[Cryptography] peering through NAT

paulv metzdowd at bikkel.org
Mon May 13 12:51:50 EDT 2019


On Thu, May 09, 2019 at 04:01:51PM -0400, Patrick Chkoreff wrote:
> 
> jamesd at echeque.com wrote on 5/9/19 7:45 AM:
> > NAT makes it hard to contact a computer behind nat, but Bitcoin core has
> > no problems with most nats, even when behind multiple levels of nats.
> > 
> > It does something to tell the nat to direct incoming messages on port
> > 8333 to it, without the end user usually needing to manually set up port
> > forwarding.
> > 
> > What is the protocol to tell a nat to forward incoming messages?
> 
> I've often wondered about that.  A few years ago a networking expert
> showed me a technique where the client program running on your own
> computer sends OUT a packet which lingers on the outside of your network
> interface, awaiting a response.  A remote server can reply to it, and
> your client program sees the response.  It's kind of a dummy packet too,
> with no actual content.  At that point I suppose your client program
> sees the remote IP and can initiate a direct connection to it.
> 
> With this technique, your grandpa doesn't have to configure iptables.
> 
> I don't know the specifics, and it has been a while since I looked at it.
 

https://en.wikipedia.org/wiki/TCP_hole_punching

It was pioneerd by Napster, if I remmember correctly.

=paulv



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20190513/3c1f1253/attachment.sig>


More information about the cryptography mailing list