Connecting to a service on a host behind NAT from another host behind NAT over the Internet












0















Assume you have a host (hosta) that is running a TCP service (e.g. a VNC server on port 5901). You want to access to this service from another host (hostb) running a VNC client. Both hosts are connected to Internet, but there are some restrictions:



1. hosta can be reached from the Internet using any of its TCP ports



VNC client on hostb connects to hosta:5091 directly.



2. hosta can be reached from the Internet only through SSH



From hostb:



ssh -L 5901:localhost:5901 usera@hosta


VNC client on hostb connects to localhost:5901



3. hosta cannot be reached from the Internet (e.g. it is behind CGN / CGNAT). However, hostb can be reached from the Internet



From hosta:



ssh -R 5901:localhost:5901 userb@hostb


VNC client on hostb connects to localhost:5901



4. hosta and hostb cannot be reached from the Internet. They are behind CGN / CGNAT; they can only create outbound connections



We can use another host (hostc) which can be reached from the Internet using ssh.



From hosta:



ssh -R 5555:localhost:5901 userc@hostc


From hostb:



ssh -L 5901:localhost:5555 userc@hostc


VNC client on hostb connects to localhost:5901



I have a case like the 4th scenario above, but I do not wish to use a third host (hostc), mainly because of performance and cost reasons.



What are my alternative (cheaper [=free] and better performance) options?




Note 1: I have tested and determined that although TCP hole punching does not work in my case, UDP hole punching does work. However, I need a tool that will establish connection oriented (similar to TCP) session over UDP that will utilize UDP hole punching.



Note 2: Failing to use any of "UDP hole punching" programs available on the Internet, I decided to write my own. I am still improving it, but, as it is, it works fairly well. You can find it here.






networking ssh internet port forwarding







share|improve this question




















  • 1





    Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

    – joat
    Jan 6 at 14:08











  • You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

    – montonero
    Jan 16 at 11:32











  • @montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

    – ivanivan
    Feb 3 at 15:58











  • @ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

    – montonero
    Feb 4 at 7:18
















0















Assume you have a host (hosta) that is running a TCP service (e.g. a VNC server on port 5901). You want to access to this service from another host (hostb) running a VNC client. Both hosts are connected to Internet, but there are some restrictions:



1. hosta can be reached from the Internet using any of its TCP ports



VNC client on hostb connects to hosta:5091 directly.



2. hosta can be reached from the Internet only through SSH



From hostb:



ssh -L 5901:localhost:5901 usera@hosta


VNC client on hostb connects to localhost:5901



3. hosta cannot be reached from the Internet (e.g. it is behind CGN / CGNAT). However, hostb can be reached from the Internet



From hosta:



ssh -R 5901:localhost:5901 userb@hostb


VNC client on hostb connects to localhost:5901



4. hosta and hostb cannot be reached from the Internet. They are behind CGN / CGNAT; they can only create outbound connections



We can use another host (hostc) which can be reached from the Internet using ssh.



From hosta:



ssh -R 5555:localhost:5901 userc@hostc


From hostb:



ssh -L 5901:localhost:5555 userc@hostc


VNC client on hostb connects to localhost:5901



I have a case like the 4th scenario above, but I do not wish to use a third host (hostc), mainly because of performance and cost reasons.



What are my alternative (cheaper [=free] and better performance) options?




Note 1: I have tested and determined that although TCP hole punching does not work in my case, UDP hole punching does work. However, I need a tool that will establish connection oriented (similar to TCP) session over UDP that will utilize UDP hole punching.



Note 2: Failing to use any of "UDP hole punching" programs available on the Internet, I decided to write my own. I am still improving it, but, as it is, it works fairly well. You can find it here.






networking ssh internet port forwarding







share|improve this question




















  • 1





    Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

    – joat
    Jan 6 at 14:08











  • You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

    – montonero
    Jan 16 at 11:32











  • @montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

    – ivanivan
    Feb 3 at 15:58











  • @ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

    – montonero
    Feb 4 at 7:18














0












0








0








Assume you have a host (hosta) that is running a TCP service (e.g. a VNC server on port 5901). You want to access to this service from another host (hostb) running a VNC client. Both hosts are connected to Internet, but there are some restrictions:



1. hosta can be reached from the Internet using any of its TCP ports



VNC client on hostb connects to hosta:5091 directly.



2. hosta can be reached from the Internet only through SSH



From hostb:



ssh -L 5901:localhost:5901 usera@hosta


VNC client on hostb connects to localhost:5901



3. hosta cannot be reached from the Internet (e.g. it is behind CGN / CGNAT). However, hostb can be reached from the Internet



From hosta:



ssh -R 5901:localhost:5901 userb@hostb


VNC client on hostb connects to localhost:5901



4. hosta and hostb cannot be reached from the Internet. They are behind CGN / CGNAT; they can only create outbound connections



We can use another host (hostc) which can be reached from the Internet using ssh.



From hosta:



ssh -R 5555:localhost:5901 userc@hostc


From hostb:



ssh -L 5901:localhost:5555 userc@hostc


VNC client on hostb connects to localhost:5901



I have a case like the 4th scenario above, but I do not wish to use a third host (hostc), mainly because of performance and cost reasons.



What are my alternative (cheaper [=free] and better performance) options?




Note 1: I have tested and determined that although TCP hole punching does not work in my case, UDP hole punching does work. However, I need a tool that will establish connection oriented (similar to TCP) session over UDP that will utilize UDP hole punching.



Note 2: Failing to use any of "UDP hole punching" programs available on the Internet, I decided to write my own. I am still improving it, but, as it is, it works fairly well. You can find it here.






networking ssh internet port forwarding







share|improve this question
















Assume you have a host (hosta) that is running a TCP service (e.g. a VNC server on port 5901). You want to access to this service from another host (hostb) running a VNC client. Both hosts are connected to Internet, but there are some restrictions:



1. hosta can be reached from the Internet using any of its TCP ports



VNC client on hostb connects to hosta:5091 directly.



2. hosta can be reached from the Internet only through SSH



From hostb:



ssh -L 5901:localhost:5901 usera@hosta


VNC client on hostb connects to localhost:5901



3. hosta cannot be reached from the Internet (e.g. it is behind CGN / CGNAT). However, hostb can be reached from the Internet



From hosta:



ssh -R 5901:localhost:5901 userb@hostb


VNC client on hostb connects to localhost:5901



4. hosta and hostb cannot be reached from the Internet. They are behind CGN / CGNAT; they can only create outbound connections



We can use another host (hostc) which can be reached from the Internet using ssh.



From hosta:



ssh -R 5555:localhost:5901 userc@hostc


From hostb:



ssh -L 5901:localhost:5555 userc@hostc


VNC client on hostb connects to localhost:5901



I have a case like the 4th scenario above, but I do not wish to use a third host (hostc), mainly because of performance and cost reasons.



What are my alternative (cheaper [=free] and better performance) options?




Note 1: I have tested and determined that although TCP hole punching does not work in my case, UDP hole punching does work. However, I need a tool that will establish connection oriented (similar to TCP) session over UDP that will utilize UDP hole punching.



Note 2: Failing to use any of "UDP hole punching" programs available on the Internet, I decided to write my own. I am still improving it, but, as it is, it works fairly well. You can find it here.






networking ssh internet port forwarding




networking ssh internet port forwarding






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 3 at 15:49







FedonKadifeli

















asked Jan 6 at 12:43









FedonKadifeliFedonKadifeli

114




114








  • 1





    Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

    – joat
    Jan 6 at 14:08











  • You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

    – montonero
    Jan 16 at 11:32











  • @montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

    – ivanivan
    Feb 3 at 15:58











  • @ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

    – montonero
    Feb 4 at 7:18














  • 1





    Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

    – joat
    Jan 6 at 14:08











  • You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

    – montonero
    Jan 16 at 11:32











  • @montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

    – ivanivan
    Feb 3 at 15:58











  • @ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

    – montonero
    Feb 4 at 7:18








1




1





Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

– joat
Jan 6 at 14:08





Not sure that you'd be able to get away from using a commonly accessible (third) machine, in your fourth use case. Alternatives to SSH would include virtual private LANs (e.g., Hamachi) or VPNs, both of which (in your case) would still require a third party.

– joat
Jan 6 at 14:08













You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

– montonero
Jan 16 at 11:32





You haven't much alternatives here: either one of NATs should be configured for port forwarding or external host should be used.

– montonero
Jan 16 at 11:32













@montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

– ivanivan
Feb 3 at 15:58





@montonero yup. but at times, that isn't the case. EG - brother and sister go to 2 different universities, and both are behind NAT and have no ability to change configuration at either end.

– ivanivan
Feb 3 at 15:58













@ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

– montonero
Feb 4 at 7:18





@ivanivan in this case some intermediate host should be involved. to make a connection you'll need to have an open port at some point.

– montonero
Feb 4 at 7:18










0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391146%2fconnecting-to-a-service-on-a-host-behind-nat-from-another-host-behind-nat-over-t%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Super User!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1391146%2fconnecting-to-a-service-on-a-host-behind-nat-from-another-host-behind-nat-over-t%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Plaza Victoria

Image
Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l...
Read more

Brian Clough

Image
Brian Clough Datos personales Nombre completo Brian Howard Clough Apodo(s) Old Big 'Ead, Cloughie [ 1 ] ​ Nacimiento Middlesbrough, Inglaterra, Reino Unido 21 de marzo de 1935 Nacionalidad(es) Fallecimiento Derby, Reino Unido 20 de septiembre de 2004 (69 años) Altura 1,78 [ 1 ] ​ metros Carrera Deporte Fútbol Debut deportivo 1955 (Como jugador) 1965 (Como entrenador) (Middlesbrough F. C. (Como jugador) Hartlepool United F. C. (Como entrenador) ) Posición Delantero Goles en clubes 269 [ 2 ] ​ Retirada deportiva 1964 (Como jugador) 1993 (Como entrenador) (Sunderland A. F. C. (Como jugador) Nottingham Forest (Como entrenador) ) Carrera internacional Part. 2 [editar datos en Wikidata] Brian Howard Clough , OBE [ 3 ] ​ (Middlesbrough, Inglaterra, Reino Unido, 21 de marzo de 1935 – Derby, Inglaterra, Reino Unido, 20 de septiembre de 2004) fue un jugador y entrenador británico de fútbol. Es conocido por...
Read more

Cáceres

Image
Para otros usos de este término, véase Cáceres (desambiguación). Cáceres Municipio y ciudad Bandera Escudo Collage de Cáceres Cáceres Ubicación de Cáceres en España. Cáceres Ubicación de Cáceres en la provincia de Cáceres. País  España • Com. autónoma  Extremadura • Provincia  Cáceres • Partido judicial Cáceres Ubicación 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 Coordenadas: 39°28′23″N 6°22′16″O  /  39.473055555556, -6.3711111111111 • Altitud 457 [ 1 ] ​ msnm (mín.:211 [ 2 ] ​, máx.:708 [ 2 ] ​) Superficie 1750,33 km² Núcleos de población Cáceres Estación Arroyo-Malpartida Rincón de Ballesteros Valdesalor Fundación 34 a. C. Población 96 068 hab. (2018) • Densidad 54,8 hab./km² Gentilicio Cacereño/a [ 3 ] ​ Código postal 10001-10005, 10195 Alcaldesa (2015) María Elena Nevado del Campo [ 4 ] ​ Presupuesto 69.045.004€ [ 5 ] ​  (año ...
Read more