7

I have some nodes. Each node belongs to other network. Each node has private IP like 192.168.0.2 and stays behind NAT.

Is there any possibility to communicate between Nodes? Actually, I need to transfer files between these independent nodes.

I try to use this project - https://github.com/libp2p/go-libp2p. But libp2p has some limitations:

  1. Both nodes have private IP address (same network)
  2. At least one of them has a public IP address.

But I have nodes with private IP address, and they belongs to different network.

Update.

There are such solutions:

Max
  • 1,803
  • 3
  • 25
  • 39
  • This is not a Go question, but a network question. Go cannot override limitations set by the network-environments in which computers are. – Bert Verhees Jun 23 '18 at 20:21
  • @BertVerhees I agree with you. But I used go tag just for explanations, if someone wants give me some github libraries. – Max Jun 23 '18 at 20:26
  • There is no go-library that can resolve limitations which are created by the network-setup. When there is no route to an IP address, no go-library can make you reach that computer. It is a TCPIP/routing problem, you have to solve with the network administrator. – Bert Verhees Jun 23 '18 at 20:32
  • @BertVerhees I mean, maybe there is some way to solve my problem. Like dynamic dns or some kind of service mesh. – Max Jun 23 '18 at 20:58
  • You need another server, which you know the IP/port of, so that you can exchange the ports and IP's in the NAT boxes so that you can set up a P2P connection. – jubueche Jun 23 '18 at 22:03
  • The skype model is that a server becomes a supernode in skype context. The computers which want the P2P still do not get to know each others IP addresses which they have inside their NAT area. Those addresses are not addressable outside the NAT, so knowing them would be useless. The skype trick is that the P2P needing computers behind the NAT initiate a contact, which is, of course mostly permitted because the NAT router supports that direction of connection. – Bert Verhees Jun 23 '18 at 22:40
  • Why is this tagged as bittorrent? – the8472 Jun 24 '18 at 14:17
  • @the8472 I removed this tag. – Max Jun 24 '18 at 14:18

3 Answers3

4

The idea is that you have a rendez-vous server, which the nodes 1 and 2 connect to. For that they must know the IP of the rendez-vous server.

It goes as follows: 1) 1 and 2 both send UDP packets to the RS. N1 (NAT box of Node 1) and N2 create an entry in the translation table, which maps the IP of the nodes to the IP/Port of the RS. 2) The RS passes (EIP1,EP1) to Node 2. This is the Tulpe containing the public IP of the NAT box and the public port. The RS sends (EIP2,EP2) to Node 1. 3) Node 1 creates a mapping in the translation table: (IP1,EP1,EIP2,EP2). 4) Node 2 does the same but with (IP2,EP2,EIP1,EP1).

Note: Step 3 and 4 happen, because each Node sends a UDP packet to the just received tuple (IP,Port) and therefore the NAT box adds a new entry. In the worst case, these messages have to be sent more than once.

This trick enables that both nodes get ahold of the public IP’s and have the correct ports.

This provides a good way of establishing peer to peer connections for e.g. Skype.

I hope this helps.

jubueche
  • 763
  • 5
  • 24
  • Also for Skype, the computer inside initiates the TCP/IP contact. The trick can work if a router fo – Bert Verhees Jun 23 '18 at 22:07
  • The trick is that the computer inside the NAT is triggered to initiate a session to outside the NAT. It is explained here.https://www.theregister.co.uk/2003/10/08/how_does_skype_get_through/ But necessary remain special settings on routers and firewalls to allow UDP – Bert Verhees Jun 23 '18 at 22:14
  • Jbuchel, Max also wants to know with which go library this can be solved. My opinion is that this is not possible, but maybe you have other information. – Bert Verhees Jun 23 '18 at 22:21
  • I don’t know of any library that does that, but it doesn’t sound too hard to implement yourself. But maybe some time... – jubueche Jun 23 '18 at 23:25
  • It was a tricky question. I am sorry for that. You don't need a library, the way skype handles it can be done within standard network functionality. The problem is in the external provisions needed. – Bert Verhees Jun 23 '18 at 23:30
2

Libp2p has no such limitations.

The chat example which you quoted is programmed in such a way that it cannot support private IP's behind NAT BUT Libp2p support NAT Traversal techniques like Hole Punching, STUN, TURN like protocol and bootstrapping using rendezvous point using DHT for now. This is what you need.

Following examples may be useful to you:

  1. chat-with-rendezvous: https://github.com/libp2p/go-libp2p-examples/tree/master/chat-with-rendezvous
  2. chat-with-tor: https://github.com/libp2p/go-libp2p-examples/pull/1
Upperwal
  • 111
  • 1
  • 7
0

Max, I make it an answer to your question.

Which computers you can reach configured on a network or cannot reach, cannot be overridden by software on a computer. That would be a security-breach, and it could be a cause for address conflicts, because in different NAT-areaś the same IP addresses can be in use.

So, You cannot see computers behind a router, if that router uses NAT. The router does not advertise these addresses.

The purpose of NAT is to have a special island of IP-addresses which no-one outside the NAT section can see. In this way, a company can use fewer unique IP-addresses to have a good functioning network. Another purpose is security. The router also hides the MAC-addresses of the computers inside the NAT area. A router can hide many things.

Computers inside a NAT-area can initiate contact to computers outside the NAT ((if permitted) the router will remember the computer and keep a address-translation for it), but there is no way a computer outside the NAT can address a computer inside the NAT. It can only reply to a computer from inside. It does that by replying to the router, and the router will know to which computer in the NAT area to forward the reply.

Go does not provide libraries which can solve these external limitations. Live with it. There is nothing you can do.

As JBuchel explains the skype model can work if there are some extra provisions, like open UDP ports, and extra server/computer, etc. This is in fact a rearrangement of the network configuration, which cannot be done without the help of system/network administrators.

But if there is support on that level, the solution is so much easier, just remove the computer from the NAT and give it an IP address that is visible for the other computer.

Bert Verhees
  • 1,057
  • 3
  • 14
  • 25