[Nottingham] Easy network programming

[Michael Simms]

On Fri, 2007-05-11 at 17:28 +0100, Martin wrote:
> Charles Samuels wrote:
> [---]
> > 
> > So you can initiate a TCP connection from inside the NAT to another machine, 
> > and they'll be able to speak back and forth, but you won't be able to 
> > initiate a connection to a *Server* inside the NAT in any case (without 
> > UPNP).
> > 
> > In short, As long as the server is not NATted, you'll be fine.
> 
> Charles,
> 
> Good to see you on the list again!
> 
> Presumably, port forwarding to a server on a DMZ or internal network
> should work fine, or is there something 'special' about this?

As long as the outside world sees an open port, it is fine. The problem
is that the server opens a port, the client must connect, but if the
port is hidden, obviously it cant. Port forwarding specifically gets
round this and allows whatever you need, if you set it up.

NAT traversal mentioned earlier is different. Its whole advantage is you
don't have to go poking around with firewalls, it does it all for you.
However it doesn't work for TCP (TCP packets just can't be handled like
this AFAIK), but for UDP, it works by the server opening a port and
sending a communication to a third party who has an open port. The third
party is then queried by a client to see which port the firewall is
expecting communication from (it opens up an incoming port to match each
outgoing communications stream, but the port is NOT predictable), and
then tries to connect to the server on that port. On most
firewalls/routers, this works, but sometimes they are clever and not
only do they expect communication on a port, but they limit it to a
specific address, and so the whole thing becomes impossible.

And in answer to the unasked question, no my network layer doesn't do
this yet, but that's one of the things I'm writing now {:-)


> 
> Cheers,
> Martin
> 
-- 
Michael Simms, CEO - Linux Game Publishing LTD
http://www.linuxgamepublishing.com