|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Dual NAT Traversal (was: Procuring Portable Penguin Power while pinching pennies?)
|
On 16:24 Mon 17 Dec , Matthew Rosewarne wrote:
> > i've also been told that one can use netcat to tunnel ssh traffic past a
> > NAT router without forwarding ports (to "repeat" traffic), but this is
> > something i'm still studying and looking into.
>
> I've not heard of that trick... It would need to be initiated from her end
> though.
One implementation of this protocol is known as STUN, and is already in
use by programs such as Pidgin, Skype, and some P2P programs, if I am not
mistaken. It's pretty clever how it gets packets through NAT on either side
of the connection.
http://linide.sourceforge.net/nat-traverse/
1. Firstly, nat-traverse on host left sends garbage UDP packets to the NAT gateway of right. These packets are, of course, discarded by the firewall.
2. Then right's nat-traverse sends garbage UDP packets to the NAT gateway of left. These packets are not discarded, as left's NAT gateway thinks these packets are replies to the packets sent in step 1!
3. left's nat-traverse continues to send garbage packets to right's NAT gateway. These packets are now not dropped either, as the NAT gateway thinks the packets are replies to the packets sent in step 2.
4. Finally, both hosts send an acknowledgement packet to signal readiness. When these packets are received, the connection is established and nat-traverse can either relay STDIN to the socket or execute a program.
-Claude
http://en.wikipedia.org/wiki/STUN
http://www.ietf.org/rfc/rfc3489.txt
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|