Five Nat penetrating methods to solve intranet problems

Many programs in the local area network can be applicable, but between the external network and intranet and between intranet and intranet is not feasible. The problem is NAT, this article will introduce the next 5 Nat penetration method, solve the internal and external network exchange. 1. Fully conical (full Cone) NAT

Host A and Host B in different intranet, each connected to the server, thereby opening a "hole" on the respective NAT device, the server receives the connection between host A and Host B, knows the public address of A and B and the port number that the NAT assigns to them, and then tells the NAT address and the port number A and B, Because of the features of the fully tapered Nat, A and B give the server a "hole" that can be used by any other host. So a and B can connect to each other's public network address and Port direct communication. The server acts as a "referral" here, telling the address and port number of a and B. 2. Restricted cone (restricted Cone) NAT

A and B still have to connect the server first, the server sends the address and port information for A and b to a and B, but because of the restricted cone NAT, they open the "hole" only to communicate with the server. To enable them to communicate directly, the solution is as follows:

If host a starts sending a UDP message to Host B's public network address, at the same time it sends an invitation message to Host B via the server, requesting host B to send a UDP message to host A on the public network address. The information sent by host A to the public network IP of Host B causes NAT A to open a session between host A and Host B, while Nat B also opens a session in Host B and host A. Once the new UDP session is opened to each other, the host A and Host B can communicate directly with [14]. 3. Port restricted cone (restricted Cone) NAT

For this type of NAT, the solution is the same as the above method. 4. Symmetric type (symmetric) NAT

Symmetric NAT, for different extranet host address, it will be assigned different port number, so it is difficult to do UDP drilling, but also can be used to predict the port hole drilling, but can not guarantee success.

Above the penetration of NAT, is the napt to penetrate, mainly for the UDP protocol. TCP protocols are also possible, but the feasibility is very small and requires a higher demand. Moreover, the Voice video communication is transmitted by UDP, so the NAT penetration for TCP is not discussed here. The underlying NAT does not modify the port number of the packets that are passed, and they can be viewed as a condensed version of a fully conical NAT, which can also be penetrated by the underlying NAT. The NAT device will turn off a mapping of UDP after a certain amount of time, so in order to maintain communication with the server, the server or client must periodically send UDP packets, keeping the mappings from being closed. 5. Peanut Shell Nat-ddns Penetrating

Peanut shell DDNS is to map the user's dynamic IP address to a fixed domain name, each time the user connects to the network, the client program transmits the dynamic IP address of the host to the server program located on the host computer, and the service program is responsible for providing DNS service and implementing the dynamic Domain name resolution through the information transmission. The main role of DDNS is to capture the IP address of each user, and then to correspond with the domain name, so that other Internet users can communicate with the user through the domain name.