UDP packets to PC behind NAT
Steve Holden
steve at holdenweb.com
Fri Sep 15 14:31:24 EDT 2006
Janto Dreijer wrote:
> Grant Edwards wrote:
>
>>On 2006-09-15, Janto Dreijer <jantod at gmail.com> wrote:
>
> ....
>
>>>Would it be a reasonable solution to initiate a TCP connection
>>>from the client to the server and somehow (?) let the server
>>>figure out how the client is connecting? And then send UDP to
>>>client over the same (IP, port)?
>>
>>I doubt that will work unless the firewall has been
>>specifically designed to recognize that pattern of activity and
>>allow the incoming UDP packets. I don't think most firewall
>>have default rules that allow UDP packets to tunnel back along
>>a TCP connection.
>
>
> Thanks for the info!
>
> I think you may be right. I had to configure the local firewall to
> allow all connections from the server. Which kinda defeats the purpose.
> If you have control over the NAT why not just assign a dedicated port?
>
> There might still be value in this approach, however. Even though I
> have control over the NAT I have multiple clients that might need to
> create these connections. I would need to map ports to be able to
> handle simultaneous connections.
>
> It's Friday afternoon over here, so I may be wrong...
>
Note that TCP and UDP port spaces are disjoint, so there's no way for
TCP and UDP to use "the same port" - they can, however, use the same
port number. Basically the TCP and UDP spaces have nothing to do with
each other.
Most dynamic NAT gateways will respond to an outgoing UDP datagram by
mapping the internal client's UDP port to a UDP port on the NAT
gateway's external interface, and setting a converse mapping that will
allow the server to respond, even though technically there isn't a
"connection". The NAT table entries will typically be timed out after a
short period of non-use.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list
mailing list