udp tunneling works but doesn't
udp tunneling works but doesn't
- Subject: udp tunneling works but doesn't
- From: email@hidden
- Date: Tue, 1 Nov 2005 23:04:03 -0700
Hi all, I am having the wierdest problem with udp. I am able to send
outgoing packets which contain the internal port of my computer
behind NAT to a server like so:
my computer:
internal ip:port = 192.168.0.5:10000 --\
external ip:port = 1.2.3.4:12345 --->--- These are the same
open udp port, but external is as seen outside NAT
webserver somewhere out on the web:
4.3.2.1:54321
So I send a message as FROM -> TO CONTENTS:
192.168.0.5:10000 -> 4.3.2.1:54321 10000
The server gets this:
1.2.3.4:12345 -> .3.2.1:54321 10000
And the server replies with:
4.3.2.1:54321 -> 1.2.3.4:10000 Hi you are at 1.2.3.4 with external
IP 12345 and internal IP 10000
Notice that the server replies to my external IP but internal port,
this is where the tunneling takes place. This all works beautifully,
and I am able to talk back and forth to the server even though I am
on DSL with NAT. Now once I have my external IP and port, I try to
send a packet to myself like so:
192.168.0.5:10000 -> 4.3.2.1:54321 Hello
And I never get the packet! What gives? I am also unable to send
from another computer, behind the NAT, to my computer's outside
address. This seems incredibly stupid to block these packets, but
it's the only conclusion I can come up with. I have run tcpdump and
can verify that the packets are sent out by my computer but never
come back.
FYI, my NAT tends to always map the internal and external ports to
different numbers. I am going to try sending to my external IP but
my internal port in the same manner as the web server, but am not
optimistic that it will work. I tried tunneling at my friend's house
and his NAT maps the internal and external ports to be the same if
the port is available, and it still doesn't work. This means that I
can't try using my external IP but internal port at his house,
because the internal is the same as the external. That leads me to
believe that something else is going on, because the NAT should let
any packet come back in on a port that sent an outgoing port to the
address, otherwise UDP could never work with NAT, and lots of
programs use it. One more thing - I still need to try sending from
my house to his house to see if the packet can get through, much like
the webserver. If that works, I have proof that the NAT is blocking
its own packet.
Perhaps this is a pathetic attempt at security by the net architects,
perhaps the NAT wants people to always send to the local IPs and
ports if the packets originate from inside the NAT, I just dunno. I
can't believe that it would be something that sinister, but the web
never ceases to amaze me :-P Has anyone else seen this issue? If
not, do you know of a generic networking newsgroup that I could ask?
Thanx,
------------------------------------------------------------------------
Zack Morris Z Sculpt Entertainment This Space
email@hidden http://www.zsculpt.com For Rent
------------------------------------------------------------------------
If the doors of perception were cleansed, everything would appear to man
as it is, infinite. -William Blake, The Marriage of Heaven and Hell
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden