Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

STUN-based port-mapping PCP/NAT-PMP/UPnP server for EIM (CG)NAT #5

Open
EHfive opened this issue Feb 9, 2024 · 0 comments
Open

STUN-based port-mapping PCP/NAT-PMP/UPnP server for EIM (CG)NAT #5

EHfive opened this issue Feb 9, 2024 · 0 comments
Labels
discussion Discussions related to the project

Comments

@EHfive
Copy link
Owner

EHfive commented Feb 9, 2024
edited

Note

This would be implemented in a separate project if would ever be, the issue is just for note and discussion.

The idea is to implement a PCP/NAT-PMP/UPnP(and maybe some custom protocol) server and when a mapping request for (device source IP, device source port) is initiated from a device(or manually configured):

  1. Get external NAT port mapping of (server source IP, server source port) with STUN request, the result is (server source IP, server source port) <=> (external source IP, external source port) if the external NAT has EIM(Endpoint-Independent Mapping) behavior. Note the source IP and port pair is from server's external network and might not be the same with IP and port pair from mapping request.
  2. Keep the mapping alive for requested lifetime by sending outbound UDP or TCP SYN packet from (server source IP, server source port), DNS or HTTP request can be used but the STUN request might be more feasible to also detect mapping changes. This will also create established Netfilter conntrack records to prevent the keep-alive traffic from being DNATed by forwarding rule created in step 3.
  3. Create a nftables/iptables forwarding(DNAT) rule for (server source IP, server source port) <=> (device source IP, device source port), thus we got a (external source IP, external source port) <=> (server source IP, server source port) <=> (device source IP, device source port) forwarding chain.
  4. Respond the requesting device with mapping (external source IP, external source port) we got in step 1, and re-notify if the mapping have changed in step 2.

This is similar to NATMap and Natter but with PCP/NAT-PMP/UPnP addition to allow existing PCP/NAT-PMP/UPnP aware applications like BitTorrent client to work.

The advantage is this model can work on any EIM network as long as the server has maybe-chained EIM external network or public IP, no upstream PCP/NAT-PMP/UPnP service or proxy is needed. This is the case for some ISPs providing EIM+EIF CGNAT nowadays.

So this can be alternative to deploy EIM+EIF NAT like our application on local router if all you want is having PCP/NAT-PMP/UPnP aware applications to work with traditional Endpoint-Dependent nftables/iptables masquerading.

Or also as a supplement to this project to provide both EIM+EIF and PCP/NAT-PMP/UPnP services with external EIM (CG)NAT(i.e. EIM NAT on local router + EIM NAT on upstream router) to also have STUN-based NAT traversal applications like WebRTC and P2P gaming to work.
@EHfive EHfive added the discussion Discussions related to the project label Feb 9, 2024
@EHfive EHfive mentioned this issue Feb 14, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discussion Discussions related to the project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@EHfive