[Cryptography] peering through NAT
peymanr at gmail.com
Thu May 9 22:08:59 EDT 2019
Look up ICE protocol, and STUN/TURN servers.
NATs behave differently. The simplest/common version works on port mapping.
Say A is inside and wants to establish a session to B outside. NAT router
uses two ports x and y, x for talking to A on local network and y to talk
to B on internet IP. Normally, NAT will forward any packet received on y on
global ip to port x on local ip.
So if you know y and NAT ip, you can talk to A from the outside world. The
problem is some NAT firewalls insist that the ip of a connection asking for
port y must respond to a request initiated first from NAT itself.
ICE and STUN/TURN servers try a series of NAT piercing tricks/hacks to pass
through the NAT router. It often works, with a last resort option of having
a relay server sitting in between peers.
I dont know how Bitcoin Core works exactly however.
On Thu, May 9, 2019 at 6:54 PM Patrick Chkoreff <pc at fexl.com> wrote:
> jamesd at echeque.com wrote on 5/9/19 7:45 AM:
> > NAT makes it hard to contact a computer behind nat, but Bitcoin core has
> > no problems with most nats, even when behind multiple levels of nats.
> > It does something to tell the nat to direct incoming messages on port
> > 8333 to it, without the end user usually needing to manually set up port
> > forwarding.
> > What is the protocol to tell a nat to forward incoming messages?
> I've often wondered about that. A few years ago a networking expert
> showed me a technique where the client program running on your own
> computer sends OUT a packet which lingers on the outside of your network
> interface, awaiting a response. A remote server can reply to it, and
> your client program sees the response. It's kind of a dummy packet too,
> with no actual content. At that point I suppose your client program
> sees the remote IP and can initiate a direct connection to it.
> With this technique, your grandpa doesn't have to configure iptables.
> I don't know the specifics, and it has been a while since I looked at it.
> > What happens if there are two machines both running bitcoin core behind
> > the nat?
> -- Patrick
> The cryptography mailing list
> cryptography at metzdowd.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography