Accessing Computer using Internet through NAT

[evan29]

Hey, I've been working with Visual Basic 6 for some time. I already have a program that communicates through networks using Winsocks.

My problem is, I cannot connect to a friends computer through the internet into his network and through NAT. I suspect the IP address dependency from Winsocks. He is in a network and on a computer that does not directly connect to the internet. I need to get past that NAT. If your thinking its mine or his firewall, its not. I've checked that myself.

If anybody knows a solution to this, please tell me. If you need more info, I'll be happy to give you some.

[dilettante]

This sounds like the hoary old issue of failing to set up port mapping on the NAT device.

Normally you'd have more than one computer behind NAT. When NAT gets an inbound connection it refuses the conection unless a mapping for that port number has been set up to indicate which private network machine will service that port number.

These mappings are set up via UPnP, or more commonly via the administration inteface of the NAT device.

Some NAT boxes also allow you to designate one of the private network machines to be placed into a DMZ. When there is a DMZ machine configured pretty much all incoming connections are forwarded to that machine. For some types of applications this is the only practical way to make things work because numerous TCP and/or UDP ports need to be used, and the port numbers may well by highly variable.

It also means the DMZ machine is fairly exposed to anything trying to probe and infect unprotected machines.

[evan29]

Is there any other way than uPnP or opening DMZ? I don't want to risk security on other peoples computers. I think uPnP is the best way so far.

"When NAT gets an inbound connection it refuses the conection unless a mapping for that port number has been set up to indicate which private network machine will service that port number."

I have another question. How do we map a port number to indicate which private network machine that will service that port number? I just want to be able to send data to a machine behind NAT.

I can receive the data he sent me, but I cannot send data to him, because he is behind NAT.

[DigiRev]

You should be able to access your router or whatever via your webbrowser. It should have options, not only for DmZ, but for "Port Forwarding".

You will need to open the ports you're using by assigning his local IP to the IP field, and checking the "Enable" box.

Also don't forget to check the "TCP" box, and the "UDP" box, even if your program is not using the UDP protocol.

Every router is different, so it's hard to give you exact advice.

Most router IPs are:

http://192.168.0.1
http://192.168.1.1

or something similar.

To figure out his local ip, you can use the Winsock.LocalIP property.

Then use that when opening the ports.

[dilettante]

Yes the best way is probably to manually forward the desired port to the inside machine via the router's web console.

uPnP can do the same thing dynamically, from a program on the inside machine. But it is complex to program and many routers have it shut off anyway.

Open as few ports as practical. Most applications you'll write only need one port number forwarded.

[evan29]

I'm starting to get a bit confused. What I understand is that I'll have to open one or more ports for port forwarding, and I know how to do that.

What I don't know how to do is to make the program automatically open all the ports needed. All I know is you have to click the unblock button to allow the program to communicate.

I don't want my friend to have to go through all this trouble just so he can get it working. How do programs like MSN do this? A sample code of how to send over NAT using Winsocks would be really helpful if you can provide one. Like say to send a little piece of data over such as "lol" and I'll know how to do the rest.

[TokersBall_CDXX]

Programs such as msn messenger, yahoo, etc... use centralized servers that client systems open out bound connections to. Out bound connections don't require portforwarding in nat routers, as you can obviously browse the internet with no trouble.

In order for your friend or anyone for that matter be able to receive an inbound connection on the internal side of a nat based system, they will need to configure port forwarding on their nat device (router).

http://www.portforward.com/ has a wealth of information relating to configuring routers (including detailed instructions for makes and models of quite a few routers).


good luck

[DigiRev]

Some programs attempt to use uPnP but it fails most of the time because every router is different and most have it turned off as was already said.

I would suggest either opening the ports manually or re-writing your code and creating a central server and all data goes through that server program.

This is how most big servers like Yahoo and MSN work because they have the speed and can afford the bandwidth.

It might slow things down for you, but it would work. You could run it from a computer that's not behind a NAT/router, or you could just setup the router manually on that computer once and you would be done.

Also, have you tried being the server, and have your friend connect to you?

[dilettante]

The use of NAT offers some real advantages, but it also imposes a somewhat asymmetric model on top of normal Internet operation.

In many ways it's like using a cell phone instead of a walkie-talkie. True walkie-talkies can communicate with each other freely, with no intermediary. Using NAT tends to block this sort of interaction for PCs.

Things like most messenger programs work more like a cell phone that has to work through an intermediary service to call somebody else.

NAT lets PCs connect outward fairly freely to hosts on the public Internet. Connecting inward through NAT into another private network is another thing altogether. The whole point of private networks and private addresses is that they are not routable. There is no way to get from the public network into a private network with standard routing. Some other mechanism (like port mapping) is needed, whether done manually or with uPnP or whatever.

[evan29]

Yeah I understand. I need to find the router's IP address, and send data to the router. My friend also has to set up the router to forward those needed ports to his computer in order for it to work, because the router acts as a firewall, blocking those ports from coming in.

if I said anything wrong, tell cause I'll need to know.

[TokersBall_CDXX]

Yeah I understand. I need to find the router's IP address, and send data to the router. My friend also has to set up the router to forward those needed ports to his computer in order for it to work, because the router acts as a firewall, blocking those ports from coming in.

if I said anything wrong, tell cause I'll need to know.

this is correct.

NAT devices at their very nature block all incomming traffic unless otherwise configured.

[Al42]

Your program can't forward ports in the router. A person has to set the router up to forward ports.

A better way would be to have the computer behind the router make the connection, regardless of the direction in which the data is flowing. IOW, when you have to send data to your friend's computer you save that data to a specific file on your computer. Then your program - running on your friend's computer - connects to your computer, gets that file, and uses the data in the file. That way no ports have to be open.

A slight clarification: by the nature of network address translation, incoming connections are blocked. Incoming data gotten over an outgoing connection isn't blocked. If it were, you couldn't see the web site by using your browser if you're behind a router.

[evan29]

"when you have to send data to your friend's computer you save that data to a specific file on your computer. Then your program - running on your friend's computer - connects to your computer, gets that file, and uses the data in the file."

I don't think that is possible with my program. My program needs to upload and download data quickly over the internet in real time. Saving a file and having the other computer to continually check it every 15 milliseconds is going to create unnecessary lag. I'll need to set up that router myself for my program to work, because my friend does not know how to.

I have another question I need for my program.

Is there any way to find the external IP from the program itself? I need the program to be independent of finding its external IP address. Right now I can only find the internal IP address, and I need to find the address of the router, not the computer that is behind the router.

[DigiRev]

Is there any way to find the external IP from the program itself? I need the program to be independent of finding its external IP address. Right now I can only find the internal IP address, and I need to find the address of the router, not the computer that is behind the router.

Windows doesn't provide a reliable way to get your external IP address. Winsock.LocalIP will return the internal IP address, unless the person is not behind a NAT/router. You would have to get it from your router (good luck) or from a webserver like www.showmyip.com

You can get the router's IP, which is the Default Gateway/Subnet Mask, by using the command prompt. I'm sure there's other ways to do it through code, but that's the only way I know of.

ipconfig /all