2

I'm using netcat as a backend to shovel data back and forth for a program I'm making. I tested my program on the local network, and once it worked I thought it would be a matter of simply forwarding a port from my router to have my program work over the internet. Alas! This seems not to be the case.

If I start netcat listening on port 6666 with:

nc -vv -l -p 6666,

then go to 127.0.0.1:6666 in a browser, as expected I see a HTTP GET request come through netcat (and my browser sits waiting in vain). If I go to my.external.ip.address:6666, however, nothing comes through at all and the browser displays 'could not connect to my.external.ip.address:6666'.

I know that the port is correctly forwarded, as www.canyouseeme.org says port 6666 is open (and when netcat is not listening, that its closed).

If I run netcat with -g my.adslmodem's.local.address to set the gateway address, I get the same behavior. Am I using this command line option correctly? Any insight as to what I'm doing wrong?

2 Answers2

0

Turns out there is no problem. It only appears that way because my router doesn't allow hairpin connections. That is, even though I've got it set up correctly, the router wouldn't make the connection when both source and destination are behind the NAT. Simply ncat -l -p 6666 works fine, so long as the request comes from outside the LAN. To test this I browsed to my.external.ip.address:6666 with my 3G mobile phone and sure enough, a HTTP request came through :)

0

So, if you scan your system from a system outside your network while netcat is listening to 6666, the outside system sees it's got something running. But when you try from inside your network to connect to your external IP address to route it back in, it's giving an error and netcat shows nothing connecting? I'd almost suspect you're having a routing issue trying to go from your local machine to the router and back in, perhaps a NAT issue with your hardware. What device are you using? You might want to check to see if this is the case by trying to connect to that port (or have a friend try it) from outside your network and see if the result is the same.

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • Thanks for your answer. This indeed appears to be the case (see my own answer), and as usual I realized it almost immediately after giving up hope and going to others for help :P. I hate NAT so much. Bring on IPV6. –  Mar 31 '10 at 12:44
  • 1
    I'm sure IPV6 will have unintended consequences as well. NAT is a pain sometimes but it also largely shields your internal network as a pseudo-firewall (good enough for home use, anyway). IPV6 will no doubt carry stories about how people are able to ping your refrigerator from China and bog down your network as the interface on your microwave malfunctions and floods your network while telling your cellphone the burrito is done cooking. – Bart Silverstrim Mar 31 '10 at 13:04