm describing, a simultaneous open, is when both sides do an active open.

#Comment Re: made: 2011-06-16 02:10:37.663619+02 by: Dan Lyke

Okay, I'm now digging through the natblaster code to see if that's the right starting point to clean it up, make it cross-platform, and run a server for.