How to communicate between two Nodes behind NAT?

Question

I have some nodes. Each node belongs to other network. Each node has private IP like 192.168.0.2 and stays behind NAT.

Is there any possibility to communicate between Nodes? Actually, I need to transfer files between these independent nodes.

I try to use this project - https://github.com/libp2p/go-libp2p. But libp2p has some limitations:

1. Both nodes have private IP address (same network)
2. At least one of them has a public IP address.

But I have nodes with private IP address, and they belongs to different network.

---

Update.

There are such solutions:

• https://en.wikipedia.org/wiki/Hole_punching_(networking)
• https://en.wikipedia.org/wiki/Universal_Plug_and_Play
• https://stackoverflow.com/a/8524609/1756750
• UDP/TCP hole punching vs UPnP vs STUN vs?
• https://stackoverflow.com/a/31623109/1756750
• Behind NAT to behind NAT connection
• http://www.brynosaurus.com/pub/net/p2pnat/

Answer 1

Libp2p has no such limitations.

The chat example which you quoted is programmed in such a way that it cannot support private IP's behind NAT BUT Libp2p support NAT Traversal techniques like Hole Punching, STUN, TURN like protocol and bootstrapping using rendezvous point using DHT for now. This is what you need.

Following examples may be useful to you:

1. chat-with-rendezvous: https://github.com/libp2p/go-libp2p-examples/tree/master/chat-with-rendezvous
2. chat-with-tor: https://github.com/libp2p/go-libp2p-examples/pull/1

Answer 2

Max, I make it an answer to your question.

Which computers you can reach configured on a network or cannot reach, cannot be overridden by software on a computer. That would be a security-breach, and it could be a cause for address conflicts, because in different NAT-areaś the same IP addresses can be in use.

So, You cannot see computers behind a router, if that router uses NAT. The router does not advertise these addresses.

The purpose of NAT is to have a special island of IP-addresses which no-one outside the NAT section can see. In this way, a company can use fewer unique IP-addresses to have a good functioning network. Another purpose is security. The router also hides the MAC-addresses of the computers inside the NAT area. A router can hide many things.

Computers inside a NAT-area can initiate contact to computers outside the NAT ((if permitted) the router will remember the computer and keep a address-translation for it), but there is no way a computer outside the NAT can address a computer inside the NAT. It can only reply to a computer from inside. It does that by replying to the router, and the router will know to which computer in the NAT area to forward the reply.

Go does not provide libraries which can solve these external limitations. Live with it. There is nothing you can do.

As JBuchel explains the skype model can work if there are some extra provisions, like open UDP ports, and extra server/computer, etc. This is in fact a rearrangement of the network configuration, which cannot be done without the help of system/network administrators.

But if there is support on that level, the solution is so much easier, just remove the computer from the NAT and give it an IP address that is visible for the other computer.

Answer 3

The idea is that you have a rendez-vous server, which the nodes 1 and 2 connect to. For that they must know the IP of the rendez-vous server.

It goes as follows: 1) 1 and 2 both send UDP packets to the RS. N1 (NAT box of Node 1) and N2 create an entry in the translation table, which maps the IP of the nodes to the IP/Port of the RS. 2) The RS passes (EIP1,EP1) to Node 2. This is the Tulpe containing the public IP of the NAT box and the public port. The RS sends (EIP2,EP2) to Node 1. 3) Node 1 creates a mapping in the translation table: (IP1,EP1,EIP2,EP2). 4) Node 2 does the same but with (IP2,EP2,EIP1,EP1).

Note: Step 3 and 4 happen, because each Node sends a UDP packet to the just received tuple (IP,Port) and therefore the NAT box adds a new entry. In the worst case, these messages have to be sent more than once.

This trick enables that both nodes get ahold of the public IP’s and have the correct ports.

This provides a good way of establishing peer to peer connections for e.g. Skype.

I hope this helps.