[JDEV] NAT Issues

[Dennis Noordsij]

Michael,

There is a gem floating around on Freshmeat: an ip_masq_icq module. When you 
connect to ICQ the ip_masq_icq module on the server (I assume you are 
familiar with the masqing modules for irc, realaudio, quake, etc) remembers 
the UIN that connected with respect to the internal IP address it came from. 
When a message comes in (and supposedly also file transfer initiations) the 
masq module knows to forward this to your IP address. 

I can not promise file transfers work as I have not tried it myself, but I 
can be behind a NAT box with ICQ and people can send me messages without 
having to go through the ICQ server. Ie a direct message to the NAT box gets 
forwarded to my PC. I believe the module is also pretty up-to-date with 
regard to the ICQ protocol.

But to get back to the actual question :-) 

Clients could attempt a negotiation, ie talk through the server while they 
each try to open a port and connect to it, ie first they try to set up a 
connection from A to B, then from B to A, then if that doesnt work either 
(both NAT'ed) the sender can HTTP POST it somewhere and B can fetch it. This 
has additional advantages that not both people have to be online for it work 
and a sender can send files very quickly if bandwidth allows without having 
to wait for the receiver to receive the file on his 19k2 modem because a 
(squid proxy accelerated) webserver is handling that.

Just some thoughts :)

Oh, and what about using some kind of proxy on gateway machines? Socks or 
something? 

Best regards,
Dennis 


On Saturday 16 December 2000 10:45, Michael Brown wrote:
> [Just before I start, I should mention that I haven't had a great deal of
> experience sending and receiving files from a Jabber client, so if I am
> missing something please let me know]
>
> I've just been fooling with ICQ a bit and it got me thinking - (how) does
> Jabber handle this problem?
>
> The problem with ICQ is that the file transfer almost never works.  The
> reason for this is simple.  I, and most of my friends either are behind a
> firewall or a NAT server.
>
> Just talking about NAT for a bit - this means that I cannot receive any
> files (or chat sessions, or anything else that requires a direct
> connection).  I can send files fine because opening an outgoing connection
> from a NAT client with no problem, but as soon as someone tries to open a
> connection to me (send me a file) the request gets to the NAT server and it
> has no idea which client to forward it to.
>
> The end user perception of this problem is that "ICQ is flaky" or "I can
> never seem to be able to download half the songs I try to in Napster", and
> this is going to translate into "Jabber will never let me send files" etc.
> I think this is going to be a major problem with Jabber, because we are
> going to want to establish direct connections for anything that is too
> large or inappropriate to go through the server.
>
> Since NAT is used by ICS in any Microsoft OS later than Win98SE, I think
> there will be more and more clients connect behind NAT servers.  Also I
> believe (and can someone correct me if I am wrong please) that Linuxs IP
> Masquerading is the same thing (although a lot harder to spell).
>
> I believe that some "NAT aware" applications place the private IP address
> inside the packet, so that the NAT server can route packets to the correct
> NAT client, but I also under stand that there must be something configured
> on the NAT server machine to enable it to do this (I think MS calls this a
> "NAT Editor" - the supply one for ftp I believe).
>
> Has this be covered already?  If so, is there a solution?
>
> Thanks,
>
> Michael.
>
> [Of course thinking more about this, I am not sure how I get the first
> incoming
> message in ICQ, unless the first one always comes though the server.
> Hmmm...]
>
>
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev