I'm building a P2P application that needs to be able to access nodes behind a NAT. This NAT does not allow inbound connections, therefore the nodes outside the network cannot reach out to the nodes behind the NAT.
My solution to this problem is that the node behind the NAT would reach out to the node outside, and the node outside, when the time is ready, connect to the node that is inside the NAT by using that pre-established TCP connection. Since this connection would be established by the node inside the NAT, this would not be blocked by the NAT.
Here's my question. I do not know which of the interpretations underlined are correct, or if both are wrong.
Interpretation #1
There is a concept of a TCP connection, effectively a tube, and when a node inside the NAT makes a request to anything on the outside world, that tube opens, the response is put into it, and the tube closes forever.
Result: The NAT will not allow any further TCP connections to the client from the node outside after that tube closes.
Interpretation #2
There is no such thing as a TCP connection, but, a TCP transmission. Since a TCP connection is defined as a local ip:port
, and a remote ip:port
, after a node behind the NAT calls a node outside, the node outside can call back using the same port the client made the request from, and that would "count" as the same TCP connection, not an unsolicited call in by the NAT.
Result: The NAT effectively guesses whether this connection was a response to what the node inside the NAT asked for by looking at the historic record. Since the node behind the NAT made the first call out, the node outside can call back in using the same client port and it would work.
My mental model was closer to #1, but when I inspected the connections with Wireshark, they did appear as separate TCP connections, or at least as separate entities.
Is it closer to #1, or #2, or am I hopelessly confused?
Best Answer
TCP is a connection-oriented protocol, and it can only communicate through connections.
Before you start programming using TCP, it would be helpful to first understand how TCP works, and you should start with RFC 793, Transmission Control Protocol, which is the definition of TCP.
The RFC explains sockets and connections:
As far as the outside TCP peer is concerned, it is connecting to the outside address of the NAT device, even though that device is forwarding to the other TCP peer on the inside, based on the connection initiated by the inside device.
You can also study RFC 5382, NAT Behavioral Requirements for TCP.