1

I have some software running on port 50885 on a computer behind a NAT

How can I access this port from the internet? I can initiate something from the computer as I have to launch the app.

If I get it correctly : with my local address:port, lets say : 192.168.0.10:50885 If something goes trough the NAT initiated by the computer, Then there should be some sort of port forwarding created automatically and there should be some sort of publicly IP:PORT that should knock on the 50885 port on the computer behind the NAT. Am I right?

If so, wouldn't it be possible to ask a server-side script like in php, Hey, tell me what this publicly IP & Port are?

I'm a bit confused about Port Forwarding.

Vincent Duprez
  • 3,772
  • 8
  • 36
  • 76
  • What do you mean by `behind a NAT` (NAT is an action, not a device)? Do you have a router with port/address translation configured? To your question about detecting that configuration - from that local host, no that's not possible. – admdrew Feb 13 '14 at 23:53
  • Yes, I mean behind a router – Vincent Duprez Feb 13 '14 at 23:57
  • That NAT configuration is only known by the router. Let's say your router is configured to translate all inbound port 50885 traffic to your public IP (example: 12.34.56.78) to go to your internal host, 192.168.0.10. From an outside perspective, the sender only knows/cares about what it needs to use as its destination (12.34.56.78:50885). From an inside perspective, your host (192.168.0.10) simply receives traffic on 50885; because the router already translated the traffic, your internal host doesn't know/care about the public IP that was the original destination from the outside sender. – admdrew Feb 14 '14 at 00:08

2 Answers2

1

Per my understanding, assuming you use socket local_ip:local_port to connect remote1_ip:remote1_port. After NAPT device local_ip:local_port becomes translated_ip:translated_port. remote1 can get translated_ip:translated_port but I have not found such service. Next time you establish a new connection with remote2_ip:remote2_port with the same client local_ip:local_port, will translated_ip:translated_port be kept unchanged? Normally NAPT sever will reserve it for some time, say 5 minutes. So if someone from remote3:remote3_port to connect translated_ip:translated_port within 5 minutes (since the last packet sent to translated_ip:translated_port), NAPT server will direct traffic to local_ip:local_port. If remote3_port=remote1_port, though remote1_ip!=remote1_ip, the connection will be accepted by the local socket. If the information expired, NAPT sever will allocate a new translated_ip2:translated_port2.

Leon
  • 3,124
  • 31
  • 36
0

Yes, you would have to query an external script to retrieve the public info from the other side of the router. There are plenty of websites to get the IP (http://whatismyip.com, http://iplookup.flashfxp.com, etc) but I have never seen one that reports both the IP and Port, they usually only report the IP. Most NATs use a 1-to-1 relationship on ports, though they CAN use different ports. If you have your own website (or have a friend that does), it would not be very difficult to write your own script to retrieve the public port.

If you make an OUTBOUND TCP connection from your LAN PC through the router to the outside, then the router generates and keeps track of the necessary NAT lookup info automatically so it can then forward traffic back and forth for that connection.

If you make an INBOUND TCP connection from the outside through the router to your LAN PC, there is no NAT lookup info established automatically. The router needs to be told ahead of time, via a Port Forwarding rule, which private LAN IP:Port to direct an incoming connection to when it receives a new client connection on a specific public IP:Port. If your router supports uPNP (and if it is enabled) then your app can use a uPNP API/library to programmably create a Port Forwarding rule in the router when the app opens a listening socket. Otherwise, if uPNP is not available then you have to configure the router manually instead.

Remy Lebeau
  • 555,201
  • 31
  • 458
  • 770
  • `it would not be very difficult to write your own script to retrieve the public port` How so? Only the router has true visibility over address translations; gleaning translated information outside of the router can only be based on assumptions. Even using a resource like whatismyip.com will get you a public IP that's routable back to you, but it's not technically possible to know where exactly that IP is bound to. Think about a home router connected to cable modem: whatismyip won't help you find the router's interface connected to the modem. – admdrew Feb 14 '14 at 00:34
  • For an inbound port translation, inbound packets' destinations have already been modified by an upstream router by the time the target receives them, so that target can't know the original destination IP/port as configured by the sender. A true 1:1 NAT will simply translate *all* traffic destined for the configured 'outside' IP to the internal destination, and explicit port translation is not needed (obviously this is really only possible when you control multiple outside IPs, and your router supports binding more than one IP to its physical outside interface). – admdrew Feb 14 '14 at 00:35
  • @admdrew: a script on a public server would be able to get the router's public port because that the port used by the router to make the connection to the server. So the server script would be able to query the connection between the router and the server to determine the port that the router is using, via `getpeername()` or similar API. I never said it was possible for the server to determine the LAN IP:Port that is behind the router. But it is possible for it to determine the public IP:Port on the router itself, which could then be transmitted over the connection back to the LAN PC. – Remy Lebeau Feb 14 '14 at 00:43
  • `the server script would be able to query the connection between the router and the server to determine the port that the router is using` The source/destination ports seen in the outbound TCP traffic (from the internal host's perspective) received by the server aren't really helpful for inbound-generated traffic from that server to the host. The source port will be a random ephemeral port, and the dest port will obviously be whatever the server is listening on. Neither of those correspond to the port that the router is configured for inbound translation to the internal host. – admdrew Feb 14 '14 at 00:51
  • The only situation in which your server script would help would be for traffic in which the source and destination ports are intended to be the same, often seen with UDP traffic. In that case, however, an assumption is still being made: your server assumes that the OP's router is configured and expecting inbound-generated traffic to be received on that same port. – admdrew Feb 14 '14 at 00:54
  • Ok, I'm really confused now :) Getting the port doesn't seams hard indeed ... php's $_SERVER["REMOTE_PORT"] does return what seams to be a random port number every time I request it... but what now? – Vincent Duprez Feb 14 '14 at 08:32
  • @VincentDuprezL forget it. Admdrew is right. The remote port would only apply for the particular connection between the router and the server, which may not be the same port that the LAN PC wants to use for other purposes. – Remy Lebeau Feb 14 '14 at 22:57