Get best of the week

Using NAT Traversal to Connect Users Passively

This article is a free translation of one of the DC ++ Developer Blog Entries .

With the permission of the author (and also for the sake of clarity and interest, for the sake of sake) I flourished it with links and supplemented it with some personal research.

Introduction

Currently, at least one user from the pair of connecting must be in active mode. The NAT โ€œbypass" mechanism will be useful if the active mode is not configured on either side. This usually happens because the incoming firewall or NAT device blocks incoming connections.

If both clients in active mode, the Initiating Client sends the $ ConnectToMe

command containing its own IP address and port to another client. Using this data, the client receiving the command establishes a connection with the initiator. If one of the clients is in passive mode By means of the hub, passive client A sends the $ RevConnectToMe command to active client B



which then responds with the $ ConnectToMe command.


As the server S in the case of the above acts DC hub

If both clients in a passive mode, the ADC hub

located behind different NAT clients A and B joined to the hub S .


So the connection to the hub looks from the client A side. The

hub accepts connections on port 1511. Client A makes outgoing connections from its private network through port 50758. The hub, in turn, sees the address of the NAT device, works with it and broadcasts the clients according to their identifiers.

Client A sends to server Sa message asking for help to connect with the client Bed and . Being also in passive mode, client B , having received this command, must inform its private port used to connect to the hub via NAT. After receiving this information, client A immediately tries to establish a connection with client B and reports its own private port.

Hub: [Outgoing][178.79.159.147:1511] DRCM AAAA BBBB ADCS/0.10 1649612991



Hub: [Incoming][178.79.159.147:1511] DNAT BBBB AAAA ADCS/0.10 59566 1649612991



Hub: [Outgoing][178.79.159.147:1511] DRNT AAAA BBBB ADCS/0.10 50758 1649612991

What is the interest? The interest is in shifting the endpoint of the same connection by creating a new connection to a public address through the already used private port.


Bingo!

Of course, at the same time, the NAT of client B has the full right to reject the first connection request from client A , but its own request already rushes into the โ€œholeโ€ created by this connection, and the connection is established.


Illustration suitable for the whole process with the caveat that the protocol does not use public ports opened by the NAT - S session , as well as private addresses.

Epilogue

At the time of writing the (original) article, approximately half of DC clients are passive. This means that a quarter of all possible connections cannot be made.

In the future, DC ++ will be able to "bypass" NATusing existing A โ€“ S and B โ€“ S connections to establish a direct client โ€“ โ€‹โ€‹client connection, even if A and B are in passive mode.

More articles:


All Articles