Connect through a firewall without forwarding ports - ACE
Author
Is there any way to connect to someone behind a firewall without manually forwarding packets on the known port?
I'm using ACE if it matters any.
[edited by - Vulcan on April 10, 2004 1:13:19 AM]
Using UDP and an introducer (matchmaker) you can make this work, assuming the other end wants to be connected to. Google for "UDP introducer NAT" perhaps?
Freakin'' good article from Intel, read it as it helped me.
http://www.intel.com/cd/ids/developer/asmo-na/eng/79524.htm
http://www.intel.com/cd/ids/developer/asmo-na/eng/79524.htm
Something that article at Intel doesn''t point out about NAT is that some NATs timeout the port based on idle timeout, or even an arbitrary timeout. There are a couple of scenarios where packets are dropped, particularly with UDP. One such scenario follows:
The NAT port is timed out at some arbitrary time interval (or even if it''s an idle timeout). This results in incoming packets being dropped until the next outgoing packet is sent which opens up another (possibly arbitrary!) port in the NAT. At this point your virtual connection is broken, with no route to host - you''ll see ICMP errors if you are checking for them in your recv code.
The NAT port is timed out at some arbitrary time interval (or even if it''s an idle timeout). This results in incoming packets being dropped until the next outgoing packet is sent which opens up another (possibly arbitrary!) port in the NAT. At this point your virtual connection is broken, with no route to host - you''ll see ICMP errors if you are checking for them in your recv code.
Thx for the article thats pretty nice... explained nice and simple (maybe even too simple 
). I wasn''t aware of how NAT tables work, now i do :D
It doesn''t really explain at the end how the two computers are then instructed to connect directly to each other... i doubt that you want all the game data to pass through the master server. But i think i can see how it works.
). I wasn''t aware of how NAT tables work, now i do :DIt doesn''t really explain at the end how the two computers are then instructed to connect directly to each other... i doubt that you want all the game data to pass through the master server. But i think i can see how it works.
You likely want a heartbeat between each directly connected peer every few seconds.
Note that a name server may take several seconds to answer a name lookup (named runs as UDP on port 53, typically), so the time-out on those firewalls will be at least bigger than that.
If you didn''t google, then you probably missed this link, btw. (it has links to other references, too)
Note that a name server may take several seconds to answer a name lookup (named runs as UDP on port 53, typically), so the time-out on those firewalls will be at least bigger than that.
If you didn''t google, then you probably missed this link, btw. (it has links to other references, too)
So this is a lil confusing to me: If anyone behind a NAT has ever used AIM to try to send someone a file, it OFTEN fails, especially if it is being sent to someone that is also behind a NAT. Now does AIM often fail because the developers of it happened to miss these articles or are there just situations that exist where a peer-to-peer connection simply isn't possible?
[edited by - tieTYT on April 15, 2004 2:23:06 AM]
[edited by - tieTYT on April 15, 2004 2:23:06 AM]
I just read this an i think i found a biiig mistake in it.
This is the slide: http://www.intel.com/cd/ids/developer/asmo-na/eng/79524.htm?page=5
It says that the NAT table for bob has bob''s private ip address but joe''s public ip address. And it says that joe''s NAT table has joe''s private ip address but bob''s public ip address. Shouldn''t the public ip address of the NAT table be the same as the public ip address of the router?
This is the slide: http://www.intel.com/cd/ids/developer/asmo-na/eng/79524.htm?page=5
It says that the NAT table for bob has bob''s private ip address but joe''s public ip address. And it says that joe''s NAT table has joe''s private ip address but bob''s public ip address. Shouldn''t the public ip address of the NAT table be the same as the public ip address of the router?
No, why should the address of the router show up in the router's NAT table?
edit: let me expand that some. The NAT table works by taking the source address of the incoming packet and mucking with the destination according to the entries in the table. There should be no need for the router to store its own public address in the table, because it already knows the address of the relevant interface.
[edited by - SiCrane on April 15, 2004 6:28:49 PM]
edit: let me expand that some. The NAT table works by taking the source address of the incoming packet and mucking with the destination according to the entries in the table. There should be no need for the router to store its own public address in the table, because it already knows the address of the relevant interface.
[edited by - SiCrane on April 15, 2004 6:28:49 PM]
quote:Original post by SiCrane
No, why should the address of the router show up in the router''s NAT table?
edit: let me expand that some. The NAT table works by taking the source address of the incoming packet and mucking with the destination according to the entries in the table. There should be no need for the router to store its own public address in the table, because it already knows the address of the relevant interface.
[edited by - SiCrane on April 15, 2004 6:28:49 PM]
Ok, that makes sense to me, but right on the page before that
http://www.intel.com/cd/ids/developer/asmo-na/eng/79524.htm?page=4
it says joe gets a packet and it shows Joe''s router''s NAT table and that NAT table has joe''s router in it. So does this mean that Page 4 is the one that''s wrong?
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
