We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now


Communication between hosts behind NAT

jyotishb asked
Medium Priority
Last Modified: 2010-04-12

I have a very difficult time figuring out this...

I have two computers who sends each other messages using UDP. Both machines are behind NAT. I m requesting STUN server to find out both machines global addresses(Mapped IP and Mapped Port).  But the mapped port is not constant and keeps on changing very frequently.  So, even if  first connection is made, once we loose the connection,  the mappings are lost. So, basically, is there any way to preserve the same mapped ip and port?  

In a nutshell, i have to computers behind NAT, and i want a commnunication between them, whenever i need. Just like how messengers do.

Hope someone can give me some direction. Thanks a  lot in advance....
Watch Question

Usually you would have your NAT device providing Application Layer Gateway (ALG) or Proxy support for whatever protocol you're using, e.g H323 or SIP.
Otherwise you should be able to configure a port range used by the listener and map those ports for the external address to the internal address.


Okay, i m using Windows XP, and i m trying to add a service and ap ports. It has four boxes, Name of the service, Name or IP address of the coputer hosting this service, i put the IP address provided by the router, that is(192.168.1.X), right? and what should i put external port number of the service? is it the mapping of NAT of the internal port i provide???

Yes, host computer would be the 192.168.1.X address and whichever port the service is listening on would be the internal port number. You would usually have the external port number the same.
I've said you *should* be able to do this but it depends on exactly what you're trying to do. Can you provide more detail on NAT device and messaging used?


Thanx for the reply. Heres what i want to do.

1. I have a server, which is constantly listening  on Port 5060 for requests  from any client. Once, it gets a request it replies back to the client. This works fine when both the server and the client in the same network.

2. Now, i need to eshtablish the communication between client and server which are in different network, So i need to traverse NAT. What do u suggest i should do?

3. I have done this so far, I have made a request to the STUN server and i m getting the Mapped address of my server (Mapped IP and Port) machine.  But i think,  i m not been able to map the port right. I m sure i m getting the address right, but what change i have to make so that i will be able to get every request from a remote client to my server to the same port

I'm still having to guess what you're using.

For SIP, if you're listening on port 5060, your firewall should allow and have TCP and UDP 5060 for your external address mapped to TCP and UDP 5060 on the internal address.
For messaging, two ports are used per call (one for streaming and the other for control) and you should be able to configure the base port used. For example, if your base port is 8300 and you can handle 10 concurrent calls, ports 8300 to 8319 will be used and it is this UDP range that you need to allow and map for the external address to the internal address.

Using STUN should fix any server internal IP address references (to the external address) in calling, while the ports stay the same and mapped by your firewall.

The client end may also need to be configured this way.

Is that any help?


Well, I m getting the same port as mapped port. i dont think its possible all the time. For example, If i m requesting port number 50, even then the STUN server giving 50 as mapped port. is that possible, cos i think in some cases it wont be able to even bind the address cos lower order ports are most probably used by some other services. So i think, i m getting the mapped port wrong... does it have anything to do with the firewall??

> does it have anything to do with the firewall??

Yes. Any ports you want matched will have to be mapped by the firewall. It's simple if you use and can map a range - that way it will do it all the time. Use a high port range, for example 8300 - 8319 as above, that way you shouldn't overlap with other services. To do this you need to know and be able to set the ports used by the server.
If you can't do this with your present equipment consider getting a firewall that will, otherwise don't use NAT and use a public address for the server.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.