[dcc2] stun

peter green plugwash at p10link.net
Mon Apr 26 19:35:39 EDT 2004 

i mentioned this in a message to the enquires address and was advised to
post to the list

it is possible to move data nat-nat through most nats by useing a method
know of as stun documented in http://www.faqs.org/rfcs/rfc3489.html

there are 4 types of nat
full cone
restricted cone
restricted port cone
symetric

this method cannot be used on symetric nats but thankfully they are rare at
least in home use

i will consider this from a restricted port cone point of view but the same
method will work with full cone and restricted cone as theese are both less
strict in all ways

an example network (fixed pitch font required)


user1:10.0.0.2--10.0.0.1:nat:1.2.3.4
                                |
  stun server:9.10.11.12--public internet--irc network
                             |
                          5.6.7.8:nat:192.168.0.1--192.168.0.2:user2

the irc network can be used for colaboration during conenction setup

user1 binds a random port locally say 1025
user1 sends a packet from this port to the stun server
the nat changes the soruce ip and port of the packet to say 1.2.3.4:1026
the stun server tells user1 his extenal ip and port are 1.2.3.4:1026

user1 binds a random port locally say 1026
user1 sends a packet from this port to the stun server
the nat changes the soruce ip and port of the packet to say 5.6.7.8:1027
the stun server tells user1 his extenal ip and port are 5.6.7.8:1027

however the nat will only return packets to the lan from an ip and port pair
if  it has sent a packet to that ip/port pair

therefore *both* clients must now send out a packet useing the port they
bound to the other one

at least one of theese packets should get through this then gives you an
open UDP conversation on which to transfer data

this is a killer feature for working behind nats which are reaching the
point of being standard for anyone with an adsl line and multiple pc's

also putting a windows box on the net without protection is considered
suicidal nowadays

however i do acknolage that reliable doing file transfer and chat over UDP
is non-trivial





---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.659 / Virus Database: 423 - Release Date: 15/04/2004

More information about the dcc2 mailing list