Thread: Multiple clients behind a NAT - IP detection using UPnP
View Single Post
  #1 (permalink)  
Old July 19th, 2002
VTOLfreak
Guest
  
Posts: n/a
Default Multiple clients behind a NAT - IP detection using UPnP
There are many users who are in an enviroment where there are multiple people that want to use Gnutella at the same time but

where thery is only one connection (one IP) to the Internet and everyone is behind a NAT router .

Example : family with one ADSL connection but has a router with 3 PC's connected

Pic : red lines represent physical wires between devices



Suppose al 3 of those PC's are running a Gnutella client on the same port at hte same time .
Then noone will be able to connect since the NAT can't figure out what needs to be forwared to who .
Port forwarding only works with one IP at the time .
You cannot forward data to multiple places at a time .
If you force the NAT to forward data on a specific port to a specific IP then only that PC can connect . the other 2

remaining PC's are left out in the cold .

Pic : red lines represent Gnutella connections .
the inside of the circle is the LAN .
the outside the Internet .
This config can not work !



But suppose that the NAT supports UPnP and all the Gnutella clients too :
The first client that starts up looks if there are any other clients on the LAN by scanning for port 6346 . If there are

none it asks the NAT the outside IP using UPnP (IP detection!) .
then it goes into "peer" mode wich is normal operation + proxy for other clients .

Any other clients that start up after the first one also scan the network like the first one .
But they wil find other clients running on the LAN . (either oher leafs or the peer)
then they go into "leaf" mode .
They ask the first client they encounter the IP of the "peer" on the LAN .
Then they connect to the peer and the peer does everything for them . (searching , forwarding results , etc ... )
You might recognize the Ultrapeer concept introduced by LimeWire but we go further :
the peer also acts as a proxy for connections carying files . (uploads and downloads)
Since the leafs cannot connect directly to the NAT (because the peer already is) they have to route everything tru the

"peer" .
I mean this on a physical level , the leaf cannot acces port 6346 on the NAT because it is in use .

Pic : red lines represent connections .
the inside of the circle is the LAN .
the outside the Internet .
This config does work !



Notes :
1) What if the peer quits ?

Then the first client that came on after the peer (first leaf) becomes the new peer .
the other leafs on the LAN know that the peer has quit since they suddenly lost their connection .
But what if every leaf has to maintain a list of IP's :
IP of peer
IP of first leaf
IP of second leaf
...

Also every leaf knows wich number it is (second , third , etc)
The first leaf becomes the new "peer"
and all the leafs connect to this new peer .
The list also get's updated : the second leaf now becomes the first leaf and the third leaf becomes the second one , etc ...

2) how do they get that list and keep it updated ?

The peer knows the number and IP of every leaf connected to him . then when a new leaf connects to him the peer sends that

list to that leaf and every other leaf on the LAN (to keep them updated)

3) How does the "peer" find it's real IP ? (the outside IP)

That's were the UPnP comes in : The peer simply asks the NAT !
If the NAT router supports UPnP its real easy to find the IP .

4) And if it doesn't support UPnP ?

Then the client can find it's IP by examining the IP of icoming data originating from outside the LAN .
It should never try to "examine" data originating from inside the LAN or it might conclude it's not on a LAN or think that's

it's real IP .
But this is easily prevented by preventing the client from examining data with private IP's .

5) how does the peer know the difference form leafs and outside connections ?

Inside the LAN there is a set range of IP's . (usually 192. )
So everyone that wants to connect to the peer with a IP in that range is a leaf from the LAN .
Everyone with another IP is a normal connection that got forwarded from the NAT .

The peer can find out the appropiate range by simple looking at its own IP .

6) How does a client know if it is on a private LAN with a NAT or not ?

Because the DCHP server on that LAN (or manually) assigns IP's to everyone in a certain IP range .
And some ranges are reserved for special purposes .
For example : the 192. range is used on LAN's behind NAT .
(Don't know if that is the official definition)
The client has a list of ranges and knows if a IP is a private or public IP .
Most of the IP's listed in red on the download window are private IP's .
And those clients are located on a LAN behind a NAT .

7) what if the peer isn't on port 6346 ?

2 solutions :
- Don't change the default port (6346) on any of the clients on the LAN
- Ask the NAT using UPnP . the NAT knows who the peer is since it is forwarding data to the peer .
Don't sure how this works but I heard that it is possible . (I'm not a networking guru)
If the NAT doesn't support UPnP you wil have to use solution #1

8) Why don't we simply change to port on each client ?

Because there are people that don't bother .
Or are simply too stupid .
But then they come to the forums with posts like "I can't connect" and "x client sucks" .

The idea was to work out a scheme wich doesn't require user input .
If you noticed I never asked that the one in charge of the network to run by every PC to adjust their settings .
Now if you are at home with 2 PC's it isn't that hard to go by every one to change the ports .
But if you work in a company with 100+ PC's and you aren't allowed to acces any of those exept your own ...
Even if they have a T1 they might not have unique IP's for everyone .
IP's cost money : They have to buy every single one from the ISP .

Imagine you are CEO :
Buy 300 IP's at 2$ a piece or buy 150$ NAT ?
I think you won't have to hesitate long .
Some big connections indeed come with limitles IP's but many don't and have limits like 10 or 20 IP's .

"But if they have 100+ PC they will need that big limitles connection"
Trhu in some cases but many companies have enough bandwidt on one connection like a T1 because they are not specialized in

the internet buisnes .
Imagine you work in a big company that for example makes swimming pools (stupid example but will do)
they might have 50+ PC's but they won't need a T3 .

And it is not likely that in such a big company that you are allowed to run by every PC to change their ports .
There are more people stuck in this situation then you think .


So any questions or ideas ?
I think it's really time that someone (don't care who) starts working on this problem .
There are allot of familys nowadays that have 2 or more PC's but with a ISP that only assings one IP .
But they only realize the limitations of a NAT after they picked up a cheap one from their local supermarket .
But they also don't think of changing the ports on each client ...
Remember : my idea was to come up with a solution that doesn't require user input .
Reply With Quote