An Example of Simple NAT
Rev. 0.2
5/25/2007
1. Introduction
2. Some Concepts
3. Install
4. Usage
5. Trate GUI
6. Trouble Shooting
7. References
Trate is a free software to selftly-enable firewall over a single UDP port, with support for SSL/TLS-based session authentication and key exchange, packet encryption, packet authentication, and packet compression.
Trate support Peer-to-Peer communication across Network Address Translator (NAT). No port forwarding, DMZ, and others are required, Trate allows other applications - almost all applications(BitTorrent,Web server etc) - to automatically create dynamic connections between two or more peers behind two or more separate NATs and firewalls.
That means machines behind a NATed firewall (e.g. An enterprise firewall, or a home router) can connect to each other through the help of Trate. More specificly, it can accelerate your BT downloads, allow you running your Web or FTP site behind a firewall with a private IP address, or help any application which needs to listen to a port.
An Example of Simple NAT
UDP hole punching enables two clients to set up a direct peer-to-peer UDP session with the help of a well-known rendezvous server, even if the clients are both behind NATs.
The following figure shows the NAT hole punching process with peers behind different NATs.
NAT hole punching is a complicated technology because of various NAT configuration on the Internet. You can refer to [1] for more information.
UDP Hole Punching, Peers Behind Multiple Levels of NAT
Hole punching assumes that the two clients (Client A and Client B) already have active UDP sessions with a rendezvous server (Server S). When a client registers with S, the server records two endpoints for that client: the (IP address, UDP port) pair that the client believes itself to be using to talk with S, and the (IP address, UDP port) pair that the server observes the client to be using to talk with it. We refer to the first pair as the client's private endpoint and the second as the client's public endpoint. The server might obtain the client's private endpoint from the client itself in a field in the body of the client's registration message, and obtain the client's public endpoint from the source IP address and source UDP port fields in the IP and UDP headers of that registration message. If the client is not behind a NAT, then its private and public endpoints should be identical.
We set up and maintains a public server called Trate Server, which acting as the well-known rendezvous server as decribed above.
First, you need to install Trate on all the machines behind NAT firewall that you want to communicate with. Trate will start automatically each time you start your machines. When started, Trate will registrate the host machine on the Trate Server, Trate Server will record the machine's Public IP and port information.
For most of the time, Trate does nothing except listening to the network traffic on local machine. When it find an application fails to receive TCP response form its remote target, Trate will inquery the Trate Server for possible record about the remote target. If the Trate Server keep a record about the remote target, Trate will use the information to setup a connection to the remote target and help the local application to get through.
We suggest you to run the setup program and accept the defaults (all categories).
The usage of Trate is highly automatic. All you need to do is install Trate. After insatallation, Trate will automatically start and handle connections quietly. Refer to How Trate Works for more information.
Trate GUI provides a graphical user interface for user. When Trate GUI is started, there will be a icon on the notification area of the taskbar. According to different connection status, the icon will show different colors.
1) Red icon
The red icon
means Trate is not running. This icon should not appear. If, for some reason, you see this icon, just double click the icon to start Trate.
2) Yellow icon
The yellow icon
means no application is using trate or trate is tring to establish a connection. For example, the following picture shows that trate is tring to connect to "c2home".
3) Green icon
The green icon means Trate has established at least one connection for your applications. For example, the following picture shows that trate has setup a connection to c2home and the user has successfully connected to a web server behind a NAT firewall through this connection.
1) Q: Does Trate support more than one outgoing connection from a client at the same time?
A: No. Currently Trate support only one connection at a time.
2) Q: As you have said, Trate need to communicate with Trate Server to get the remote client's Public IP and port. Wouldn't the communication between Trate and Trate Server cause a traffic burden to the network?
A: You don't necessary worry about this. Most of the time, Trate only listens to the local network traffic. It only communicate to Trate Server on two situation:
First:
when it's stated, Trate will connect to Trate Server to do registration.
Second: when Trate detect that a local application failed to receive TCP resoponse from remote client, it will query Trate Server for possible record about the target remote client.
In both circumstances, Trate only sends/receives a few UDP packets to/from Trate Server, which will barely cause any traffic burden.