<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: what port number to use?
From: Karl Kleinpaste <karl,AT,charcoal,DOT,com>
Date: Thu, 9 Aug 2001 00:06:15 +0200
In-reply-to: <Pine.SOL.4.10.10108082118500.28873-100000@masto.uku.fi>

Gordon Chamberlin <glac,AT,visualizeinc,DOT,com> writes:

> Firewalls would likely constrain the IP addresses behind them to the
> non-routable range (192.168.x.y).

Firewall != NAT.

Perfectly valid, worldwide-routable IP addresses can nonetheless be
firewalled from view on certain ports.  A machine with an address in
ordinary, routable IP space might nonetheless be positioned behind a
firewalling router which precludes e.g. NNTP or SMTP, so as to avoid
use of firewalled hosts for spam-sourcing.

> How would you tunnel through a firewall in that case or any other?

For the NAT'ing firewall case, if _one_ endpoint is NAT'd and the
other is not, then the non-NAT endpoint can be set up with address
0.0.0.0 and port 0 for the mate's address, and the NAT endpoint can
then be responsible for establishing the connection to the non-NAT
endpoint.

If both endpoints are NAT'd, then yes, both ends fail to be able to
find the mate endpoint, without explicit port-forwarding at the
firewall itself.





<< | Thread Index | >> ]    [ << | Date Index | >> ]