0

First of all, I know this question has been asked before

It seems, however, that none of these yet have a full solution. My question is essentially the same. I have a device connected to a wifi network, am also setting up a server on port 8080, but due to the way NAT routers work, there is no way to send requests to the individual device as it shares a public IP with numerous other computers.

The accepted answer mentioned a multitude of workarounds, but it seems that such necessary functionality needs to exist in some legitimate form. (Note video games for example. Even clients still need to be sent packets, and I have yet to see my games do any port forwarding on my router on their own.)

In fact, pretty much any application that interacts with the internet needs to receive data and requests from the internet without forwarding ports. How is this done?

Community
  • 1
Aleksandr Savchenkov
  • 3

2 Answers2

2

Connection tracking.

If the device connects from inside the NAT to outside, then related packets from the outside system are permitted in. This can be done with both TCP and UDP in some cases.

EEAA
  • 110,608
1

Although traffic can flow in both directions when NAT is in place, the important distinction is that without port forwarding, a server cannot "listen" for new connections on a specific port from hosts outside that network.

Take the example of when one browses a web page. The important point here is that your browser is the client; it's reaching out to connect to another web server that's listening on port 80. Once the connection is set up, yes, traffic can flow in both directions. However, without some form of port forwarding, it wouldn't be possible to do the reverse and have a web server running within your network that can "listen" for connections in the same way.

The reason traffic can flow in both directions once the connection is set up is because of the connection tracking that EEAA mentions. Routers maintain NAT/PAT translation tables which enables them to keep track of "who's speaking to who".

So, to summarise, it's the ability for an application to "listen" and "accept" connections that's not possible without port forwarding. If you can't port forward (even using 'DMZ host' type of feature), then you're stuck with the work arounds I'm afraid.

dbr
  • 1,882