Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Trate:
     Connecting PCs Behind Different NAT Routers.

1.    Introduction:
      Today, TCP/IP Version 4 dominates the ...
2.        Prior Attempts:
          2.1. Scenario: Two applications attempt to contact each
          other via internet. ...
To aid VoIP (Voice Over IP) in passing through both
     NAT routers, the IETF developed STUN (Simple Traversal of
     Us...
3.   Trate (PC1) will send a request to the Trate
     address server, asking if 64.193.227.3 is
     online or not.
4.   ...
10. Trate (PC1) will encapsulate such packets, or
                                  put tunnel heads on them, before sendi...
Upcoming SlideShare
Loading in …5
×

PATENT of panatrate firewall

542 views

Published on

Published in: Technology
  • Be the first to comment

PATENT of panatrate firewall

  1. 1. Trate: Connecting PCs Behind Different NAT Routers. 1. Introduction: Today, TCP/IP Version 4 dominates the internet. At home, users have numerous devices that are able to access the internet via NAT (network address translator) routers, such as PCs, set-top boxes, PDAs, and FMC dual mode cell phones. There is a growing demand for convenient ways to access home servers from workplace computers, notebooks, or cell phones when away from home. To access home servers from an outside source, two conditions must be fulfilled: 1) The user attempting to access the home server must know the public IP address of the NAT router to the home server, and 2) The user must be able to pass through NAT(s) of the home server. To obtain a public IP address (condition 1) of the NAT router to the home server, the user either chooses to register a domain name combined with a static IP address or to use a dynamic domain name service, otherwise known as DDNS. To be able to pass through the firewall(s) (condition 2) of the home server, the user would need to configure the home server firewall(s). To be able to configure the home server firewall(s), the user would need to understand basic TCP/IP concepts, such as source IP addresses, destination IP addresses, port forwarding, and DMZ. For some end users, this is a tedious task. My product implements a user-friendly way to pass through firewall(s) without having to struggle with such tedious tasks.
  2. 2. 2. Prior Attempts: 2.1. Scenario: Two applications attempt to contact each other via internet. Both applications are behind NATs. One is from an outside source, one is a home server. In the following figure (Figure 1), an application on PC1 is sending out packets in an attempt to communicate with an application on PC 2. The packet goes through steps 1, 2, 3, and 4, but is unable to complete steps 5 and 6. This is due to the interference of the firewall in the NAT router connected to PC2. The packet sent by the application on PC1 cannot pass through the firewall to reach the application on PC2. Figure 1: Packet Traversal without Trate *DIP: Packet IP address at that point. PC1 Router1 Routing Table: Routing Table (1) Local IP: LAN IP: (2) 192.168.1.61 192.168.1.1 Default Gateway: WAN IP: 192.168.1.1 64.193.227.2 (3) Application A S ender DIP*: 64.193.227.3 Internet (4) Application Listener PC2 Router2 Routing Table: Routing Table: (6) Local IP : LAN IP: (5) 192.168.1.61 192.168.1.1 Default Gateway: WAN IP: 192.168.1.1 64.193.227.3 2.2. Scenario: Two applications from separate computers behind different NAT routers attempt to connect to each other using STUN technology.
  3. 3. To aid VoIP (Voice Over IP) in passing through both NAT routers, the IETF developed STUN (Simple Traversal of User Datagram Protocol) technology. STUN has its own limitations: 1. STUN only supports VoIP applications. 2. STUN requires that the VoIP application be modified. 2.3. Scenario: Two applications from separate computers behind different NAT routers are able to pass through each other’s firewalls using UPnP (Universal Plug and Play). This method requires that the NAT router support UPnP. Due to UPnP’s interoperability issues, it is not always reliable. If it were, IETF would not have developed STUN to support VoIP applications. 3. How Trate Works: Scenario: (Figure 2). Two applications from separate computers behind different NAT routers are able to pass through each other’s firewalls using Trate. 1. Application A will attempt to contact the Application Listener’s public IP (64.193.227.3) directly. This is the case with programs such as BitTorrent and Limewire, as well as online games. 2. Both PC1 and PC2 have Trate applications installed and running. Trate (PC1 and PC2) will automatically register their NAT router’s public IP with the Trate address server. These registrations will be renewed periodically. If Application A receives no reply after sending out many packets to the Application Lister, Trate will be triggered into action.
  4. 4. 3. Trate (PC1) will send a request to the Trate address server, asking if 64.193.227.3 is online or not. 4. If 64.193.227.3 is online, Trate (PC1) will attempt to send a sync UDP packet with the source IP/port and destination IP (64.193.227.3)/port to it. Meanwhile, Trate (PC1) will also inform the Trate address server that it is attempting to connect with 64. 193.227.3. 5. The Trate address server will record Application A’s public NAT router IP address (64.193.227.2). 6. On the Application Listener’s PC, Trate (PC2) remains connected to the Trate address server. When Trate (PC2) receives a notification from the Trate address server that Trate (PC1) is attempting to connect to it, Trate (PC2) will send a sync UDP packet with source IP/port and destination IP (64.193.227.2)/port to PC1. 7. Through Steps 4 and 6, the NAT routers of PC1 and PC2 will create a pass-tunnel between PC1 and PC2. Trate (PC1 and PC2) will continue to send out packets to keep this pass-tunnel open until one or both users manually disconnects Trate (PC1 or PC2). 8. After a tunnel is established, a temp-route entry is added. 9. The destination IP (64.193.227.3) will go through the Trate (PC1) virtual interface (10.8.0.2). This entry will force all such packets whose destination IPs is 64.193.227.3 to go to Trate (PC1) before going anywhere else.
  5. 5. 10. Trate (PC1) will encapsulate such packets, or put tunnel heads on them, before sending them through the default gateway. 11. Through the default gateway, the packets will go to the internet. 12. When such encapsulated packets reach the other NAT router (WAN IP 64.193.227.3), the router will immediately dispatch them to PC2’s physic NIC (192.168.1.2). 13. PC2’s operating system will forward these encapsulated packets to Trate (PC2). 14. Trate (PC2) will de-encapsulate the packets and then send them to the Application Listener. 15. Packets sent from the Application Listener (PC2) to Application A (PC1) will follow the same mechanism. Figure 2: Trate: Packet Traversal PC1 (A1) Application A Temp-Route Entry: Sender *DIP: Packet IP address at that point. DIP*: 64.193.227.3 64.193.227.3 **A-DIP: Application destination IP address. to Router1 Routing ***T-DIP: Trate destination IP addres s. Table: 10.8.0.2 physic NIC LAN IP: IP of virtual Trate: 192.168.1.1 Encapsulated Packet. A-DIP**: 64.193.227.3 10.8.0.2 WAN IP: T-DIP***: 10.8.0.3 M ask: 64.193.227.2 DIP*: 64.193.227.3 255.255.0.0 (A2) (A3) Remove Tem p-Route Entry: 64.193.227.3 to Default Gateway PC2 NAT-m apped Packet. Address Server A -DIP**: 64.193.227.3 T-DIP ***: 10.8.0.3 Encapsulated Packet. Internet Encapsulated Packet. DIP*: 192.168.1.2 A-DIP**: 64.193.227.3 A-DIP**: IP of physic NIC: T-DIP***: 10.8.0.3 64.193.227.3 192.168.1.2 DIP*: 64.193.227.3 T-DIP***: 10.8.0.3 M ask: (A5) 255.255.255.0 physic NIC Router2 Routing (A6) Table: IP of virtual Trate: LAN IP: (A4) Application 192.168.1.1 10.8.0.3 De-encapsulate Listener WA N IP: M ask: Packet. 255.255.0.0 DIP*: 64.193.227.3 64.193.227.3 (A7) IP of virtual Trate: (A8) 64.193.227.3

×