Nat Traversal

  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Nat Traversal as PDF for free.

More details

  • Words: 403
  • Pages: 14
IEG3090 - Tutorial 10 NAT Traversal Fong Chi Hang, Bosco

Overview • Types of NATs & Firewalls • STUN • NAT Traversal using STUN

Network Address Translation (NAT) • The process of modifying network address information in datagram packet header • Remapping a given address space into another

Full cone NAT discovery

Restricted cone NAT discovery

Port-restricted cone NAT discovery

Symmetric NAT discovery

Firewalls Stun client request

Stun server

Firewall response

Node with private address X

Application at address Y port P

Some firewall may block all UDP Some firewall may allow UDP response if sent from Y/P where an earlier UDP request was sent to (“symmetric firewall”)

STUN (Simple Traversal of UDP datagram protocol through NATs) • A protocol used by end hosts to determine whether it is behind firewall/NAT boxes, and to identify the type of it • Communicate with a public STUN server • Key point  alternating the response IP address and port number

STUN Request and Response The STUN response from the server may include:  MAPPED-ADDRESS

- contains the IP address and port of client.  CHANGED-ADDRESS - contains the alternate IP address and port of the server.  SOURCE-ADDRESS - contains the IP address and port of server.

The STUN request can contain a flag to request the STUN server to use alternative address and port to send STUN response  CHANGE-REQUEST

and port of server.

- contains flags for the alternate IP address

Flow chart for NAT discovering process

NAT Traversal using NAT • Alice (with private address) wants to call Bob • Bob is also behind NAT box (with private address) • Alice talks to public (STUN) server, so server knows Alice’s external address/port • Bob also talks to public server, so server knows about Bob too • Public server tells Alice about Bob, and Bob about Alice • Bob sends packet to Alice (creating a “hole” in his NAT) 1

server 3

Alice

2 4 Bob

NAT Traversal using NAT • Now when Alice sends a packet back to Bob, Bob’s NAT does not filter it, assuming it is return packet from earlier request • Alice’s NAT also allows Bob’s future packets to return • This assumes Alice’s NAT will use the same external address/port (for server) to talk to Bob. • This does not work if NATs are Symmetric NATs

1

server 3

Alice

2 4 Bob

Thank you very much !

Related Documents

Nat Traversal
May 2020 1
Tree Traversal
November 2019 5
Tree Traversal
July 2020 4
Nat
May 2020 28
Nat
November 2019 50
Nat
November 2019 39