Open Source & Linux Lab

It's better when it's simple

User Tools

Site Tools

Shvecov M. NAT and connections management facilities

Good day. I would like to introduce you my report:

NAT and connections management facilities

In the mid-1990s NAT became a popular tool for alleviating the IPv4 address exhaustion. It has become a standard, indispensable feature in routers for home and small-office Internet connections. NAT is the process of modifying network address information in IP packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.

However, hosts behind NAT-enabled routers do not have end-to-end connectivity and cannot participate in some Internet protocols. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted

The aim of this work is: realize system that allow two hosts in different intranets communicate between each other. To achieve that, we should perform the following tasks:

  • Determine algorithm of exchange packets between clients
  • Determine set of necessary packets and their formats
  • Determine encryption and compression methods
  • Design system interface

Let’s consider the algorithm of the system. First of all, to the existing network architecture adds a public server, available for both clients. When clients in different intranets want to communicate between each other, they should connect to the public server. For example, client 1 connects to the server with a source port 10000, and the client 2 connects to the server with a source port 20000. After that new entries were added to the address translation tables of NAT devices. Entry with IP address and port 30000 associated with client 1 and entry with IP address and port 40000 associated with client 2.

After establishment connections, server sends IP address and port of client 2 to client 1, and sends IP address and port of client 1 to client 2. Packets can be delivered to host through the entries of the address translation tables of NAT device. Clients always hold connection with the server by keep-alive messages. Thus, entries of the address translation tables of NAT device remains until the end of the work of system. Each user contact is assigned with a virtual IP-address. Virtual IP-address is a any IP address that not used in the current intranet. This IP address is only valid within a single node.

When the client 1 wants to establish a connection with the client 2, he starts the network application and indicates that the server address is a virtual IP-address of the client 2. Suppose that client 2 has FTP server. In this case, client 1 starts the FTP-client and indicates that destination address - IP-address, virtual IP-address associated with client 2, and indicates that a destination port is 21. Before the operating system sends a packet to a virtual IP-address our system replace destination address to the IP address of NAT device 2, replace the destination port to the open port of client 2, Original values of the ports is appended to the body of the packet. After passing through the NAT devices, the packet will have the following form Now at the side of client 2, before the operating system will process the incoming packet, our system will restore the original values of ports and replace source IP address to the virtual IP address of the client 1. Thus, the operating system determines that the incoming message came from the virtual IP-address of the client 1, and will send a message to him As you see, the main task - determine algorithm of exchange packets between clients is performed. After testing was revealed that bandwidth decreased by 12 percent

Prospects for the further development:

  • Optimization packet processing
  • Detailed statistics at the server
  • Creation contact group
  • Empowering administrator
  • Anti-spam protection at the client side
  • Additional features

That's all. Thank you for your attention


etc/events/fruct7/nat.txt · Last modified: 2010/04/13 15:13 by shvecovmn