Skip to content

GitLab

Switch branch/tag
Find file Normal viewHistoryPermalink
README.md 2.16 KB
Newer Older
jflyup's avatar
Create README.md    
jflyup committed
1 
# nat_traversal
Fong's avatar
update README    
Fong committed
2
3
4 
An implementation of this paper: [A New Method for Symmetric NAT Traversal in UDP and TCP](http://www.goto.info.waseda.ac.jp/~wei/file/wei-apan-v10.pdf)

According to [RFC 3489](http://tools.ietf.org/html/rfc3489), a symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and
jflyup's avatar
Create README.md    
jflyup committed
5 
port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.
Fong's avatar
update README    
Fong committed
6
Fong's avatar
fix linker error and update README    
Fong committed
7 
So, if we know the port allocation rule of the Symmetric NAT, we can traverse Symmetric NAT. This paper proposes a new method for traversing Symmetric NAT which is based on port prediction and limited TTL values.
Fong's avatar
update README    
Fong committed
8
9 

This method is based on limited TTL values, port prediction(if it's not predictable, use large number of holes, namely a 1000 connections at once, which will be punched and increase the success rate).
Fong's avatar
update README    
Fong committed
10
11 
## Usage
***
Fong's avatar
update README    
Fong committed
12 
It's just an experimental project, I just wanna test whether UDP punching is possible if both nodes are behind symmetric NAT. It works this way:
Fong's avatar
update README    
Fong committed
13
14
15 

A peer got its own NAT info(external ip/port, NAT type ), then registers to server, the server replies to the peer with a unique peer ID. if you specify `-d peer ID` option, the node tries to get the info of that specified peer from the server, then connects to it directly. So when you specify '-d' option, make sure that peer is connected with server.
Fong's avatar
update README    
Fong committed
16 
To run it, you should run `punch_server.go` in a machine with public IP, so that both nodes can connect to it to exchange info(just node info, not to relay payload like [TURN](https://tools.ietf.org/html/rfc6062)), then run `nat_traversal [-s punch server] [-d if you wanna connect to peer]` on clients, you can also specify other arguments, such as, STUN server by `-H` option, source IP by `-i`, source port by `-p`.
Fong's avatar
update README    
Fong committed
17 
This program is not 100% guaranteed to make 2 peers behind symmetric NATs connect
Fong's avatar
update README    
Fong committed
18 
to each other, it's possible in theory. Actually, I just happen to succeed once. Hope more people can test it.