[GnomeMeeting-list] through NAT without _any_ forwarding - this seems to be possible!

From: klakier pld org pl (Rafał Kleger-Rudomin)
To: gnomemeeting-list gnome org
Subject: [GnomeMeeting-list] through NAT without _any_ forwarding - this seems to be possible!
Date: 09 Nov 2002 02:41:36 +0100

Hello!

Last three months I've been trying to establish connection
between me and my family (they are behind masquerading server).
All solutions presented in FAQ are useless for me, bacause
they requires cooperation from firewall admin. And if says 'no'
or simply does not answer your mails, you can do nothing.

Anyway, seems that could work without support on firewall!

The current situation is as follows:
My family calls my IP using Netmeeting from behind firewall.
After connection is established I receive video from them
(I do not get audio but this is probably the problem with drivers
on their side). They do not see/hear me.
TCP connections as well as UDP listens looks ok:

tcp 0 0 62.195.51.124:30001 0.0.0.0:* LISTEN 2277/gnomemeeting
tcp 0 0 0.0.0.0:1720 0.0.0.0:* LISTEN 2277/gnomemeeting
tcp 0 0 62.195.51.124:1720 62.233.169.134:2707 ESTABLISHED 2277/gnomemeeting
tcp 0 0 62.195.51.124:30001 62.233.169.134:2708 ESTABLISHED 2277/gnomemeeting
udp 0 0 62.195.51.124:5000 0.0.0.0:* 2277/gnomemeeting
udp 0 0 62.195.51.124:5001 0.0.0.0:* 2277/gnomemeeting

And I receive UDP packets (of course - I get video stream),
e.g. excerpt from tcpdump:
01:14:53.235678 62.233.169.134.49606 > 62.195.51.124.5000: udp 274

The missing element is UDP transmission from my side:
01:14:52.775139 62.195.51.124.5000 > 10.4.3.30.49606: udp 180 (DF) [tos 0x30]
^^^^^^^^^^^^^^^
As one can expect, they go to nowhere (non-routable address).

If my gm sent the UDP packets back to 62.233.169.134.49606 then I
thing it could work: when the NATed machine X sends an UDP packet to
my host from port PX, the packet is retransmitted by masq router Y
from his port PY, but also linux masq code enables the return way
i.e. if I send a packet to Y on port PY, router should deliver it back
to X on port PX. This is feature of masq (though I read some article
where someone claims this is a hole).

I tried it recently: I opened UDP port 5000
# nc -l -u -p 5000
my friend called me form behind masq:
# nc -u myIP 5000
and we established two-way communication.

The conclusion: in my case gm must use router's IP in outcoming
UDP stream when replying to NATed machine. Can that really be so simple?
If so, how to try it? Is it easy to hack gm code to try it?

Best Regards,
Rafal

--
Rafa~ Kleger-Rudomin (klakier pld org pl)

Follow-Ups:
- Re: [GnomeMeeting-list] through NAT without _any_ forwarding - this seems to be possible!
  - From: Damien Sandras

References:
- Re: [GnomeMeeting-list] Quicknet dialing ?
  - From: Damien Sandras

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]