Peer-to-Peer TCP between Two Translated Hosts Method Christopher VanHorn April 30th, 2004 happicow@happicow.com 1. INTRODUCTION The original concept of the internet was a large network in which any device could talk directly to any other device on that network. However, as the internet grew, the amount of global address space available did not. This gave rise to Network Address Translation (NAT), a method of allowing 1 or more devices share a single IP address. However while NAT helped slow the usage of global addresses, it also hindered the ability of devices using NAT from communicating with each other. What I present here is a method of allowing direct TCP communication across the internet between two devices on two different NAT networks. This method is an abuse of the File Transfer Protocol (FTP) and the way simple NAT boxes track connections. 2. ASSUMPTIONS This document assumes that you understand how Network Address Translation and the File Transfer Protocol works. 3. TRANSLATING FTP FTP requires two communication channels. One for control and the other for the actual data transfer. The data connection may be initiated by the client or the server. In the case where the server initiates the connection, the NAT device between the client and server must allow the incoming connection on a specified port. Most NAT devices simply examine the payload of all packets destined for TCP port 21 for the PORT command. The PORT command is used by the client to inform the server which port it will listen on for the data connection. By creating a fake FTP packet with the PORT command in the payload, it is possible to cause a NAT device to create a dynamic mapping to allow inbound connections on that port. 4. THE METHOD Assume a network similar to the following: +------------+ | HOST X | +------------+ | | +-----------------------------------+ | Internet (global address space) | +-----------------------------------+ | | | | +-------+ +-------+ | NAT 1 | | NAT 2 | +-------+ +-------+ | | | | (HOST A) (HOST B) Should HOST A and HOST B wish to communicate directly with each other via TCP, they will need to coordinate the connection with a host (HOST X) on the global internet which can see their global addresses. This document does not go into how the coordination should take place, there are a multitude of ways to implement that. Step 1 - Communicating via HOST X, HOST A and HOST B learn each other's global address. They then decide which host will act as the initiator and which will act as the receiver. The two hosts then negotiate a port to use. The port must be a high, non-reserved port. Step 2 - The receiver host sends a TCP packet with the SYN flag set, and a payload containing the command (See RFC 959): PORT

,

,

,

,, * h1-h4 should reflect the receive.s private address. * In some cases, it may be necessary to send the packet with the ACK flag set. * In some cases, it may be desired to set the TTL to a low number such as 2-3. Some NAT boxes are intelligent enough to know that a RST packet coming back from the other NAT device means the connection is not valid. Step 3 - The receiver host then begins listening for connection on the negotiated port. Step 4 - The receiver host then sends a message to the initiator host via HOST X that it is ready to receive a connection. Step 5 - The initiator then opens a standard TCP connection to the receiver's global IP address and the negotiated port With any luck, this should establish a direct TCP connection between two translated hosts. This method does not work on all NAT devices. I have only confirmed that LinkSys broadband routers support this method. Further testing will be needed. 5. POSSIBLE USES Multiplayer internet aware games. Instant Message clients that wish to allow peer-to-peer connections for file transfers, voice, video, and more secure communications. Peer-to-Peer file transfer networks. 6. NOTES, DISCLAIMERS, ETC. I cannot guarantee any of the information in this document to be safe, legal or accurate, you are on your own if you use it. I am not liable for the use of the information in this document.