TCP/IP packet transmission through NAT

Why my TCP packets do not reach the destination?

I send http requests from one PC to another PC, both behind NAT:

  • PC1 behind NAT1, runs Wireshark.
  • PC2 behind NAT2, this one sends http requests.

To open access on NAT1 from outside, in the browser address of PC1 I enter IP_of_NAT2. I see those request going out to IP_of_NAT2 in Wireshark and I write down PORT numbers used for this session.

Then, in the browser address of PC2 I enter IP_of_NAT1:PORT, but no TCP packets reach PC1.


Solution 1:

You are causing the packets sent by PC2 to have the correct destination port but not the correct source port. To be viewed as a reply packet, both the destination port and source port have to match.

For example, say PC1's external address is 1.1.1.1 and PC2's external address is 2.2.2.2. When you send HTTP requests from PC1 to PC2, the source address will be 1.1.1.1 and the destination address will be 2.2.2.2, but the source port will be arbitrary (say it's 12345) and the destination port will be 80.

You need to get PC2 to send a packet with with a destination IP address of 1.1.1.1 (so it gets to PC1) a destination port of 12345 (or whatever it is), but also a source port of 80. Otherwise, they are not a reply to the packets sent by PC1 and your PC1's NAT will not forward them.