Understanding NAT, Firewalls, TCP/IP

From: Roedy Green <my_email_is_posted_on_my_website@xxxxxxxxxxxxxx>
Date: Wed, 11 Jan 2006 04:09:26 GMT

I am asking this for two reasons:

1. I want to know if I am in any danger of BitTorrent like need for
firewall configuring if I write a Java app that uses pure sockets
talking to a server. The clients always initiate conversations. Do I
have to use HTTP to be safe from firewalls blocking outgoing calls?

2. I thought this be interesting to write up for the Java glossary.

Is this correct?

Lets say I have two computers A and B on a LAN with IP 192.168.0.2 and
192.168.0.3.

Lets say I have a router/firewall on the LAN internally addressable as
192.168.0.1 and with a face IP to the world of 4.69.120.20.

Lets say I want to talk to a server with IP 65.110.20.44.

Lets say that both A and B want to look at web page on the server.
They each send a request containing their own IP, a random spare port
for the return packets to come to, the IP of the server, and 80 the
port of the server, to the router's internal IXP.

To the outside world, router looks like a single computer. So it has
to fake the two requests from A and B as if they both came from
itself. So it sends on request two packets with the routers face IXP,
a spare port on the router, the IP of the server and port 80.

When the server responds, it has to look up which spare port is
associates with spare port on which computer and forward the response.

--
Canadian Mind Products, Roedy Green.
http://mindprod.com Java custom programming, consulting and coaching.
.

Follow-Ups:
- Re: Understanding NAT, Firewalls, TCP/IP
  - From: Dimitri Maziuk
- Re: Understanding NAT, Firewalls, TCP/IP
  - From: Mark H
- Re: Understanding NAT, Firewalls, TCP/IP
  - From: Alan Krueger

Prev by Date: Re: Log4j - dealing with multithreaded invocations?
Next by Date: Re: did the multiplication rules change!?
Previous by thread: Come back physci.org !
Next by thread: Re: Understanding NAT, Firewalls, TCP/IP
Index(es):
- Date
- Thread

Relevant Pages

Re: SBS 2003 Misconfigured?
... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
Re: Cannot connect to RWW from home PC
... eth0 172.26.0.1/16 Extra none ... That would be the address you need a DNS record for. ... One question - if I reset the Thomson Router will that clear all the ... Heres' the info for our server: ...
(microsoft.public.windows.server.sbs)
Re: NLB Cluster - Ping fails or long time to reply from outside local subnet - SOLVED
... Windows Server 2008 Readiness Team ... I was feeling nervous about our teaming-capable adapter as I read it might be sending out heartbeats, so I disabled it AND configured the cluster on a separate DLink card in multicast mode. ... I am losing the plot with NLB, I have spent a week trying to get it working. ... I thought that the litmus test was that the router functions fine when no NLB is installed, but when it is, things start going screwy. ...
(microsoft.public.windows.server.clustering)
Re: SBS 2003 Misconfigured?
... Yeah, maybe it's not that different from the Netgear, for all that. ... that when I first used the Netgear router with SBS 2003, ... tech spend 4+ hours on my system, and then tell me to enable DHCP ... more than one SBS server in a company makes no sense. ...
(microsoft.public.windows.server.sbs)
Re: Cannot connect to RWW from home PC
... That would be the address you need a DNS record for. ... You say "And in the router you need to forward to your external nic IP" ... Still can't telnet to any of your ports at your public ip address. ... Heres' the info for our server: ...
(microsoft.public.windows.server.sbs)