[CLUE-Tech] NAT blocks P2P?

Chris Schock black at clapthreetimes.com
Mon Mar 22 21:01:27 MST 2004 

Well, maybe it's true that the end is near for poorly designed apps, but I
won't lose much sleep seeing those go. Other than that, I don't think NAT
is causing any kind of Internet armageddon.

Anything "modern" doesn't have much of a problem with NAT. Clearly NAT is
not killing communication, as I'd venture a guess that the majority of
home users are behind some sort of NAT.

The device performing NAT (or masquerading) certainly does track how
addresses on the "inside" relate to an address on the outside. A lot of
NAT implementations have a timer which resets every time a packet for a
particular connection is used. If the connection doesn't get used in X
seconds, then it is dropped. This is how UDP traffic is tracked, since
it's stateless. TCP can be tracked in the same way, but because it carries
a state with it you can also track it that way.

A lot of NAT devices also let you do port forwarding, so it's very
possible to host stuff at home. Especially when combined with dynamic DNS.
A lot of applications can even detect when they're behind NAT and adjust
themselves accordingly.

Some of the older apps, notably games, didn't like NAT for whatever
reason. Also anything that embeds the IP address somewhere in the payload
portion of the packet usually has problems. IPSEC does this, but it's
probably for security reasons and not bad planning. Some parts of H.323
video also have this problem, oy ve.

NAT can muddy the waters when it comes to troubleshooting problems, and it
certainly does add another layer of complexity, but I'd argue that it's
here to stay and overall the benefits far outweigh the problems. I for one
sure am glad I can use port forwarding instead of having to rent a block
of IP addresses.

> Hi Folks.
>
> Referring to this from the Politech mailing list:
> http://politechbot.com/pipermail/politech/2004-March/000524.html
>
> John Walker claims that increases in the use of NATted addressing by
> high-speed providers will eventually kill P2P connections on the internet.
>
> Since I'm no NAT guru, I wonder if this is really true? I understand that
> in order to establish a P2P connection, each box has to send out, or
> otherwise establish, its address, which isn't the same as the routing
> interface where NAT is happening. But I'd think there'd be a way for a NAT
> interface to somehow figure out that connection x is intended for a
> particular address/port on the "inside". IOW, the P2P request would be
> directed to the NAT interface, which ought to be able to figure out what
> do with it, based on recognizing the protocol, or which port the request
> comes in on.
>
> So, I'm just wondering.
>
> jed
> --
> http://s88369986.onlinehome.us/freedomsight/
>
> ... it is poor civic hygiene to install technologies that could someday
> facilitate a police state. -- Bruce Schneier
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>

More information about the clue-tech mailing list