<div><br></div><div dir="auto">Look up ICE protocol, and STUN/TURN servers. </div><div dir="auto"><br></div><div dir="auto">NATs behave differently. The simplest/common version works on port mapping. </div><div dir="auto"><br></div><div dir="auto">Say A is inside and wants to establish a session to B outside. NAT router uses two ports x and y, x for talking to A on local network and y to talk to B on internet IP. Normally, NAT will forward any packet received on y on global ip to port x on local ip. </div><div dir="auto"><br></div><div dir="auto">So if you know y and NAT ip, you can talk to A from the outside world. The problem is some NAT firewalls insist that the ip of a connection asking for port y must respond to a request initiated first from NAT itself. </div><div dir="auto"><br></div><div dir="auto">ICE and STUN/TURN servers try a series of NAT piercing tricks/hacks to pass through the NAT router. It often works, with a last resort option of having a relay server sitting in between peers.</div><div dir="auto"><br></div><div dir="auto">I dont know how Bitcoin Core works exactly however.</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 9, 2019 at 6:54 PM Patrick Chkoreff <<a href="mailto:pc@fexl.com">pc@fexl.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="mailto:jamesd@echeque.com" target="_blank">jamesd@echeque.com</a> wrote on 5/9/19 7:45 AM:<br>
> NAT makes it hard to contact a computer behind nat, but Bitcoin core has<br>
> no problems with most nats, even when behind multiple levels of nats.<br>
> <br>
> It does something to tell the nat to direct incoming messages on port<br>
> 8333 to it, without the end user usually needing to manually set up port<br>
> forwarding.<br>
> <br>
> What is the protocol to tell a nat to forward incoming messages?<br>
<br>
I've often wondered about that. A few years ago a networking expert<br>
showed me a technique where the client program running on your own<br>
computer sends OUT a packet which lingers on the outside of your network<br>
interface, awaiting a response. A remote server can reply to it, and<br>
your client program sees the response. It's kind of a dummy packet too,<br>
with no actual content. At that point I suppose your client program<br>
sees the remote IP and can initiate a direct connection to it.<br>
<br>
With this technique, your grandpa doesn't have to configure iptables.<br>
<br>
I don't know the specifics, and it has been a while since I looked at it.<br>
<br>
<br>
> <br>
> What happens if there are two machines both running bitcoin core behind<br>
> the nat?<br>
<br>
<br>
-- Patrick<br>
_______________________________________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" target="_blank">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" rel="noreferrer" target="_blank">http://www.metzdowd.com/mailman/listinfo/cryptography</a></blockquote></div></div>