How do I make a TCP server work behind a router (NAT) without any redirection configuration needed

Question

The scenario is the following. I have two machines A and B: A: Client (behind NAT) B: Server (behind NAT)

I want B to be able to listen on any given port, so that A can send packets to B through that specific TCP port and receive any response. If both machines are not behind a NAT it is pretty straight foward process. However how do I make it work so that it works even when B is behind a router, without him having to go change the router configuration enable some port forwarding etc...

For example, how do peer-to-peer programs like torrent clients work without the user having anything to configure?

I assume this question is how to write the server to work behind NAT, rather than how to configure it. — Douglas Leeder, Oct 02 '09 at 20:20

score 8 · Answer 1 · answered Oct 02 '09 at 20:19

8

To answer the example of Peer to Peer programs, and in general: There is a technology called Universal Plug and Play which NAT routers can use to allow clients behind them to expose ports to the outside. That's what bittorrent clients can use so the other clients can directly connect to them.

answered Oct 02 '09 at 20:19

Douglas Leeder

52,368
9
94
137

but isn't UPnP just a way to automate the port forwarding automation? – Roman Plášil Oct 02 '09 at 20:27
1

The key is *automation* - I assume the 'him' in the question is the user. Avoiding manually having to setup the port-forwarding is both the beauty and the danger of UPnP. – Douglas Leeder Oct 02 '09 at 22:30

score 1 · Answer 2 · answered Oct 02 '09 at 20:15

1

You will have to either:

Set up port forwarding from the nat gateway in front the server into the machine your server software is running, and have the client connect to the IP address of that gateway.
Create a proxy server sitting inbetween the 2 nat gatewys so both your server and client can connect to that. Both your server and client have to set up a connection to that proxy which will mediate the data between those 2 connections.

answered Oct 02 '09 at 20:15

nos

223,662
58
417
506

Hi, I have envisaged that solution, the only problem with this solution is that the load will considerable on the proxy, this costly. – Chetane Oct 03 '09 at 00:15

score 1 · Accepted Answer · answered Oct 02 '09 at 20:25

1

An alternative to a proxy server is a match-making server. Instead of proxying all of the traffic, the match maker just negotiates until the peers can talk to each other. This involves finding the external public IPs of the peers and talking to each one so that the firewall/router knows that the peers wish to communicate.

This is called hole punching and it often has to be done by the match maker rather than the peers themselves. Once the hole are punched though, the match maker can tell the peers about each other and they can communicate directly.

answered Oct 02 '09 at 20:25

sean riley

2,633
1
22
22

1

AFAIK hole punching like this only works for UDP - and only if the UDP port mapping is consistent on the router. – Douglas Leeder Oct 02 '09 at 22:31
I read about hole punching, would TCP hole punching work as well? It might however be not so easy to implement but I'll give it a try as this seems to be what I am looking for. Thanks. – Chetane Oct 03 '09 at 00:16
you can have a Look on STUNT. But I would Not recommend TCP hole punching as it will Not work reliably – tobias Jul 28 '13 at 00:50

score 1 · Answer 4 · answered Nov 25 '15 at 04:45

1

Hole punching is moderately well-understood for UDP communication, but it can be reliably used to set up peer-to-peer TCP streams as well. Here is the well detailed article on both TCP and UDP:

http://www.brynosaurus.com/pub/net/p2pnat/

answered Nov 25 '15 at 04:45

Humoyun Ahmad

2,875
4
28
46

How do I make a TCP server work behind a router (NAT) without any redirection configuration needed

4 Answers4

Linked