[Cryptography] peering through NAT

Peyman Razaghi peymanr at gmail.com
Thu May 9 22:08:59 EDT 2019 

Look up ICE protocol, and STUN/TURN servers.

NATs behave differently. The simplest/common version works on port mapping.

Say A is inside and wants to establish a session to B outside. NAT router
uses two ports x and y, x for talking to A on local network and y to talk
to B on internet IP. Normally, NAT will forward any packet received on y on
global ip to port x on local ip.

So if you know y and NAT ip, you can talk to A from the outside world.  The
problem is some NAT firewalls insist that the ip of a connection asking for
port y must respond to a request initiated first from NAT itself.

ICE and STUN/TURN servers try a series of NAT piercing tricks/hacks to pass
through the NAT router. It often works, with a last resort option of having
a relay server sitting in between peers.

I dont know how Bitcoin Core works exactly however.

On Thu, May 9, 2019 at 6:54 PM Patrick Chkoreff <pc at fexl.com> wrote:

> jamesd at echeque.com wrote on 5/9/19 7:45 AM:
> > NAT makes it hard to contact a computer behind nat, but Bitcoin core has
> > no problems with most nats, even when behind multiple levels of nats.
> >
> > It does something to tell the nat to direct incoming messages on port
> > 8333 to it, without the end user usually needing to manually set up port
> > forwarding.
> >
> > What is the protocol to tell a nat to forward incoming messages?
>
> I've often wondered about that.  A few years ago a networking expert
> showed me a technique where the client program running on your own
> computer sends OUT a packet which lingers on the outside of your network
> interface, awaiting a response.  A remote server can reply to it, and
> your client program sees the response.  It's kind of a dummy packet too,
> with no actual content.  At that point I suppose your client program
> sees the remote IP and can initiate a direct connection to it.
>
> With this technique, your grandpa doesn't have to configure iptables.
>
> I don't know the specifics, and it has been a while since I looked at it.
>
>
> >
> > What happens if there are two machines both running bitcoin core behind
> > the nat?
>
>
> -- Patrick
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190509/acdbe587/attachment.html>

More information about the cryptography mailing list