UDP packets to PC behind NAT

Discussion in 'Python' started by Janto Dreijer, Sep 15, 2006.

  1. This is probably more of a networking question than a Python one, but
    it would be nice to know if someone has done this with Python's socket
    module. And besides one usually gets more information from c.l.py than
    anywhere else :)

    I have a server with a static "public" IP and a client behind a NAT. I
    would like to send UDP packets from the server to the client. So what I
    need to do is open up a "hole" in the NAT and let the server know the
    target IP and port of the client where it can send its packets.

    Now I have read somewhere that you can have TCP and UDP running on the
    same port. Not sure if this is true. Would it be a reasonable solution
    to initiate a TCP connection from the client to the server and somehow
    (?) let the server figure out how the client is connecting? And then
    send UDP to client over the same (IP, port)?
     
    Janto Dreijer, Sep 15, 2006
    #1
    1. Advertising

  2. Janto Dreijer

    Christophe Guest

    Janto Dreijer a écrit :
    > This is probably more of a networking question than a Python one, but
    > it would be nice to know if someone has done this with Python's socket
    > module. And besides one usually gets more information from c.l.py than
    > anywhere else :)
    >
    > I have a server with a static "public" IP and a client behind a NAT. I
    > would like to send UDP packets from the server to the client. So what I
    > need to do is open up a "hole" in the NAT and let the server know the
    > target IP and port of the client where it can send its packets.
    >
    > Now I have read somewhere that you can have TCP and UDP running on the
    > same port. Not sure if this is true. Would it be a reasonable solution
    > to initiate a TCP connection from the client to the server and somehow
    > (?) let the server figure out how the client is connecting? And then
    > send UDP to client over the same (IP, port)?


    Initiate an UDP connection from the client to the server and have the
    server send back the UDP packets to the address you get in the
    "recvfrom" result.
     
    Christophe, Sep 15, 2006
    #2
    1. Advertising

  3. Awesome! I haven't tested it on the actual server but I think it works.
    Thanks!
    I prefer a TCP connection solution and will post one if it works.

    server.py
    ========
    from socket import *
    print "listening"
    UDPSock = socket(AF_INET, SOCK_DGRAM)
    UDPSock.bind(("localhost", 1234)) # visibility to outside world
    payload, addr = UDPSock.recvfrom(1024)
    print "message from %s: %s" % (`addr`, payload)
    UDPSock = socket(AF_INET, SOCK_DGRAM) # open UDP socket
    result = UDPSock.sendto("your public address is %s" % `addr`, addr)

    client.py
    =====
    from socket import *
    UDPSock = socket(AF_INET, SOCK_DGRAM) # open UDP socket
    result = UDPSock.sendto("what's my public address?", ("localhost",
    1234))
    payload, addr = UDPSock.recvfrom(1024)
    print payload

    results:
    ====
    listening
    message from ('127.0.0.1', 32787): what's my public address?

    your public address is ('127.0.0.1', 32787)
     
    Janto Dreijer, Sep 15, 2006
    #3
  4. On 2006-09-15, Christophe <> wrote:

    > Initiate an UDP connection from the client to the server and
    > have the server send back the UDP packets to the address you
    > get in the "recvfrom" result.


    There's no such thing as a "UDP connection", so I don't
    understand what you're suggesting.

    --
    Grant Edwards grante Yow! By MEER biz doo
    at SCHOIN...
    visi.com
     
    Grant Edwards, Sep 15, 2006
    #4
  5. On 2006-09-15, Janto Dreijer <> wrote:

    > I have a server with a static "public" IP and a client behind a NAT. I
    > would like to send UDP packets from the server to the client. So what I
    > need to do is open up a "hole" in the NAT and let the server know the
    > target IP and port of the client where it can send its packets.
    >
    > Now I have read somewhere that you can have TCP and UDP running on the
    > same port.


    True.

    > Not sure if this is true.


    It is.

    > Would it be a reasonable solution to initiate a TCP connection
    > from the client to the server and somehow (?) let the server
    > figure out how the client is connecting? And then send UDP to
    > client over the same (IP, port)?


    I doubt that will work unless the firewall has been
    specifically designed to recognize that pattern of activity and
    allow the incoming UDP packets. I don't think most firewall
    have default rules that allow UDP packets to tunnel back along
    a TCP connection.

    --
    Grant Edwards grante Yow! Clear the
    at laundromat!! This
    visi.com whirl-o-matic just had a
    nuclear meltdown!!
     
    Grant Edwards, Sep 15, 2006
    #5
  6. Oops. That second UDPSock = socket(...) in the server.py shouldn't be
    there.

    Janto Dreijer wrote:
    > Awesome! I haven't tested it on the actual server but I think it works.
    > Thanks!
    > I prefer a TCP connection solution and will post one if it works.
    >
    > server.py
    > ========
    > from socket import *
    > print "listening"
    > UDPSock = socket(AF_INET, SOCK_DGRAM)
    > UDPSock.bind(("localhost", 1234)) # visibility to outside world
    > payload, addr = UDPSock.recvfrom(1024)
    > print "message from %s: %s" % (`addr`, payload)
    > UDPSock = socket(AF_INET, SOCK_DGRAM) # open UDP socket
    > result = UDPSock.sendto("your public address is %s" % `addr`, addr)
    >
    > client.py
    > =====
    > from socket import *
    > UDPSock = socket(AF_INET, SOCK_DGRAM) # open UDP socket
    > result = UDPSock.sendto("what's my public address?", ("localhost",
    > 1234))
    > payload, addr = UDPSock.recvfrom(1024)
    > print payload
    >
    > results:
    > ====
    > listening
    > message from ('127.0.0.1', 32787): what's my public address?
    >
    > your public address is ('127.0.0.1', 32787)
     
    Janto Dreijer, Sep 15, 2006
    #6
  7. Grant Edwards wrote:
    > On 2006-09-15, Christophe <> wrote:
    >
    > > Initiate an UDP connection from the client to the server and
    > > have the server send back the UDP packets to the address you
    > > get in the "recvfrom" result.

    >
    > There's no such thing as a "UDP connection", so I don't
    > understand what you're suggesting.


    I think he means "connection" as in "associated ip/port". Which
    actually does work, as I've posted.
     
    Janto Dreijer, Sep 15, 2006
    #7
  8. Grant Edwards wrote:
    > On 2006-09-15, Janto Dreijer <> wrote:

    ....
    > > Would it be a reasonable solution to initiate a TCP connection
    > > from the client to the server and somehow (?) let the server
    > > figure out how the client is connecting? And then send UDP to
    > > client over the same (IP, port)?

    >
    > I doubt that will work unless the firewall has been
    > specifically designed to recognize that pattern of activity and
    > allow the incoming UDP packets. I don't think most firewall
    > have default rules that allow UDP packets to tunnel back along
    > a TCP connection.


    Thanks for the info!

    I think you may be right. I had to configure the local firewall to
    allow all connections from the server. Which kinda defeats the purpose.
    If you have control over the NAT why not just assign a dedicated port?

    There might still be value in this approach, however. Even though I
    have control over the NAT I have multiple clients that might need to
    create these connections. I would need to map ports to be able to
    handle simultaneous connections.

    It's Friday afternoon over here, so I may be wrong...
     
    Janto Dreijer, Sep 15, 2006
    #8
  9. Janto Dreijer

    Steve Holden Guest

    Janto Dreijer wrote:
    > Grant Edwards wrote:
    >
    >>On 2006-09-15, Janto Dreijer <> wrote:

    >
    > ....
    >
    >>>Would it be a reasonable solution to initiate a TCP connection
    >>>from the client to the server and somehow (?) let the server
    >>>figure out how the client is connecting? And then send UDP to
    >>>client over the same (IP, port)?

    >>
    >>I doubt that will work unless the firewall has been
    >>specifically designed to recognize that pattern of activity and
    >>allow the incoming UDP packets. I don't think most firewall
    >>have default rules that allow UDP packets to tunnel back along
    >>a TCP connection.

    >
    >
    > Thanks for the info!
    >
    > I think you may be right. I had to configure the local firewall to
    > allow all connections from the server. Which kinda defeats the purpose.
    > If you have control over the NAT why not just assign a dedicated port?
    >
    > There might still be value in this approach, however. Even though I
    > have control over the NAT I have multiple clients that might need to
    > create these connections. I would need to map ports to be able to
    > handle simultaneous connections.
    >
    > It's Friday afternoon over here, so I may be wrong...
    >

    Note that TCP and UDP port spaces are disjoint, so there's no way for
    TCP and UDP to use "the same port" - they can, however, use the same
    port number. Basically the TCP and UDP spaces have nothing to do with
    each other.

    Most dynamic NAT gateways will respond to an outgoing UDP datagram by
    mapping the internal client's UDP port to a UDP port on the NAT
    gateway's external interface, and setting a converse mapping that will
    allow the server to respond, even though technically there isn't a
    "connection". The NAT table entries will typically be timed out after a
    short period of non-use.

    regards
    Steve
    --
    Steve Holden +44 150 684 7255 +1 800 494 3119
    Holden Web LLC/Ltd http://www.holdenweb.com
    Skype: holdenweb http://holdenweb.blogspot.com
    Recent Ramblings http://del.icio.us/steve.holden
     
    Steve Holden, Sep 15, 2006
    #9
  10. Steve Holden wrote:
    > Note that TCP and UDP port spaces are disjoint, so there's no way for
    > TCP and UDP to use "the same port" - they can, however, use the same
    > port number. Basically the TCP and UDP spaces have nothing to do with
    > each other.
    >
    > Most dynamic NAT gateways will respond to an outgoing UDP datagram by
    > mapping the internal client's UDP port to a UDP port on the NAT
    > gateway's external interface, and setting a converse mapping that will
    > allow the server to respond, even though technically there isn't a
    > "connection". The NAT table entries will typically be timed out after a
    > short period of non-use.


    So are you saying one can't use TCP to punch a hole for UDP?
     
    Janto Dreijer, Sep 16, 2006
    #10
  11. On 2006-09-16, Janto Dreijer <> wrote:
    > Steve Holden wrote:
    >> Note that TCP and UDP port spaces are disjoint, so there's no way for
    >> TCP and UDP to use "the same port" - they can, however, use the same
    >> port number. Basically the TCP and UDP spaces have nothing to do with
    >> each other.
    >>
    >> Most dynamic NAT gateways will respond to an outgoing UDP datagram by
    >> mapping the internal client's UDP port to a UDP port on the NAT
    >> gateway's external interface, and setting a converse mapping that will
    >> allow the server to respond, even though technically there isn't a
    >> "connection". The NAT table entries will typically be timed out after a
    >> short period of non-use.

    >
    > So are you saying one can't use TCP to punch a hole for UDP?


    Yes, that's what he's saying -- or at least that there's no
    reason to expect it to work.

    --
    Grant Edwards
     
    Grant Edwards, Sep 16, 2006
    #11
  12. Janto Dreijer

    Paul Rubin Guest

    "Janto Dreijer" <> writes:
    > > Most dynamic NAT gateways will respond to an outgoing UDP datagram by
    > > mapping the internal client's UDP port to a UDP port on the NAT
    > > gateway's external interface, and setting a converse mapping that will
    > > allow the server to respond, even though technically there isn't a
    > > "connection". The NAT table entries will typically be timed out after a
    > > short period of non-use.

    >
    > So are you saying one can't use TCP to punch a hole for UDP?


    You might look at some of the Q2Q stuff that simulates TCP over UDP.

    http://divmod.org/trac/wiki/DivmodVertex

    http://twistedmatrix.com/users/moshez/q2q.html
     
    Paul Rubin, Sep 16, 2006
    #12
  13. Janto Dreijer

    John J. Lee Guest

    "Janto Dreijer" <> writes:

    > Steve Holden wrote:
    > > Note that TCP and UDP port spaces are disjoint, so there's no way for
    > > TCP and UDP to use "the same port" - they can, however, use the same
    > > port number. Basically the TCP and UDP spaces have nothing to do with
    > > each other.
    > >
    > > Most dynamic NAT gateways will respond to an outgoing UDP datagram by
    > > mapping the internal client's UDP port to a UDP port on the NAT
    > > gateway's external interface, and setting a converse mapping that will
    > > allow the server to respond, even though technically there isn't a
    > > "connection". The NAT table entries will typically be timed out after a
    > > short period of non-use.

    >
    > So are you saying one can't use TCP to punch a hole for UDP?


    If server and client know what to do it's always possible to tunnel
    anything over anything, but as Steve explained, there would be no need
    for the UDP and TCP port numbers to match (and of course, tunneling
    UDP over TCP is a slightly odd thing to be doing :).


    John
     
    John J. Lee, Sep 17, 2006
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andrew Chin

    receive udp packets on windows xp

    Andrew Chin, Dec 8, 2005, in forum: Java
    Replies:
    3
    Views:
    949
    Roedy Green
    Dec 8, 2005
  2. Pashlipops

    Reading packets from UDP port

    Pashlipops, Oct 15, 2006, in forum: C++
    Replies:
    3
    Views:
    883
  3. sreehari
    Replies:
    7
    Views:
    357
  4. Xanti

    disappiring UDP packets

    Xanti, Mar 8, 2007, in forum: Java
    Replies:
    1
    Views:
    275
    Daniel Pitts
    Mar 8, 2007
  5. Ashoka!
    Replies:
    6
    Views:
    560
    Ashoka!
    Apr 26, 2007
Loading...

Share This Page