The lan ip Address becomes the IP Address of the WAN and implements nat (Port ing) on the router. First, we will introduce some basic concepts: NAT (Network Address Translators) and Network Address Translation: network Address Translation is generated when IP addresses are increasingly lacking. Its main purpose is to reuse IP addresses. NAT is divided into two categories: Basic NAT and NAPT (Network Address/Port Translator ). NAT is a functional module running on a vro. The first solution is the basic NAT, which is based on the fact that only a few nodes in a private network (domain) need to be connected to the Internet, this was proposed in the 1990s S ). In fact, only a few nodes in this subnet need a unique IP address in the world. The IP addresses of other nodes should be reusable. Therefore, the basic NAT implementation function is very simple. Using a reserved IP subnet segment in the subnet, these IP addresses are invisible to the outside. Only a few IP addresses in the subnet can correspond to a truly unique IP address in the world. If these nodes need to access the external network, the basic NAT is responsible for converting the IP address in the subnet of the node into a globally unique IP address and then sending it out. (Basic NAT changes the original IP address in the IP packet, but does not change the port in the IP packet.) for more information about basic NAT, see RFC 1631, we can also see from the name that NAPT will not only change the IP address of the IP datagram through the NAT device, but also change the TCP/UDP port of the IP datagram. We may not see much about basic NAT devices (Haha, I have never seen it). NAPT is the main character of our discussion. View: Server S1 181.0.31: 1235 | ^ Session 1 (A-S1) ^ | 18.181.0.31: 1235 | v 155.99.25.11: 62000 v | NAT 155.99.25.11 | ^ Session 1 (A-S1) ^ | 18.181.0.31: 1235 | v 10.0.0.1: 1234 v | Client A 10.0.0.1: 1234 has A private network 10. *. *. * Client A is one of the computers. The Internet IP address of the Network Gateway (a nat device) is 155.99.25.11 (there should be an intranet IP address, such as 10.0.0.10 ). If A process in Client A (this process creates a udp Socket, this Socket is bound to port 1234) wants to access port 1235 of the Internet host 18.181.0.31, so what will happen when a packet passes through NAT? First, NAT changes the original IP address of the packet to 155.99.25.11. Next, NAT creates a Session for this transmission (Session is an abstract concept. If it is TCP, the Session may start from a SYN Packet and end with a FIN packet. For UDP, it starts with the first UDP port of the IP address and ends. Haha, it may be a few minutes, maybe several hours, depending on the specific implementation) and assign a port for the Session, such as 62000, and then change the source port of the packet to 62000. Therefore, the original data packet (10.0.0.1: 1234-> 18.181.0.31: 1235) is changed to (155.99.25.11: 62000-> 18.181.0.31: 1235) on the Internet ). Once a Session is created, NAT remembers that port 62000 corresponds to port 1234 of 10.0.0.1. data sent from Port 18.181.0.31 to port 62000 will be automatically forwarded to 10.0.0.1 by NAT. (Note: data sent from Port 18.181.0.31 to port 62000 will be forwarded, and data sent from other IP addresses to this port will be discarded by NAT) in this way, Client A establishes A connection with Server S1. Well, most people may know the basic knowledge above, so the following is the key part. Check the following situation: Server S1 Server S2 18.181.0.31: 1235 138.76.29.7: 1235 | + -------------------- + ------------------ + -------------------- + | ^ Session 1 (A-S1) ^ | ^ Session 2 (A-S2) ^ | 18.181.0.31: 1235 | 138.76.29.7: 1235 | v 155.99.25.11: 62000 v | v 155.99.25.11: 62000 v | Cone NAT 155.99.25.11 | ^ Session 1 (A-S1) ^ | ^ Session 2 (A-S2) ^ | 18.181.0.31: 1235 | 138.76.29.7: 1235 | v 10.0.0.1: 123 4 v | v 10.0.0.1: 1234 v | connection example of Client A 10.0.0.1: 1234. If Client A's original Socket (the UDP Socket bound with port 1234) then I sent a UDP packet to another Server S2. What will happen when the UDP packet passes through NAT? In this case, two conditions may occur. One is that NAT creates a Session again and assigns a port number (for example, 62001) to the Session again ). In addition, NAT creates a Session again, but does not allocate a new port number. Instead, it uses the original allocated port number 62000. The previous NAT is called NAT, and the latter is called NAT. We expect that our NAT is the second type. If your NAT is the first type, many P2P software may fail. (Fortunately, most of NAT now belongs to the latter, that is, Cone NAT.) Well, we can see that through NAT, it is easy to connect computers in the subnet to the outside (NAT is transparent, and computers in the subnet and the Internet do not need to know the NAT situation ). However, it is difficult for external computers to access computers in the subnet (and this is exactly what P2P needs ). So what can we do if we want to send a datagram to an intranet computer? First, we must create a "hole" (that is, we mentioned earlier to create a Session on NAT) on the Intranet NAT. This hole cannot be played by the outside, it can only be played by hosts in the intranet. This hole also has a direction. For example, a UDP packet is sent from an internal host (such as 192.168.0.10) to an external IP address (such as 219.237.60.1, then, a "Hole" in the direction of 219.237.60.1 is added to the NAT device on the Intranet (this is called UDP Hole Punching Technology) later, you can use this hole to contact 192.168.0.10 on the Intranet. (However, other IP addresses cannot use this hole ). Now it's our turn to P2P. With the above theory, the last step is to achieve communication between two Intranet hosts: the problem of chicken eggs or eggs, and the two sides cannot actively send connection requests, no one knows who owns the Internet address. How can we make this hole? We need a man in the middle to contact the two Intranet hosts. Now let's take A look at the process of A P2P software, for example: Server S (219.237.60.1) | + ----------------- + -------------- + --------------- + | nat a (Internet IP: 202.187.45.3) nat B (Internet IP: 187.34.1.56) (intranet IP: 192.168.0.1) (intranet IP: 192.168.0.1) ||| Client A (192.168.0.20: 4000) Client B (192.168.0.10: 40000) first, Client A logs on to the Server and nat a assigns A port 60000 for this Session. Then, the address of Client A received by Server S is 202.187.45.3: 60000, this is the Internet address of Client. Similarly, if Client B logs on to Server S and nat B assigns port 40000 to this Session, the address of B received by Server S is 187.34.1.56: 40000. In this case, both Client A and Client B can communicate with Server S. If Client A wants to directly send A message to Client B at this time, he can obtain the Internet address 187.34.1.56: 40000 of B from Server S, is Client A able to receive the information sent by Client B to this address? The answer is no, because if the message is sent in this way, nat B will discard this information (because this information is not recommended, for security purposes, most NAT will perform the discard action ). Now we need to create A hole in the direction of 202.187.45.3 (that is, the Internet address of Client A) on nat B, so Client A sends the information sent to 187.34.1.56: 40000, and Client B can receive it. Who will issue this logging command? Oh, of course, it's Server S. To sum up this process: If Client A wants to send information to Client B, Client A sends A command to Server S and requests Client B to open A hole in Client. Haha, isn't it a great detour, but it doesn't matter. It's very clear to think about it. What's more, there is source code (Mr. Hou said: there is no secret 8 in front of the source code )), then Client A can communicate with Client B through the Internet address of Client B. Note: The above process is only applicable to the case of Cone NAT. If it is using NAT, when Client B holes in Client A, the port has been reassigned, client B will not be able to know this port (if the port of the NAT gateway is allocated sequentially, we may be able to guess this port number, but after reading some information, consider that the route itself also has an ip address, send the packet sent to the WAN-to the routing ip address, the route will automatically send the packet. It is reasonable to say that a route has a server function, and the packets sent to it should be subject to outbound transmission or inbound transmission control.