Sign in to follow this  
ClementVidal

TCP port forwarding (Is TCP Magic ?)

Recommended Posts

ClementVidal    100
Hello,

Can you help me to demystify a particular point regarding TCP/IP:

Here is the situation:
We have written a client/server application that is running over a LAN and we are now trying to make it work over a WAN (internet).
To do that, we use the "simple" way, ( without TCP punch through or any fancy stuff ):
Port forwarding.

Let's say Client C is trying to establish a TCP connection with Server S on port 4444, and both C and S are behind two differents NAT (NAT_C and NAT_S )
At first we thought that it will be necessary to write port forwarding rules (for port 4444) for both NAT_C and NAT_S.
Because of a technical problem we were not able to setup the port forwarding rule for NAT_C. (But port forwarding for NAT_S was ok )

Despite this, we decided to run a test.
And we achieve to establish a valid TCP connection: Data were succesfully transmitted from C to S AND from S to C.
The point is that there was NO port forwarding on NAT_C .
Here are my questions:

How does the TCP/IP connection was correctly established between the two peers ?
How data can flow from S to C WITHOUT port forwarding on the NAT_C ?

From what we understood, it seams that port forwarding is only necessary on the server side. WHY ?

Thanks for your help

Share this post


Link to post
Share on other sites
rip-off    10979
[quote]
From what we understood, it seams that port forwarding is only necessary on the server side
[/quote]
Yes.

[quote]
WHY ?
[/quote]
NAT generally allows arbitrary outbound connections. The NAT remembers the "mapping" from the client to the server, which allows packets sent in response to an outbound connection to be correctly routed to the original client.

This is how NAT was designed to work. If you had to port forward the client - it would be a configuration and usability nightmare. Remember your web browser is a client, and is (probably) behind a NAT.

Share this post


Link to post
Share on other sites
ClementVidal    100
Okay,

I thaught that NAT devices where recording outbound connexion mapping only in the case of an UDP connection (from what i read in an article concerning UDP hole punch through).
How does the NAT device know when a particular mapping is "out of date" ? Does it inspect TCP packet to know when the connexion is closed and so, to remove the corresponding mapping in it's internal table ?

Share this post


Link to post
Share on other sites
smasherprog    568
The router keeps a time stamp of the last time a packet was sent on a particular port. If no packets have been sent after a specific amount of time, the automatic port forwarding to that port expires.This is also router dependent, but usually small (i believe less than a minute normally)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this