Overview of NAT traversal tecniques

1. P2P and NAT How to traverse NAT Davide Carboni © 2005-2006

2. License Attribution-ShareAlike 2.5 You are free: to copy, distribute, display, and perform the work to make derivative works to make commercial use of the work Under the following conditions: Attribution . You must give the original author credit. Share Alike . If you alter, transform, or build upon this work, you may distribute the resulting work only under a licence identical to this one. For any reuse or distribution, you must make clear to others the licence terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. This is a human-readable summary of the Legal Code (the full licence ) . Disclaimer

5. Firewall Rules router (Global IP addresses)

8. Simple NAT NAT (Private IP addresses) (Public IP addresses) Main Internet (Public IP addresses)

9. Multiple NAT ISP NAT (Private IP addresses) (Public IP addresses) Main Internet ISP network Home NAT Home network 10.0.0.12 192.168.2.12 192.168.2.99 156.148.70.32

10. NAT Mappings (192.168.2.2) (1.1.1.4) (1.1.1.5) 192.168.2.2:4445 <-> 1.1.1.5:10100 S=192.168.2.2:4445 D=1.1.1.4:7777 datagram S=1.1.1.5:10100 D=1.1.1.4:7777 datagram A

11. Traversing a NAT that does not collaborate

12. Relaying NAT Main Internet Local network NAT Local network 10.0.0.12 192.168.2.99 Relay S host A host B 1 2

13. Connection reversal NAT Main Internet Local network 1.1.1.4 192.168.2.99 rendezvous S host A host B 1 2 3

18. Full cone Host A Host C Full cone Host B (192.168.2.2) (1.1.1.4) (192.168.2.1) (1.1.1.5) (1.1.1.6) Packet(S=192.168.2.2:4445, D=1.1.1.5:7777) Packet(S=1.1.1.4:10100, D=1.1.1.5:7777) Packet(S=1.1.1.5:4321, D=1.1.1.4:10100) Packet(S=1.1.1.5:4321, D=192.168.2.2:4445) Packet(S=1.1.1.6:1234, D=1.1.1.4:10100) Packet(S=1.1.1.6:1234, D=192.168.2.2:4445)

20. Holes in Full Cone NAT rendezvous host A host B 1 2 3 4 5

21. Restricted cone Host A Host C Restricted cone Host B (192.168.2.2) (1.1.1.4) (192.168.2.1) (1.1.1.5) (1.1.1.6) Packet(S=192.168.2.2:4445, D=1.1.1.5:7777) Packet(S=1.1.1.4:10100, D=1.1.1.5:7777) Packet(S=1.1.1.5:4321, D=1.1.1.4:10100) Packet(S=1.1.1.5:4321, D=192.168.2.2:4445) Packet(S=1.1.1.6:1234, D=1.1.1.4:10100) X Packet(S=192.168.2.2:4445, D=1.1.1.6:7777) Packet(S=1.1.1.4:10100, D=1.1.1.6:7777) Packet(S=1.1.1.6:4321, D=1.1.1.4:10100) Packet(S=1.1.1.6:4321, D=192.168.2.2:4445)

23. Holes in Restricted Cone NAT rendezvous host A host B 1 2 3 5 4 6

24. Port restricted cone Host A Host C Port - restr cone Host B (192.168.2.2) (1.1.1.4) (192.168.2.1) (1.1.1.5) (1.1.1.6) Packet(S=192.168.2.2:4445, D=1.1.1.5:7777) Packet(S=1.1.1.4:10100, D=1.1.1.5:7777) Packet(S=1.1.1.5:4321, D=1.1.1.4:10100) Packet(S=1.1.1.5:7777, D=192.168.2.2:4445) X Packet(S=1.1.1.5:7777, D=1.1.1.4:10100)

26. Holes in Port restricted Cone NAT rendezvous host A host B 1 2 3 5 4 6

27. Symmetric NAT Host A Host C symmetric Host B (192.168.2.2) (1.1.1.4) (192.168.2.1) (1.1.1.5) (1.1.1.6) Packet(S=192.168.2.2:4445, D=1.1.1.5:7777) Packet(S=1.1.1.4:10100, D=1.1.1.5:7777) Packet(S=1.1.1.5:7777, D=192.168.2.2:4445) Packet(S=1.1.1.5:7777, D=1.1.1.4:10100) Packet(S=192.168.2.2:4445, D=1.1.1.6:7777) Packet(S=1.1.1.4:10179, D=1.1.1.6:7777) Packet(S=1.1.1.6:7777, D=192.168.2.2:4445) Packet(S=1.1.1.6:7777, D=1.1.1.4:10179) Packet(S=1.1.1.6:7777, D=1.1.1.4:10100) X

29. Holes in Symmetric

34. TCP Hole punching NAT Main Internet Local network NAT Local network 10.0.0.12 192.168.2.99 rendezvous S host A host B 1.1.1.4 1.1.1.5 1.1.1.6

35. TCP Hole punching NAT Main Internet Local network NAT Local network rendezvous S host A host B 1.1.1.4:1234 1.1.1.5:4444 1.1.1.6

37. Traversing a NAT that collaborates

39. SOCKS CONNECT NAT Socks proxy host A server S 1. CONNECT 2. connect()

40. SOCKS BIND NAT Socks proxy host A listening on 4445 server S 1. BIND (localport=4445, S) 3. connect(33102) 2. Ok. Port=33102

45. UPnP Port Forward

49. License Attribution-ShareAlike 2.5 You are free: to copy, distribute, display, and perform the work to make derivative works to make commercial use of the work Under the following conditions: Attribution . You must give the original author credit. Share Alike . If you alter, transform, or build upon this work, you may distribute the resulting work only under a licence identical to this one. For any reuse or distribution, you must make clear to others the licence terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. This is a human-readable summary of the Legal Code (the full licence ) . Disclaimer