Nat Traversal
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Nat Traversal as PDF for free.
More details
- Words: 403
- Pages: 14
IEG3090 - Tutorial 10 NAT Traversal Fong Chi Hang, Bosco
Overview • Types of NATs & Firewalls • STUN • NAT Traversal using STUN
Network Address Translation (NAT) • The process of modifying network address information in datagram packet header • Remapping a given address space into another
Full cone NAT discovery
Restricted cone NAT discovery
Port-restricted cone NAT discovery
Symmetric NAT discovery
Firewalls Stun client request
Stun server
Firewall response
Node with private address X
Application at address Y port P
Some firewall may block all UDP Some firewall may allow UDP response if sent from Y/P where an earlier UDP request was sent to (“symmetric firewall”)
STUN (Simple Traversal of UDP datagram protocol through NATs) • A protocol used by end hosts to determine whether it is behind firewall/NAT boxes, and to identify the type of it • Communicate with a public STUN server • Key point alternating the response IP address and port number
STUN Request and Response The STUN response from the server may include: MAPPED-ADDRESS
- contains the IP address and port of client. CHANGED-ADDRESS - contains the alternate IP address and port of the server. SOURCE-ADDRESS - contains the IP address and port of server.
The STUN request can contain a flag to request the STUN server to use alternative address and port to send STUN response CHANGE-REQUEST
and port of server.
- contains flags for the alternate IP address
Flow chart for NAT discovering process
NAT Traversal using NAT • Alice (with private address) wants to call Bob • Bob is also behind NAT box (with private address) • Alice talks to public (STUN) server, so server knows Alice’s external address/port • Bob also talks to public server, so server knows about Bob too • Public server tells Alice about Bob, and Bob about Alice • Bob sends packet to Alice (creating a “hole” in his NAT) 1
server 3
Alice
2 4 Bob
NAT Traversal using NAT • Now when Alice sends a packet back to Bob, Bob’s NAT does not filter it, assuming it is return packet from earlier request • Alice’s NAT also allows Bob’s future packets to return • This assumes Alice’s NAT will use the same external address/port (for server) to talk to Bob. • This does not work if NATs are Symmetric NATs
1
server 3
Alice
2 4 Bob
Thank you very much !
Overview • Types of NATs & Firewalls • STUN • NAT Traversal using STUN
Network Address Translation (NAT) • The process of modifying network address information in datagram packet header • Remapping a given address space into another
Full cone NAT discovery
Restricted cone NAT discovery
Port-restricted cone NAT discovery
Symmetric NAT discovery
Firewalls Stun client request
Stun server
Firewall response
Node with private address X
Application at address Y port P
Some firewall may block all UDP Some firewall may allow UDP response if sent from Y/P where an earlier UDP request was sent to (“symmetric firewall”)
STUN (Simple Traversal of UDP datagram protocol through NATs) • A protocol used by end hosts to determine whether it is behind firewall/NAT boxes, and to identify the type of it • Communicate with a public STUN server • Key point alternating the response IP address and port number
STUN Request and Response The STUN response from the server may include: MAPPED-ADDRESS
- contains the IP address and port of client. CHANGED-ADDRESS - contains the alternate IP address and port of the server. SOURCE-ADDRESS - contains the IP address and port of server.
The STUN request can contain a flag to request the STUN server to use alternative address and port to send STUN response CHANGE-REQUEST
and port of server.
- contains flags for the alternate IP address
Flow chart for NAT discovering process
NAT Traversal using NAT • Alice (with private address) wants to call Bob • Bob is also behind NAT box (with private address) • Alice talks to public (STUN) server, so server knows Alice’s external address/port • Bob also talks to public server, so server knows about Bob too • Public server tells Alice about Bob, and Bob about Alice • Bob sends packet to Alice (creating a “hole” in his NAT) 1
server 3
Alice
2 4 Bob
NAT Traversal using NAT • Now when Alice sends a packet back to Bob, Bob’s NAT does not filter it, assuming it is return packet from earlier request • Alice’s NAT also allows Bob’s future packets to return • This assumes Alice’s NAT will use the same external address/port (for server) to talk to Bob. • This does not work if NATs are Symmetric NATs
1
server 3
Alice
2 4 Bob
Thank you very much !
Related Documents
Nat Traversal
May 2020 1
Tree Traversal
November 2019 5
Tree Traversal
July 2020 4
Nat
May 2020 28
Nat
November 2019 50