I understand how NAT works in case of communication between one, local host and a server with specific public IP address. The host is sending a request, it pushes the packet with destination IP address set to the value of servers IP address to the router . That LAN router “remember” that our host (identified by private IP address) is sending request to the server. So it is able to forward the response from a server to the proper host. (By the way, how does it distinguish responses from the server when multiple hosts from one LAN send requests at the same time?)
Now, lets say we have two hosts, based on two standard local networks on Internet, which are not related with eachother. Is it possible to these hosts to communicate with each other, with NAT, but without any kind of servers between, providing the services to communicate? In that situation, we dont need to send any kind of request between them.
In: 1
First, about multiple hosts. Network packets, in addition to IP address, have another field – “port number”. It is a number from 0 to 65535, that supposed to identify different programs on the same computer. The router assigns different port numbers to each outgoing connection – and remembers which host started each one.
When two computers communicate over the Internet, one of them always starts the conversation. For that computer, the NAT will work as usual. It is the receiving party that is the problem – the router doesn’t know, where to redirect incoming packets. For that, one of the three ways can be used:
* configure the router to have a permanent redirection rule on some port. This is manual port forwarding.
* send a message to the router and ask it nicely for a port. This is automatic port forwarding. Unfortunately, there are [several different protocols](https://en.wikipedia.org/wiki/NAT_traversal#Techniques) to talk to the router.
* “punch a hole” in NAT. Send an outgoing message, and then use the assigned port to receive incoming messages – even if those messages come from a different IP (many routers won’t check that). It requires some intermediate “matchmaking” server, that will record your IP and port and send it to the other party. Also, some “symmetric NAT” routers do check the IP of the incoming message – so that trick won’t work.
Latest Answers