[Cryptography] peering through NAT

John Levine johnl at iecc.com
Fri May 10 12:22:09 EDT 2019

In article <27bf80fc-92e2-d333-2da8-41efeabaa986 at fexl.com> you write:
>jamesd at echeque.com wrote on 5/9/19 7:45 AM:
>> What is the protocol to tell a nat to forward incoming messages?
>I've often wondered about that.  A few years ago a networking expert
>showed me a technique where the client program running on your own
>computer sends OUT a packet which lingers on the outside of your network
>interface, awaiting a response.  A remote server can reply to it, and
>your client program sees the response. ...

That just sounds like the way a NAT works.  Whenever a device behind a
NAT sends a packet to a remote system, the NAT remembers who sent the
packet and where it went by IP address and to/from port numbers, so
when the remote system replies, the NAT can direct the reply to the
right place.

The question here is about arranging to receive traffic where the remote
system is the first one to send anything.  For that you need port forwards,
either set up by UPnP or manually.

I'm trying to see if there is any crypto relevance to NAT but as far
as I can tell there isn't.  I suppose on a particularly lame NAT one
might be able to predict remapped port numbers but I don't recall that
ever being a problem.

More information about the cryptography mailing list