Communication between hosts behind NAT


I have a very difficult time figuring out this...

I have two computers who sends each other messages using UDP. Both machines are behind NAT. I m requesting STUN server to find out both machines global addresses(Mapped IP and Mapped Port).  But the mapped port is not constant and keeps on changing very frequently.  So, even if  first connection is made, once we loose the connection,  the mappings are lost. So, basically, is there any way to preserve the same mapped ip and port?  

In a nutshell, i have to computers behind NAT, and i want a commnunication between them, whenever i need. Just like how messengers do.

Hope someone can give me some direction. Thanks a  lot in advance....
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Usually you would have your NAT device providing Application Layer Gateway (ALG) or Proxy support for whatever protocol you're using, e.g H323 or SIP.
Otherwise you should be able to configure a port range used by the listener and map those ports for the external address to the internal address.
jyotishbAuthor Commented:
Okay, i m using Windows XP, and i m trying to add a service and ap ports. It has four boxes, Name of the service, Name or IP address of the coputer hosting this service, i put the IP address provided by the router, that is(192.168.1.X), right? and what should i put external port number of the service? is it the mapping of NAT of the internal port i provide???
Yes, host computer would be the 192.168.1.X address and whichever port the service is listening on would be the internal port number. You would usually have the external port number the same.
I've said you *should* be able to do this but it depends on exactly what you're trying to do. Can you provide more detail on NAT device and messaging used?
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

jyotishbAuthor Commented:
Thanx for the reply. Heres what i want to do.

1. I have a server, which is constantly listening  on Port 5060 for requests  from any client. Once, it gets a request it replies back to the client. This works fine when both the server and the client in the same network.

2. Now, i need to eshtablish the communication between client and server which are in different network, So i need to traverse NAT. What do u suggest i should do?

3. I have done this so far, I have made a request to the STUN server and i m getting the Mapped address of my server (Mapped IP and Port) machine.  But i think,  i m not been able to map the port right. I m sure i m getting the address right, but what change i have to make so that i will be able to get every request from a remote client to my server to the same port
I'm still having to guess what you're using.

For SIP, if you're listening on port 5060, your firewall should allow and have TCP and UDP 5060 for your external address mapped to TCP and UDP 5060 on the internal address.
For messaging, two ports are used per call (one for streaming and the other for control) and you should be able to configure the base port used. For example, if your base port is 8300 and you can handle 10 concurrent calls, ports 8300 to 8319 will be used and it is this UDP range that you need to allow and map for the external address to the internal address.

Using STUN should fix any server internal IP address references (to the external address) in calling, while the ports stay the same and mapped by your firewall.

The client end may also need to be configured this way.

Is that any help?
jyotishbAuthor Commented:
Well, I m getting the same port as mapped port. i dont think its possible all the time. For example, If i m requesting port number 50, even then the STUN server giving 50 as mapped port. is that possible, cos i think in some cases it wont be able to even bind the address cos lower order ports are most probably used by some other services. So i think, i m getting the mapped port wrong... does it have anything to do with the firewall??

> does it have anything to do with the firewall??

Yes. Any ports you want matched will have to be mapped by the firewall. It's simple if you use and can map a range - that way it will do it all the time. Use a high port range, for example 8300 - 8319 as above, that way you shouldn't overlap with other services. To do this you need to know and be able to set the ports used by the server.
If you can't do this with your present equipment consider getting a firewall that will, otherwise don't use NAT and use a public address for the server.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Voice Over IP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.