[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sheflug] How NAT Works
- To: sheflug@xxxxxxxxxxxxxx
- Subject: Re: [Sheflug] How NAT Works
- From: Robin Wood <robin@xxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2025 21:33:26 +0000
- Delivery-date: Wed, 08 Jan 2025 21:34:15 +0000
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sheflug.org.uk; s=default; h=Sender:Content-Transfer-Encoding:Content-Type: Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject: To:Message-ID:Date:From:In-Reply-To:References:MIME-Version:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=eZKEaf74RYX0+QqEsvi2Ifx/83M1267bQ3D6kM4oxH8=; b=iFKRj+bsrVcCMD1mhe0jMnjsgr mypEngUPpM1jhspT8VEHWWRdA8zZ64lOqtWR96vi5Y1A1tVarQ6jUzoiTkcj4UXik+8OjpJ14ECSn /mDW9Oug0Ttiyl/Q3ofa1SwuRnySrNI4PDJmvQAHuYKfAJ4GtgCgHu16NnOK8WXvZeXKJS7PwcF3A czmheZfhyDcjNBfNOV3+zBw3YOeLMdJ3ApOMkNEEl1s9XVsV0FQRvDYy5UuE24M7uBz6u8cPPRBR/ F7122S4OyzK7GM97kPXlSfH9Ay2NbkVYjhflI6t6Rsul2kGCDCz7Y5/YT4pLzm1XR+oNugl5/PvW8 ccAMX70w==;
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digininja-org.20230601.gappssmtp.com; s=20230601; t=1736372018; x=1736976818; darn=sheflug.org.uk; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=8OY65tffvxSdWY1x7SbRPrtXraWK+XCZ8zre8r6oywI=; b=VFBuKDdgq2zEqCwvo3PC6wlmgrtupPNDmRtNdqQqOsLJEYYpmzuukzGZaIjPAUzz91 MQJwQjMb576NGu8E2JIESnAR2zx7DjmniZW7KwS8M3M5tgXUA4vVR1OXeEhV3tl7YtNi gtxTwJPfWLcGmqbfbV/aDtbcg2ZG2PTO3b1D9s2Mgzo0xNG9JxiRHfHwEPFAc4owl2Ds yaridhBD8++qUbdDfQMw4j3XR7d/r9RibM/KgydIo+RAvpyT3LQux7N6/1xoANk5gImy pCRTqIbZm++f/nt999pH2MT+5urUfI64cBMWUonyIIeyd57RjtRDvBjLNwL/6adfYHxO 3EWQ==
- Envelope-to: sheflug@xxxxxxxxxxxxxx
- List-help: <mailto:sheflug-request@sheflug.org.uk?subject=help>
- List-id: <sheflug.sheflug.org.uk>
- List-post: <mailto:sheflug@sheflug.org.uk>
- List-subscribe: <http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=subscribe>
- List-unsubscribe: <http://sheflug.org.uk/mailman/options/sheflug_sheflug.org.uk>, <mailto:sheflug-request@sheflug.org.uk?subject=unsubscribe>
- Reply-to: sheflug@xxxxxxxxxxxxxx
- Sender: "Sheflug" <sheflug-bounces@xxxxxxxxxxxxxx>
Hi
I've read through most of this and I'm stuck on how STUN works. I think I
must be missing something but this is where I'm having problems.
A NAT device handles connections by quads of source IP and port, and
destination IP and port. So the client on the inside of my network
(client1) makes a call out to the STUN server, that records the external IP
and port the connection is coming from and is then able to pass it on to
the other side of the connection (client2).
But, if client2 tries to connect to client1 using that IP and port the NAT
box will see a different source IP, one that doesn't match any that it
knows, so it would just drop the traffic.
I know the idea is that once client1 has punched out of the NAT, the hole
is open so the other side is able to send packets back, but I can only see
that working when the other side is using the same IP as client1 started
talking to. If client2 tries to talk to the external IP and port client1
used to talk to the STUN server it shouldn't work.
Is this the failing that TURN is used to handle? If so, then isn't STUN
dead in most situations? I'd imagine a lot of clients, especially VOIP, are
behind at least one layer of NAT.
To have written such a big article on STUN, it feels like I've missed
something important that means it will work in a lot more situations, but I
can't see what it is. Can anyone explain?
Robin
On Sun, 5 Jan 2025 at 11:56, Richard Ibbotson <richard@xxxxxxxxxxxxxx>
wrote:
> Hi
>
> https://tailscale.com/blog/how-nat-traversal-works
>
>
> Might interest someone out there. How NAT works.
>
> --
> Richard
>
>
> _______________________________________________
> Sheffield Linux User's Group
> http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
> FAQ at: http://www.sheflug.org.uk/mailfaq.html
>
> GNU - The Choice of a Complete Generation
>
_______________________________________________
Sheffield Linux User's Group
http://sheflug.org.uk/mailman/listinfo/sheflug_sheflug.org.uk
FAQ at: http://www.sheflug.org.uk/mailfaq.html
GNU - The Choice of a Complete Generation