Not responding

[chrisooo3]

Hi, I have a running server on localhost:3000 I use this command: stunclient.exe --localport 3000 stun.stunprotocol.org to obtain a new ip address that will be accessible from outside the network.

That command returns something like this

Binding test: success
Local address: 192.168.0.120:3000
Mapped address: 1.2.3.4:3000

After running the command I type in the browser on another pc, which is not in my local network, this address 1.2.3.4:3000 and is not respodning.

Could you let me know why?

[jselbie]

I've answered a nearly identical version of this question before on Stack Overflow. You can can read my answer here: https://stackoverflow.com/q/22712298/104458

If that answer doesn't make sense or if it doesn't apply to you, let me know. I'll see if I can clear up any confusion then.

On Mon, Feb 8, 2021 at 11:29 AM chrisooo3 notifications@github.com wrote:

Hi, I have a running server on localhost:3000 I use this command: stunclient.exe --localport 3000 stun.stunprotocol.org to obtain a new ip address that will be accessible from outside the network.

That command returns something like this

Binding test: success Local address: 192.168.0.120:57155 Mapped address: 1.2.3.4:57155

After running the command I type in the browser on another pc, which is not in my local network, this address 1.2.3.4:57155 and is not respodning.

Could you let me know why?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF5J4BRXXSASJTXMJMDS6A3QBANCNFSM4XJSOGKA .

[chrisooo3]

Hi @jselbie Stackoverflow explanation is clear for me, but I have similar, but another question.

How does stun help with stabilizing the connection? I mean every time I ping to a public server (ec2 instance with ip 2.4.6.8) from local pc (with ip 1.2.3.4) which isbehind nat, my port is diffrent, ip the same.

I have run sudo tcpdump -ni any port 200 on ec2 instance to confirm that every time I try to ping ec2 instance, I am getting diffrent port:

15:33:25.121929 IP 1.2.3.4.62164 > 2.4.6.8.200: Flags [S], seq 1906969303, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:33:25.869227 IP 1.2.3.4.62165 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:33:26.412074 IP 1.2.3.4.62166 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

As you can see, on every request the port is different (62164, 62165, 62166).

So how to know to which port I should ping from the public server(2.4.6.8) to the local computer(1.2.3.4) behind NAT to stabilize the connection?

[jselbie]

An instance of a STUN server doesn't really do much other than just echo the IP and port back to the client. That's all it really does. In other words, it helps clients learn their own external IP address and the "port mapping" that the NAT creates. Once the client negotiates a P2P connection (ICE, WebRTC, or similar methodology), the STUN server isn't needed anymore. (Although ICE uses a variant of STUN messages between hosts to do the hole punching step for keep-alive messages, but no server required).

I'm not sure what you mean by "ping an ec2 instance". Those traces look like TCP traffic. Are you using the same socket and port for each request? EC2/AWS is a well behaved NAT, so I wouldn't expect the port numbers to increment like that unless you were picking a different locl socket/port each time.

stunclient.exe has a --localport option by which you can specify a specific port to a server. Type "stunclient --help" for more details.

You can read my writeup on the basics of the ICE methodology and on setting up a P2P connection here: https://stackoverflow.com/a/8524609/104458

On Tue, Feb 9, 2021 at 7:41 AM chrisooo3 notifications@github.com wrote:

Hi @jselbie https://github.com/jselbie Stackoverflow explanation is clear for me, but I have similar, but another question.

How does stun help with stabilizing the connection? I mean every time I ping to a public server (ec2 instance with ip 2.4.6.8) from local pc (with ip 1.2.3.4) which isbehind nat, my port is diffrent, ip the same.

I have run tcpdump on ec2 instance to confirm that every time I try to ping ec2 instance, I am getting diffrent port:

15:33:25.121929 IP 1.2.3.4.62164 > 2.4.6.8.200: Flags [S], seq 1906969303, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:33:25.869227 IP 1.2.3.4.62165 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:33:26.412074 IP 1.2.3.4.62166 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

As you can see, on every request the port is different (62164, 62165, 62166).

So how to know to which port I should ping from the public server(2.4.6.8) to the local computer(1.2.3.4) behind NAT to stabilize the connection?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776032645, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF3UO36WY3QUAQ3PQETS6FJTJANCNFSM4XJSOGKA .

[chrisooo3]

@jselbie ec2 instance ports stay unchanged (200) but ports from the local network are changing on every new request. And that is the problem because I cannot then connect to my local pc(1.2.3.4) because I do not know which port to use.

[jselbie]

What protocol and program are you using to send packets back and forth between the EC2 instance on port 200 and your local pc?

On Tue, Feb 9, 2021 at 12:29 PM chrisooo3 notifications@github.com wrote:

@jselbie https://github.com/jselbie ec2 instance ports stay unchanged (200) but ports from the local network are changing on every new request. And that is the problem because I cannot then connect to my local pc(1.2.3.4) because I do not know which port to use.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776222365, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSFYUD3BBA3JDTRTND7DS6GLJ3ANCNFSM4XJSOGKA .

[chrisooo3]

I am using nping —tcp or netcat.

On 9 Feb 2021, at 21:52, John Selbie notifications@github.com wrote:

 What protocol and program are you using to send packets back and forth between the EC2 instance on port 200 and your local pc?

On Tue, Feb 9, 2021 at 12:29 PM chrisooo3 notifications@github.com wrote:

@jselbie https://github.com/jselbie ec2 instance ports stay unchanged (200) but ports from the local network are changing on every new request. And that is the problem because I cannot then connect to my local pc(1.2.3.4) because I do not know which port to use.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776222365, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSFYUD3BBA3JDTRTND7DS6GLJ3ANCNFSM4XJSOGKA .

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[jselbie]

It sounds like a seperate socket connection for each ping with a different port. For TCP, it's not usually recommended to re-use the same local port for a subsequent outbound connection to the same ip:port.

Looks like nping has plenty of options for setting a local port:

selbie@IRONMAIDEN:~$ nping | grep -i port -p, --dest-port : Set destination port(s). -g, --source-port : Try to use a custom source port. -g, --source-port : Set source port. -p, --dest-port : Set destination port(s). -g, --source-port : Set source port. -p, --dest-port : Set destination port(s). --echo-port : Use custom to listen or connect.

What are you really trying to do?

On Tue, Feb 9, 2021 at 12:57 PM chrisooo3 notifications@github.com wrote:

I am using nping —tcp or netcat.

On 9 Feb 2021, at 21:52, John Selbie notifications@github.com wrote:

 What protocol and program are you using to send packets back and forth between the EC2 instance on port 200 and your local pc?

On Tue, Feb 9, 2021 at 12:29 PM chrisooo3 notifications@github.com wrote:

@jselbie https://github.com/jselbie ec2 instance ports stay unchanged (200) but ports from the local network are changing on every new request. And that is the problem because I cannot then connect to my local pc(1.2.3.4) because I do not know which port to use.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/jselbie/stunserver/issues/39#issuecomment-776222365>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AAHNSFYUD3BBA3JDTRTND7DS6GLJ3ANCNFSM4XJSOGKA

.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776239299, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSFZGS2A77UIFLMQ4243S6GOTLANCNFSM4XJSOGKA .

[chrisooo3]

I have it, I have added to the command which I am executing on client(1.2.34):

nping --tcp --source-port 200 2.4.6.8 --dest-port 200

The result is:

15:33:25.121929 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 1906969303, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:33:25.869227 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:33:26.412074 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

So let's return to my original question: How can I connect from ec2 instance(2.4.6.8) to my private pc(1.2.3.4) which is behind NAT? Which port I have to use while connecting?

[jselbie]

There's likely no simple solution that doesn't involve another service to bootstrap the connection. The PC needs a persistent connection to something to tell it to exchange IP addresses and participate in the hole-punching process to open a port on the NAT for the EC2 instance to connect to. Then you basically have both endpoints try to simultaneously connect to each other.

P2P over TCP is hard. But what are you really trying to do that can't be done with either:

1) port forwarding on your NAT (I'm guessing you want this to be dynamic) 2) Just having the PC connect to the EC2 instance.

On Wed, Feb 10, 2021 at 12:22 AM chrisooo3 notifications@github.com wrote:

I have it, I have added to the command which I am executing on client(1.2.34):

nping --tcp --source-port 200 2.4.6.8 --dest-port 200

The result is:

15:33:25.121929 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 1906969303, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:33:25.869227 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 15:33:26.412074 IP 1.2.3.4.200 > 2.4.6.8.200: Flags [S], seq 874881835, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

So let's return to my original question: How can I connect from ec2 instance(2.4.6.8) to my private pc(1.2.3.4) which is behind NAT? Which port I have to use while connecting?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776530650, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF7DZ45TWL6UKLV6WP3S6I65RANCNFSM4XJSOGKA .

[chrisooo3]

@jselbie So how can I use the stun server to achieve this?

[jselbie]

I'm trying to help. But if you can't open up about what you are really trying to do (or answer my basic follow up questions), there's not much I can do.

You can read my writeup on the basics of the ICE methodology and on setting up a P2P connection here: https://stackoverflow.com/a/8524609/104458

[chrisooo3]

What are you really trying to do? I try to make p2p chat in c# on a low level, the messages are sent with tcp protocol.

So we have client A(1.2.3.4, my pc, behind NAT) and client B(2.4,6,8, ec2 instance, publicly accessibly). Now I am starting the server on A which will listen for connection. And from B I want to connect to A.

One way is to reverse ssh tunneling. The second way is to do port forwarding on the router. The third way is to use stun.

How to make it with stun?

[jselbie]

How to make it with stun?

By using the ICE methodology or something near equivalent. Read the link to the stackoverflow answer I've sent to you twice. Here it is a third time:

https://stackoverflow.com/questions/8523330/programming-p2p-application/8524609#8524609

On Wed, Feb 10, 2021 at 2:44 AM chrisooo3 notifications@github.com wrote:

What are you really trying to do? I try to make p2p chat in c# on a low level.

So we have client A(1.2.3.4, my pc, behind NAT) and client B(2.4,6,8, ec2 instance, publicly accessibly). Now I am starting the server on A which will listen for connection. And from B I want to connect to A.

One way is to reverse ssh tunneling. The second way is to do port forwarding on the router. The third way is to use stun.

How to make it with stun?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776618670, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF6IQO233ATTPZ2FLOTS6JPQRANCNFSM4XJSOGKA .

[chrisooo3]

Hi @jselbie So I have to use ICE technology to gather all possible pairs(ip:port) that second client(agent) can connect me.

How should I ping/connect to ICE server and establish the connection?

[jselbie]

There's technically no such thing as an "ICE Server". Any medium that you can exchange address candidates will work. IIRC, WebRTC generates an SDP (collection of addresses and codec parameters), but doesn't specify a way in which the SDP is delivered to the other side. They leave it up to implementers to build that web service.

For voice calling, SIP (Session Initiation Protocol) is a classic rendezvous service.

On Wed, Feb 10, 2021 at 5:25 AM chrisooo3 notifications@github.com wrote:

Hi @jselbie https://github.com/jselbie So I have to use ICE technology to gather all possible pairs(ip:port) that second client(agent) can connect me.

How should I ping/connect to ICE server and establish the connection?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776703721, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSFY4YQILEQWLV6YSNILS6KCMJANCNFSM4XJSOGKA .

[chrisooo3]

Do I really need stun server? I want to connect from ec2(2.4.6.8) instance to my local pc (ip in LAN 192.168.0.2, public router ip 1.2.3.4) which is behind NAT.

What if first I send some sample data from my local pc to ec2 to make a mapping in the NAT table. And save incoming ip+port. And then immediately send request from ec2 instance to ip + port that was saved.

Should it work? In that case, do I really need stun server?

[jselbie]

The STUN server exists so that a PC behind a NAT can discover its own IP address (and get a port mapping discovered as well).

If you have port open on the EC2 instance that the PC can send to, then the EC2 instance will self discover the PC's address anyway. And you technically wouldn't need STUN.

But it's a chicken or egg problem. If you want the EC2 instance to connect to 1.2.3.4, then the PC behind the NAT must be expecting the incoming connection. How do you expect the PC to know when it's time to punch a hole in the NAT so the EC2 instance can get through? Otherwise, the NAT will firewall off any traffic from the EC2. You of course can manually go type something or run a program on the PC to do this, but if you're going to do that, you might as well just hardcode a port on the EC2 instance and let the PC be the one that initiates the connection.

UDP is easier than TCP for nat traversal. I can explain more on TCP if you're going that route.

Can you open up about your scenario? I assume you're looking to have your EC2 push something to your PC. But if you're always going to be on the PC to bootstrap the connection manually, or if the EC2 instance always knows the PC's IP address, this might be a slightly easier problem than going the STUN/ICE route. Email me at jselbie at gmail dot com if you want to discuss outside of this public forum.

jrs

On Wed, Feb 10, 2021 at 12:06 PM chrisooo3 notifications@github.com wrote:

Do I really need stun server? I want to connect from ec2(2.4.6.8) instance to my local pc (ip in LAN 192.168.0.2, public router ip 1.2.3.4) which is behind NAT.

What if first I send some sample data from my local pc to ec2 to make a mapping in the NAT table. And save incoming ip+port. And then immediately send request from ec2 instance to ip + port that was saved.

Should it work? In that case, do I really need stun server?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jselbie/stunserver/issues/39#issuecomment-776986558, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAHNSF5JL5K73V3B2FJE5ETS6LRLFANCNFSM4XJSOGKA .

[chrisooo3]

Hi, I have sent a message to your email, check it, please.