Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Communication between hosts behind NAT

Hi,

I have a very difficult time figuring out this...

I have two computers who sends each other messages using UDP. Both machines are behind NAT. I m requesting STUN server to find out both machines global addresses(Mapped IP and Mapped Port).  But the mapped port is not constant and keeps on changing very frequently.  So, even if  first connection is made, once we loose the connection,  the mappings are lost. So, basically, is there any way to preserve the same mapped ip and port?  

In a nutshell, i have to computers behind NAT, and i want a commnunication between them, whenever i need. Just like how messengers do.


Hope someone can give me some direction. Thanks a  lot in advance....
0
jyotishb
Asked:
jyotishb
  • 4
  • 3
1 Solution
 
FrabbleCommented:
Usually you would have your NAT device providing Application Layer Gateway (ALG) or Proxy support for whatever protocol you're using, e.g H323 or SIP.
Otherwise you should be able to configure a port range used by the listener and map those ports for the external address to the internal address.
0
 
jyotishbAuthor Commented:
Okay, i m using Windows XP, and i m trying to add a service and ap ports. It has four boxes, Name of the service, Name or IP address of the coputer hosting this service, i put the IP address provided by the router, that is(192.168.1.X), right? and what should i put external port number of the service? is it the mapping of NAT of the internal port i provide???
0
 
FrabbleCommented:
Yes, host computer would be the 192.168.1.X address and whichever port the service is listening on would be the internal port number. You would usually have the external port number the same.
I've said you *should* be able to do this but it depends on exactly what you're trying to do. Can you provide more detail on NAT device and messaging used?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
jyotishbAuthor Commented:
Hi,
Thanx for the reply. Heres what i want to do.

1. I have a server, which is constantly listening  on Port 5060 for requests  from any client. Once, it gets a request it replies back to the client. This works fine when both the server and the client in the same network.

2. Now, i need to eshtablish the communication between client and server which are in different network, So i need to traverse NAT. What do u suggest i should do?

3. I have done this so far, I have made a request to the STUN server and i m getting the Mapped address of my server (Mapped IP and Port) machine.  But i think,  i m not been able to map the port right. I m sure i m getting the address right, but what change i have to make so that i will be able to get every request from a remote client to my server to the same port
0
 
FrabbleCommented:
I'm still having to guess what you're using.

For SIP, if you're listening on port 5060, your firewall should allow and have TCP and UDP 5060 for your external address mapped to TCP and UDP 5060 on the internal address.
For messaging, two ports are used per call (one for streaming and the other for control) and you should be able to configure the base port used. For example, if your base port is 8300 and you can handle 10 concurrent calls, ports 8300 to 8319 will be used and it is this UDP range that you need to allow and map for the external address to the internal address.

Using STUN should fix any server internal IP address references (to the external address) in calling, while the ports stay the same and mapped by your firewall.

The client end may also need to be configured this way.

Is that any help?
0
 
jyotishbAuthor Commented:
Well, I m getting the same port as mapped port. i dont think its possible all the time. For example, If i m requesting port number 50, even then the STUN server giving 50 as mapped port. is that possible, cos i think in some cases it wont be able to even bind the address cos lower order ports are most probably used by some other services. So i think, i m getting the mapped port wrong... does it have anything to do with the firewall??






0
 
FrabbleCommented:
> does it have anything to do with the firewall??

Yes. Any ports you want matched will have to be mapped by the firewall. It's simple if you use and can map a range - that way it will do it all the time. Use a high port range, for example 8300 - 8319 as above, that way you shouldn't overlap with other services. To do this you need to know and be able to set the ports used by the server.
If you can't do this with your present equipment consider getting a firewall that will, otherwise don't use NAT and use a public address for the server.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now