It changes the destination address and port to what is in its mapping table. For inbound packets you have a device that performs destination NAT. It changes the source address and port of the internal device to one of its own. To summarise: the way things usually work is that for outbound packets you have a device that performs source NAT. Once those mappings are in place they can communicate directly. A and D both send outbound packets to trick B and C into adding entries to their mapping tables. Then E has to coordinate setting up the session between A and D. Both A and D have to initiate connections to E. You need to have the assistance of an external server E. If there is no port forwarding then it gets more difficult. Reply packets do exactly the same in the opposite direction. When the packet arrives at C it then adjusts the destination address and port so the packet is forwarded to D. B will change the source address and port to one of its own. Then you let A send a packet to the forwarded port on C. One option is to configure port forwarding in one of the NAT devices. When a NAT device fails the device that takes over doesn't have the same mapping table and all sessions break and have to be re-established. If a router fails another router can take over immediately. It doesn't need to keep track of what happened previously and it doesn't need to adjust the numbers and addresses in the packet. This is also why NAT devices are less than optimal: a normal router is stateless. And then it has to match every packet to an entry in its mapping table and adjust the packet accordingly. The NAT device needs to maintain a mapping between which numbers on the inside correspond to which numbers on the outside. A session is defined by source address, source port number, destination address and destination port number. Both of these protocols use port numbers. Most communication on the internet uses TCP or UDP. Yes, a NAT device needs to keep track of every session going through it. You almost answer the first question yourself. A firewall just filters what can go through, a NAT device changes addresses in packets. If you can point me to some beginners literature, that would be more than enough.įirst: What you describe is NAT, not firewalling. My question 2 is: Is it possible and how can two computers that only have LAN IP's communicate directly, if they are in different LAN's. The only solution using a central server E is this: A connects to E has an id in E's system which is id_Aĭ connects to E has an id in E's system which is id_DĪ sends a message to D indirectly, by sending it to E and saying it is for id_DĮ forwards the message to D, as it knows how to communicate with DĪnd even in this case, I don't quite get how can E send a message to D, if D didn't request it (as my model for PC Server communication depends on the assumption that the PC requests and the Server responds see question 1). However, there is no way A could know the address of D, as D in fact does not have an external IP address. I imagine the following: Request: A -> B -> C It sends a TCP/IP package, but how does the server then know what IP to send the answer to? If this computer wants to access a webpage, it knows the webserver's IP address, or uses DNS to obtain it. If a computer is behind a firewall/router/another device that connects it to the internet the computer doesn't have an external IP address. If two computers have static IP's then they can easily send each other packets over TCP/IP. Apologies for the stupid question, but here it goes: This is something I have wondered for awhile and couldn't find answer of.
0 Comments
Leave a Reply. |