TCP/IP packet transmission through NAT

nat tcp packets

Why my TCP packets do not reach the destination?

I send http requests from one PC to another PC, both behind NAT:

  • PC1 behind NAT1, runs Wireshark.
  • PC2 behind NAT2, this one sends http requests.

To open access on NAT1 from outside, in the browser address of PC1 I enter IP_of_NAT2. I see those request going out to IP_of_NAT2 in Wireshark and I write down PORT numbers used for this session.

Then, in the browser address of PC2 I enter IP_of_NAT1:PORT, but no TCP packets reach PC1.


Solution 1:

You are causing the packets sent by PC2 to have the correct destination port but not the correct source port. To be viewed as a reply packet, both the destination port and source port have to match.

For example, say PC1's external address is 1.1.1.1 and PC2's external address is 2.2.2.2. When you send HTTP requests from PC1 to PC2, the source address will be 1.1.1.1 and the destination address will be 2.2.2.2, but the source port will be arbitrary (say it's 12345) and the destination port will be 80.

You need to get PC2 to send a packet with with a destination IP address of 1.1.1.1 (so it gets to PC1) a destination port of 12345 (or whatever it is), but also a source port of 80. Otherwise, they are not a reply to the packets sent by PC1 and your PC1's NAT will not forward them.

Related

Server Requirements for a 2000 visitor Event [duplicate]
kdevtmpfsi using all resources. Can't stop it [duplicate]
Is it bad practice to have a CNAME that does not match SSL cert CN?
Dell PowerEdge Server - What is a Maser Daughter Card?
How to list systemd services by memory usage
nginx can't find /etc/letsencrypt/options-ssl-ngin.conf file
Forbidden (403), when accessing server-status on apache 2.2.22
Correctly writing a Zone File for a nameserver
PHP performance improvement for 32GB RAM
How do I find the WSUS server that my computers are connecting to for Windows Updates?
Squid 3.5.20 No Internet Access
Is there a central limit theorem for $L^p$?