You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/posts/gday/gday.md
+6-3
Original file line number
Diff line number
Diff line change
@@ -18,9 +18,12 @@ hands out many fake/private IP addresses to all the computers within that buildi
18
18
19
19
The NAT translates packets flowing out of the private network by replacing their fake/private IP addresses with its own real/public IP address, and vice versa.
20
20
21
-
It also modifies the port numbers of outgoing packets, so that each public port number corresponds to a different computer or connection within its network. Then it looks at the port numbers of incoming packets to determine which internal computer to forward them to.
21
+
It also dynamically modifies the origin port numbers of outgoing packets, so that each port number corresponds to a different internal computer or connection.
22
+
Then it looks at the port numbers of incoming response packets to determine which internal computer to forward them to.
22
23
23
-
Unfortunately, this makes it difficult for two computers, each behind their own NAT, to connect to each other. If one computer tries to send a packet to another computer, the receiving NAT won't know which computer on its internal network to forward it to. So the packet will be dropped.
24
+
Unfortunately, this makes it difficult for computers to connect if they're both behind different NATs.
25
+
If one computer tries to send a packet to another computer, the receiving NAT won't know which computer on its internal network to forward it to.
26
+
So it'll drop the packet.
24
27
25
28
Note: this is just a high-level summary. To learn more, read [Wikipedia article on NATs](https://en.wikipedia.org/wiki/Network_address_translation).
26
29
@@ -49,7 +52,7 @@ Common examples of relay servers are email, Google Drive, [Magic Wormhole](https
49
52
50
53
Thankfully, there's a way to trick certain NATs into allowing computers behind them to connect directly to each other.
51
54
It's a procedure called [TCP hole punching](https://bford.info/pub/net/p2pnat/) in which both computers temporarily connect to a contact exchange server, which shares their public IP addresses and port numbers with each other.
52
-
Then, both computers try connecting to the address+port they've received.
55
+
Then, both computers try connecting a few times to the address+port they've received.
53
56
54
57
However, this only works on full-cone NATs, address-restricted-cone NATs, and port-restricted cone NATs. It doesn't work on symmetric NATs. To understand why, [read about NATs on Wikipedia](https://en.wikipedia.org/wiki/Network_address_translation).
0 commit comments