From: "Serguei I. Ivantsov" <manowar@gsc-game.kiev.ua>
To: netfilter@lists.netfilter.org
Subject: NAT support for peer-to-peer games
Date: Tue, 21 Sep 2004 11:04:20 +0300 [thread overview]
Message-ID: <00cf01c49fb1$da5492e0$e310f43e@manowar> (raw)
Hello!
I just interesting - whether something changes in Netfilter to support
peer-to-peer games.
How to implement the scheme described below using netfilter?
<from the article>
...
Here's how the hosts know where to send the packets:
1) There is a well-known server with a well-known port, not
behind any NAT or firewall. Its only purpose is to relay
the public and local addresses of all participants in a session
to each other. (A host's public address is the address/ UDP port pair
seen by the outside world; its local address is the pair it
thinks it has.)
2) To join the session, a new host sends its local address
to the well-known server. The server then stores the new
host's public address (from the UDP header) together with its
local address (embedded in the packet).
The list of all participants' public and local addresses are
then sent down to the new host. The new host notes its own public
address in the reply from the server.
3) The server sends the public and local address of the
new host to all existing participants.
4) The new host then sends a hello packet to both the public and
local addresses of each participant; likewise, the existing
participants all send hello packets to both the public and
local addresses of the new host. The packet contains
the sending host's public and local addresses.
These are analogous to TCP's SYN packet, and are retransmitted
periodically if no response is received (see below).
5) The act of sending a packet to the other participants
signals the firewall that a reply will be coming back along
the reverse path. It opens up a return path which just
reverses the source and destination address/ UDP port pairs.
This seems to be a common feature of many firewalls and
SOHO routers (e.g. the Cisco PIX). I don't know how
widespread it is. Is there any data on what firewalls
support this behavior?
6) For participants behind different firewalls / NATs / masquerading
hosts, one packet (the one sent to the peer's public address)
will make it through. For participants behind the same firewall / NAT /
masquerading host, the other packet (the one sent to the peer's
local address) will make it through.
For participants with two IP interfaces, one or the other packet
will make it through; it doesn't matter which.
The entire Dan Kegel article can be found here:
http://www.hasenstein.com/HyperNews/get/linux-ip-nat/97.html
--
Serguei I. Ivantsov
next reply other threads:[~2004-09-21 8:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-21 8:04 Serguei I. Ivantsov [this message]
2004-09-21 13:08 ` NAT support for peer-to-peer games Jason Opperisano
2004-09-22 6:45 ` Kenneth Porter
2004-09-23 8:45 ` Andy Furniss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00cf01c49fb1$da5492e0$e310f43e@manowar' \
--to=manowar@gsc-game.kiev.ua \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.