udp tunneling works but doesn't
udp tunneling works but doesn't
- Subject: udp tunneling works but doesn't
- From: Zack Morris <email@hidden>
- Date: Tue, 01 Nov 2005 22:16:27 -0800
Pardon me if you get this twice. I got a mac.com error about trying to send mail from a blacklisted ip address, so am sending through webmail instead of Mail.app.
---------
Hi all, I am having the wierdest problem with udp. I am able to send outgoing packets which contain the internal port of my computer behind NAT to a server like so:
my computer:
internal ip:port = 192.168.0.5:10000 --\
external ip:port = 1.2.3.4:12345 --->--- These are the same open udp port, but external is as seen outside NAT
webserver somewhere out on the web:
4.3.2.1:54321
So I send a message as FROM -> TO CONTENTS:
192.168.0.5:10000 -> 4.3.2.1:54321 10000
The server gets this:
1.2.3.4:12345 -> .3.2.1:54321 10000
And the server replies with:
4.3.2.1:54321 -> 1.2.3.4:10000 Hi you are at 1.2.3.4 with external IP 12345 and internal IP 10000
Notice that the server replies to my external IP but internal port, this is where the tunneling takes place. This all works beautifully, and I am able to talk back and forth to the server even though I am on DSL with NAT. Now once I have my external IP and port, I try to send a packet to myself like so:
192.168.0.5:10000 -> 4.3.2.1:54321 Hello
And I never get the packet! What gives? I am also unable to send from another computer, behind the NAT, to my computer's outside address. This seems incredibly stupid to block these packets, but it's the only conclusion I can come up with. I have run tcpdump and can verify that the packets are sent out by my computer but never come back.
FYI, my NAT tends to always map the internal and external ports to different numbers. I am going to try sending to my external IP but my internal port in the same manner as the web server, but am not optimistic that it will work. I tried tunneling at my friend's house and his NAT maps the internal and external ports to be the same if the port is available, and it still doesn't work. This means that I can't try using my external IP but internal port at his house, because the internal is the same as the external. That leads me to believe that something else is going on, because the NAT should let any packet come back in on a port that sent an outgoing port to the address, otherwise UDP could never work with NAT, and lots of programs use it. One more thing - I still need to try sending from my house to his house to see if the packet can get through, much like the webserver. If that works, I have proof that the NAT is blocking its own packet.
Perhaps this is a pathetic attempt at security by the net architects, perhaps the NAT wants people to always send to the local IPs and ports if the packets originate from inside the NAT, I just dunno. I can't believe that it would be something that sinister, but the web never ceases to amaze me :-P Has anyone else seen this issue? If not, do you know of a generic networking newsgroup that I could ask? Thanx,
------------------------------------------------------------------------
Zack Morris Z Sculpt Entertainment This Space
email@hidden http://www.zsculpt.com For Rent
------------------------------------------------------------------------
If the doors of perception were cleansed, everything would appear to man
as it is, infinite. -William Blake, The Marriage of Heaven and Hell
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden