SlideShare ist ein Scribd-Unternehmen logo
1 von 5
Trate:
     Connecting PCs Behind Different NAT Routers.

1.    Introduction:
      Today, TCP/IP Version 4 dominates the internet. At home,
      users have numerous devices that are able to access the
      internet via NAT (network address translator) routers, such
      as PCs, set-top boxes, PDAs, and FMC dual mode cell
      phones. There is a growing demand for convenient ways to
      access home servers from workplace computers,
      notebooks, or cell phones when away from home. To
      access home servers from an outside source, two
      conditions must be fulfilled: 1) The user attempting to
      access the home server must know the public IP address
      of the NAT router to the home server, and 2) The user
      must be able to pass through NAT(s) of the home server.
      To obtain a public IP address (condition 1) of the NAT
      router to the home server, the user either chooses to
      register a domain name combined with a static IP address
      or to use a dynamic domain name service, otherwise
      known as DDNS. To be able to pass through the firewall(s)
      (condition 2) of the home server, the user would need to
      configure the home server firewall(s). To be able to
      configure the home server firewall(s), the user would need
      to understand basic TCP/IP concepts, such as source IP
      addresses, destination IP addresses, port forwarding, and
      DMZ. For some end users, this is a tedious task. My
      product implements a user-friendly way to pass through
      firewall(s) without having to struggle with such tedious
      tasks.
2.        Prior Attempts:
          2.1. Scenario: Two applications attempt to contact each
          other via internet. Both applications are behind NATs. One
          is from an outside source, one is a home server.
              In the following figure (Figure 1), an application on PC1
          is sending out packets in an attempt to communicate with
          an application on PC 2. The packet goes through steps 1,
          2, 3, and 4, but is unable to complete steps 5 and 6. This
          is due to the interference of the firewall in the NAT router
          connected to PC2. The packet sent by the application on
          PC1 cannot pass through the firewall to reach the
          application on PC2.
Figure 1:



                                Packet Traversal without Trate
                                                                                          *DIP: Packet IP address at that point.


                                     PC1                            Router1
                                 Routing Table:                   Routing Table
                      (1)           Local IP:                       LAN IP:
                                                      (2)
                                 192.168.1.61                      192.168.1.1
                                Default Gateway:                    WAN IP:
                                  192.168.1.1                     64.193.227.2
                                                                                    (3)
       Application A
           S ender
     DIP*: 64.193.227.3



                                                                                                    Internet           (4)
       Application
        Listener                         PC2                         Router2
                                    Routing Table:                 Routing Table:
                          (6)          Local IP :                    LAN IP:
                                                            (5)
                                    192.168.1.61                    192.168.1.1
                                   Default Gateway:                  WAN IP:
                                     192.168.1.1                   64.193.227.3




          2.2. Scenario: Two applications from separate computers
          behind different NAT routers attempt to connect to each
          other using STUN technology.
To aid VoIP (Voice Over IP) in passing through both
     NAT routers, the IETF developed STUN (Simple Traversal of
     User Datagram Protocol) technology. STUN has its own
     limitations:
                1. STUN only supports VoIP applications.
                2. STUN requires that the VoIP application be
                   modified.
     2.3. Scenario: Two applications from separate computers
     behind different NAT routers are able to pass through
     each other’s firewalls using UPnP (Universal Plug and
     Play).
           This method requires that the NAT router support
     UPnP. Due to UPnP’s interoperability issues, it is not
     always reliable. If it were, IETF would not have developed
     STUN to support VoIP applications.

3.   How Trate Works:

     Scenario: (Figure 2). Two applications from separate
     computers behind different NAT routers are able to pass
     through each other’s firewalls using Trate.
          1. Application A will attempt to contact the
                Application Listener’s public IP (64.193.227.3)
                directly. This is the case with programs such as
                BitTorrent and Limewire, as well as online
                games.
          2. Both PC1 and PC2 have Trate applications
                installed and running. Trate (PC1 and PC2) will
                automatically register their NAT router’s public
                IP with the Trate address server. These
                registrations will be renewed periodically. If
                Application A receives no reply after sending out
                many packets to the Application Lister, Trate
                will be triggered into action.
3.   Trate (PC1) will send a request to the Trate
     address server, asking if 64.193.227.3 is
     online or not.
4.   If 64.193.227.3 is online, Trate (PC1) will
     attempt to send a sync UDP packet with the
     source IP/port and destination IP
     (64.193.227.3)/port to it. Meanwhile, Trate
     (PC1) will also inform the Trate address server
     that it is attempting to connect with 64.
     193.227.3.
5.   The Trate address server will record Application
     A’s public NAT router IP address
     (64.193.227.2).
6.   On the Application Listener’s PC, Trate (PC2)
     remains connected to the Trate address server.
     When Trate (PC2) receives a notification from
     the Trate address server that Trate (PC1) is
     attempting to connect to it, Trate (PC2) will
     send a sync UDP packet with source IP/port
     and destination IP (64.193.227.2)/port to PC1.
7.   Through Steps 4 and 6, the NAT routers of PC1
     and PC2 will create a pass-tunnel between PC1
     and PC2. Trate (PC1 and PC2) will continue to
     send out packets to keep this pass-tunnel open
     until one or both users manually disconnects
     Trate (PC1 or PC2).
8.   After a tunnel is established, a temp-route entry
     is added.
9.   The destination IP (64.193.227.3) will go
     through the Trate (PC1) virtual interface
     (10.8.0.2). This entry will force all such packets
     whose destination IPs is 64.193.227.3 to go to
     Trate (PC1) before going anywhere else.
10. Trate (PC1) will encapsulate such packets, or
                                  put tunnel heads on them, before sending them
                                  through the default gateway.
                              11. Through the default gateway, the packets will
                                  go to the internet.
                              12. When such encapsulated packets reach the
                                  other NAT router (WAN IP 64.193.227.3), the
                                  router will immediately dispatch them to PC2’s
                                  physic NIC (192.168.1.2).
                              13. PC2’s operating system will forward these
                                  encapsulated packets to Trate (PC2).
                              14. Trate (PC2) will de-encapsulate the packets and
                                  then send them to the Application Listener.
                              15. Packets sent from the Application Listener
                                  (PC2) to Application A (PC1) will follow the same
                                  mechanism.
Figure 2:



                                                             Trate: Packet Traversal
                                                             PC1
                     (A1)


        Application A                 Temp-Route Entry:
            Sender                                                                                                          *DIP: Packet IP address at that point.
      DIP*: 64.193.227.3                64.193.227.3                                                                        **A-DIP: Application destination IP address.
                                             to                                                    Router1 Routing
                                                                                                                            ***T-DIP: Trate destination IP addres s.
                                                                                                        Table:
                                          10.8.0.2
                                                                           physic NIC                 LAN IP:
                                      IP of virtual Trate:                                          192.168.1.1
        Encapsulated Packet.
        A-DIP**: 64.193.227.3             10.8.0.2                                                    WAN IP:
         T-DIP***: 10.8.0.3                M ask:                                                   64.193.227.2
         DIP*: 64.193.227.3              255.255.0.0                 (A2)                                                       (A3)
                                     Remove Tem p-Route
                                            Entry:
                                        64.193.227.3
                                               to
                                       Default Gateway

                                                             PC2          NAT-m apped Packet.                                                                              Address Server
                                                                          A -DIP**: 64.193.227.3
                                                                            T-DIP ***: 10.8.0.3                         Encapsulated Packet.
                                                                                                                                                      Internet
              Encapsulated Packet.
                                                                             DIP*: 192.168.1.2                          A-DIP**: 64.193.227.3
                   A-DIP**:           IP of physic NIC:
                                                                                                                         T-DIP***: 10.8.0.3
                 64.193.227.3           192.168.1.2                                                                      DIP*: 64.193.227.3
               T-DIP***: 10.8.0.3          M ask:                  (A5)
                                       255.255.255.0                       physic NIC                 Router2 Routing
                       (A6)                                                                                 Table:
                                      IP of virtual Trate:                                               LAN IP:                       (A4)
    Application                                                                                        192.168.1.1
                                          10.8.0.3                         De-encapsulate
     Listener                                                                                            WA N IP:
                                           M ask:                              Packet.
                                         255.255.0.0                      DIP*: 64.193.227.3           64.193.227.3
                                                                   (A7)
                                      IP of virtual Trate:
                    (A8)
                                        64.193.227.3

Weitere ähnliche Inhalte

Was ist angesagt?

Lab view the switch mac address table lab - view the switch
Lab   view the switch mac address table lab - view the switchLab   view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switchADDY50
 
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric VanderburgCCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric VanderburgEric Vanderburg
 
I Pv6 Now! Decix Tech Meeting #9
I Pv6 Now! Decix Tech Meeting #9I Pv6 Now! Decix Tech Meeting #9
I Pv6 Now! Decix Tech Meeting #9flyingpotato
 
Introduction to router
Introduction to routerIntroduction to router
Introduction to routerFarhan Galib
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetjulianlz
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access Netwax Lab
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Jim Geovedi
 
200-125-ccna-v3
200-125-ccna-v3200-125-ccna-v3
200-125-ccna-v3Ibby Nuj
 
Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Sachin Morya
 
IPv6 Now! (Presentation at SwiNOG #16)
IPv6 Now! (Presentation at SwiNOG #16)IPv6 Now! (Presentation at SwiNOG #16)
IPv6 Now! (Presentation at SwiNOG #16)flyingpotato
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1ahmady
 
CCNA Based routing protocols
CCNA Based routing protocolsCCNA Based routing protocols
CCNA Based routing protocolsGaurav Rawat
 
Routing Protocols and Concepts - Chapter 1
Routing Protocols and Concepts - Chapter 1Routing Protocols and Concepts - Chapter 1
Routing Protocols and Concepts - Chapter 1CAVC
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from JuniperNam Nguyen
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information ProtocolKashif Latif
 

Was ist angesagt? (20)

Lab view the switch mac address table lab - view the switch
Lab   view the switch mac address table lab - view the switchLab   view the switch mac address table lab - view the switch
Lab view the switch mac address table lab - view the switch
 
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric VanderburgCCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
CCNA Routing and Switching Lessons 08-09 - Routing Protocols - Eric Vanderburg
 
I Pv6 Now! Decix Tech Meeting #9
I Pv6 Now! Decix Tech Meeting #9I Pv6 Now! Decix Tech Meeting #9
I Pv6 Now! Decix Tech Meeting #9
 
Introduction to router
Introduction to routerIntroduction to router
Introduction to router
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
Securing Switch Access
Securing Switch Access Securing Switch Access
Securing Switch Access
 
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2Leonardo Nve Egea - Playing in a Satellite Environment 1.2
Leonardo Nve Egea - Playing in a Satellite Environment 1.2
 
Routing Protocols
Routing Protocols Routing Protocols
Routing Protocols
 
200-125-ccna-v3
200-125-ccna-v3200-125-ccna-v3
200-125-ccna-v3
 
Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)Dynamic routing protocols (CCNA)
Dynamic routing protocols (CCNA)
 
Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01Ccna day4-140715152437-phpapp01
Ccna day4-140715152437-phpapp01
 
IPv6 Now! (Presentation at SwiNOG #16)
IPv6 Now! (Presentation at SwiNOG #16)IPv6 Now! (Presentation at SwiNOG #16)
IPv6 Now! (Presentation at SwiNOG #16)
 
Ccent notes part 1
Ccent notes part 1Ccent notes part 1
Ccent notes part 1
 
Rfc1723
Rfc1723Rfc1723
Rfc1723
 
CCNA Based routing protocols
CCNA Based routing protocolsCCNA Based routing protocols
CCNA Based routing protocols
 
Routing Protocols and Concepts - Chapter 1
Routing Protocols and Concepts - Chapter 1Routing Protocols and Concepts - Chapter 1
Routing Protocols and Concepts - Chapter 1
 
Basic to advance protocols
Basic to advance protocolsBasic to advance protocols
Basic to advance protocols
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
Junos routing overview from Juniper
Junos routing overview from JuniperJunos routing overview from Juniper
Junos routing overview from Juniper
 
Routing Information Protocol
Routing Information ProtocolRouting Information Protocol
Routing Information Protocol
 

Ähnlich wie PATENT of panatrate firewall

Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocolsAbdessamad TEMMAR
 
Cisco discovery d homesb module 3 - v.4 in english.
Cisco discovery   d homesb module 3 - v.4 in english.Cisco discovery   d homesb module 3 - v.4 in english.
Cisco discovery d homesb module 3 - v.4 in english.igede tirtanata
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureManoj Kumar
 
Device replacement in eip with lldp
Device replacement in eip with lldpDevice replacement in eip with lldp
Device replacement in eip with lldpromangl
 
destination. The network layer must know the topology of the subnet and choos...
destination. The network layer must know the topology of the subnet and choos...destination. The network layer must know the topology of the subnet and choos...
destination. The network layer must know the topology of the subnet and choos...Ashish Gupta
 
Unit 4 MC QA.pdf
Unit 4 MC  QA.pdfUnit 4 MC  QA.pdf
Unit 4 MC QA.pdfCSEHOD11
 
Ccna 1 final exam answer v5
Ccna 1 final exam answer v5Ccna 1 final exam answer v5
Ccna 1 final exam answer v5friv4schoolgames
 
Ch6-Network_Protocols.ppt
Ch6-Network_Protocols.pptCh6-Network_Protocols.ppt
Ch6-Network_Protocols.pptMakoutOrganizer
 
Chapter 2 - Networks including the internet.pdf
Chapter 2 - Networks including the internet.pdfChapter 2 - Networks including the internet.pdf
Chapter 2 - Networks including the internet.pdfMerbertJeruela1
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questionsSrikanth
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Sasank Chaitanya
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksReliance Comm
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Natnarayannpp
 

Ähnlich wie PATENT of panatrate firewall (20)

Pentesting layer 2 protocols
Pentesting layer 2 protocolsPentesting layer 2 protocols
Pentesting layer 2 protocols
 
It6601 mobile computing unit2
It6601 mobile computing unit2It6601 mobile computing unit2
It6601 mobile computing unit2
 
Ccnafile
CcnafileCcnafile
Ccnafile
 
Cisco discovery d homesb module 3 - v.4 in english.
Cisco discovery   d homesb module 3 - v.4 in english.Cisco discovery   d homesb module 3 - v.4 in english.
Cisco discovery d homesb module 3 - v.4 in english.
 
TCP/IP Protocol Architeture
TCP/IP Protocol ArchitetureTCP/IP Protocol Architeture
TCP/IP Protocol Architeture
 
Device replacement in eip with lldp
Device replacement in eip with lldpDevice replacement in eip with lldp
Device replacement in eip with lldp
 
destination. The network layer must know the topology of the subnet and choos...
destination. The network layer must know the topology of the subnet and choos...destination. The network layer must know the topology of the subnet and choos...
destination. The network layer must know the topology of the subnet and choos...
 
Network_Layer.ppt
Network_Layer.pptNetwork_Layer.ppt
Network_Layer.ppt
 
Unit 4 MC QA.pdf
Unit 4 MC  QA.pdfUnit 4 MC  QA.pdf
Unit 4 MC QA.pdf
 
Ccna 1 final exam answer v5
Ccna 1 final exam answer v5Ccna 1 final exam answer v5
Ccna 1 final exam answer v5
 
Ch6-Network_Protocols.ppt
Ch6-Network_Protocols.pptCh6-Network_Protocols.ppt
Ch6-Network_Protocols.ppt
 
Ip Addressing
Ip AddressingIp Addressing
Ip Addressing
 
ch5-network.ppt
ch5-network.pptch5-network.ppt
ch5-network.ppt
 
Chapter 2 - Networks including the internet.pdf
Chapter 2 - Networks including the internet.pdfChapter 2 - Networks including the internet.pdf
Chapter 2 - Networks including the internet.pdf
 
Computer network
Computer networkComputer network
Computer network
 
Some important networking questions
Some important networking questionsSome important networking questions
Some important networking questions
 
Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks Basicsofmulticastinganditsimplementationonethernetnetworks
Basicsofmulticastinganditsimplementationonethernetnetworks
 
Basics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networksBasics of multicasting and its implementation on ethernet networks
Basics of multicasting and its implementation on ethernet networks
 
Fcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall NatFcsi601 Linux Firewall Nat
Fcsi601 Linux Firewall Nat
 
Tcp
TcpTcp
Tcp
 

Kürzlich hochgeladen

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Kürzlich hochgeladen (20)

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

PATENT of panatrate firewall

  • 1. Trate: Connecting PCs Behind Different NAT Routers. 1. Introduction: Today, TCP/IP Version 4 dominates the internet. At home, users have numerous devices that are able to access the internet via NAT (network address translator) routers, such as PCs, set-top boxes, PDAs, and FMC dual mode cell phones. There is a growing demand for convenient ways to access home servers from workplace computers, notebooks, or cell phones when away from home. To access home servers from an outside source, two conditions must be fulfilled: 1) The user attempting to access the home server must know the public IP address of the NAT router to the home server, and 2) The user must be able to pass through NAT(s) of the home server. To obtain a public IP address (condition 1) of the NAT router to the home server, the user either chooses to register a domain name combined with a static IP address or to use a dynamic domain name service, otherwise known as DDNS. To be able to pass through the firewall(s) (condition 2) of the home server, the user would need to configure the home server firewall(s). To be able to configure the home server firewall(s), the user would need to understand basic TCP/IP concepts, such as source IP addresses, destination IP addresses, port forwarding, and DMZ. For some end users, this is a tedious task. My product implements a user-friendly way to pass through firewall(s) without having to struggle with such tedious tasks.
  • 2. 2. Prior Attempts: 2.1. Scenario: Two applications attempt to contact each other via internet. Both applications are behind NATs. One is from an outside source, one is a home server. In the following figure (Figure 1), an application on PC1 is sending out packets in an attempt to communicate with an application on PC 2. The packet goes through steps 1, 2, 3, and 4, but is unable to complete steps 5 and 6. This is due to the interference of the firewall in the NAT router connected to PC2. The packet sent by the application on PC1 cannot pass through the firewall to reach the application on PC2. Figure 1: Packet Traversal without Trate *DIP: Packet IP address at that point. PC1 Router1 Routing Table: Routing Table (1) Local IP: LAN IP: (2) 192.168.1.61 192.168.1.1 Default Gateway: WAN IP: 192.168.1.1 64.193.227.2 (3) Application A S ender DIP*: 64.193.227.3 Internet (4) Application Listener PC2 Router2 Routing Table: Routing Table: (6) Local IP : LAN IP: (5) 192.168.1.61 192.168.1.1 Default Gateway: WAN IP: 192.168.1.1 64.193.227.3 2.2. Scenario: Two applications from separate computers behind different NAT routers attempt to connect to each other using STUN technology.
  • 3. To aid VoIP (Voice Over IP) in passing through both NAT routers, the IETF developed STUN (Simple Traversal of User Datagram Protocol) technology. STUN has its own limitations: 1. STUN only supports VoIP applications. 2. STUN requires that the VoIP application be modified. 2.3. Scenario: Two applications from separate computers behind different NAT routers are able to pass through each other’s firewalls using UPnP (Universal Plug and Play). This method requires that the NAT router support UPnP. Due to UPnP’s interoperability issues, it is not always reliable. If it were, IETF would not have developed STUN to support VoIP applications. 3. How Trate Works: Scenario: (Figure 2). Two applications from separate computers behind different NAT routers are able to pass through each other’s firewalls using Trate. 1. Application A will attempt to contact the Application Listener’s public IP (64.193.227.3) directly. This is the case with programs such as BitTorrent and Limewire, as well as online games. 2. Both PC1 and PC2 have Trate applications installed and running. Trate (PC1 and PC2) will automatically register their NAT router’s public IP with the Trate address server. These registrations will be renewed periodically. If Application A receives no reply after sending out many packets to the Application Lister, Trate will be triggered into action.
  • 4. 3. Trate (PC1) will send a request to the Trate address server, asking if 64.193.227.3 is online or not. 4. If 64.193.227.3 is online, Trate (PC1) will attempt to send a sync UDP packet with the source IP/port and destination IP (64.193.227.3)/port to it. Meanwhile, Trate (PC1) will also inform the Trate address server that it is attempting to connect with 64. 193.227.3. 5. The Trate address server will record Application A’s public NAT router IP address (64.193.227.2). 6. On the Application Listener’s PC, Trate (PC2) remains connected to the Trate address server. When Trate (PC2) receives a notification from the Trate address server that Trate (PC1) is attempting to connect to it, Trate (PC2) will send a sync UDP packet with source IP/port and destination IP (64.193.227.2)/port to PC1. 7. Through Steps 4 and 6, the NAT routers of PC1 and PC2 will create a pass-tunnel between PC1 and PC2. Trate (PC1 and PC2) will continue to send out packets to keep this pass-tunnel open until one or both users manually disconnects Trate (PC1 or PC2). 8. After a tunnel is established, a temp-route entry is added. 9. The destination IP (64.193.227.3) will go through the Trate (PC1) virtual interface (10.8.0.2). This entry will force all such packets whose destination IPs is 64.193.227.3 to go to Trate (PC1) before going anywhere else.
  • 5. 10. Trate (PC1) will encapsulate such packets, or put tunnel heads on them, before sending them through the default gateway. 11. Through the default gateway, the packets will go to the internet. 12. When such encapsulated packets reach the other NAT router (WAN IP 64.193.227.3), the router will immediately dispatch them to PC2’s physic NIC (192.168.1.2). 13. PC2’s operating system will forward these encapsulated packets to Trate (PC2). 14. Trate (PC2) will de-encapsulate the packets and then send them to the Application Listener. 15. Packets sent from the Application Listener (PC2) to Application A (PC1) will follow the same mechanism. Figure 2: Trate: Packet Traversal PC1 (A1) Application A Temp-Route Entry: Sender *DIP: Packet IP address at that point. DIP*: 64.193.227.3 64.193.227.3 **A-DIP: Application destination IP address. to Router1 Routing ***T-DIP: Trate destination IP addres s. Table: 10.8.0.2 physic NIC LAN IP: IP of virtual Trate: 192.168.1.1 Encapsulated Packet. A-DIP**: 64.193.227.3 10.8.0.2 WAN IP: T-DIP***: 10.8.0.3 M ask: 64.193.227.2 DIP*: 64.193.227.3 255.255.0.0 (A2) (A3) Remove Tem p-Route Entry: 64.193.227.3 to Default Gateway PC2 NAT-m apped Packet. Address Server A -DIP**: 64.193.227.3 T-DIP ***: 10.8.0.3 Encapsulated Packet. Internet Encapsulated Packet. DIP*: 192.168.1.2 A-DIP**: 64.193.227.3 A-DIP**: IP of physic NIC: T-DIP***: 10.8.0.3 64.193.227.3 192.168.1.2 DIP*: 64.193.227.3 T-DIP***: 10.8.0.3 M ask: (A5) 255.255.255.0 physic NIC Router2 Routing (A6) Table: IP of virtual Trate: LAN IP: (A4) Application 192.168.1.1 10.8.0.3 De-encapsulate Listener WA N IP: M ask: Packet. 255.255.0.0 DIP*: 64.193.227.3 64.193.227.3 (A7) IP of virtual Trate: (A8) 64.193.227.3