[Cryptography] peering through NAT

Patrick Chkoreff pc at fexl.com
Thu May 9 16:01:51 EDT 2019


jamesd at echeque.com wrote on 5/9/19 7:45 AM:
> NAT makes it hard to contact a computer behind nat, but Bitcoin core has
> no problems with most nats, even when behind multiple levels of nats.
> 
> It does something to tell the nat to direct incoming messages on port
> 8333 to it, without the end user usually needing to manually set up port
> forwarding.
> 
> What is the protocol to tell a nat to forward incoming messages?

I've often wondered about that.  A few years ago a networking expert
showed me a technique where the client program running on your own
computer sends OUT a packet which lingers on the outside of your network
interface, awaiting a response.  A remote server can reply to it, and
your client program sees the response.  It's kind of a dummy packet too,
with no actual content.  At that point I suppose your client program
sees the remote IP and can initiate a direct connection to it.

With this technique, your grandpa doesn't have to configure iptables.

I don't know the specifics, and it has been a while since I looked at it.


> 
> What happens if there are two machines both running bitcoin core behind
> the nat?


-- Patrick


More information about the cryptography mailing list