Connecting PCs Behind Different NAT Routers.
Today, TCP/IP Version 4 dominates the internet. At home,
users have numerous devices that are able to access the
internet via NAT (network address translator) routers, such
as PCs, set-top boxes, PDAs, and FMC dual mode cell
phones. There is a growing demand for convenient ways to
access home servers from workplace computers,
notebooks, or cell phones when away from home. To
access home servers from an outside source, two
conditions must be fulfilled: 1) The user attempting to
access the home server must know the public IP address
of the NAT router to the home server, and 2) The user
must be able to pass through NAT(s) of the home server.
To obtain a public IP address (condition 1) of the NAT
router to the home server, the user either chooses to
register a domain name combined with a static IP address
or to use a dynamic domain name service, otherwise
known as DDNS. To be able to pass through the firewall(s)
(condition 2) of the home server, the user would need to
configure the home server firewall(s). To be able to
configure the home server firewall(s), the user would need
to understand basic TCP/IP concepts, such as source IP
addresses, destination IP addresses, port forwarding, and
DMZ. For some end users, this is a tedious task. My
product implements a user-friendly way to pass through
firewall(s) without having to struggle with such tedious
2. Prior Attempts:
2.1. Scenario: Two applications attempt to contact each
other via internet. Both applications are behind NATs. One
is from an outside source, one is a home server.
In the following figure (Figure 1), an application on PC1
is sending out packets in an attempt to communicate with
an application on PC 2. The packet goes through steps 1,
2, 3, and 4, but is unable to complete steps 5 and 6. This
is due to the interference of the firewall in the NAT router
connected to PC2. The packet sent by the application on
PC1 cannot pass through the firewall to reach the
application on PC2.
Packet Traversal without Trate
*DIP: Packet IP address at that point.
Routing Table: Routing Table
(1) Local IP: LAN IP:
Default Gateway: WAN IP:
Listener PC2 Router2
Routing Table: Routing Table:
(6) Local IP : LAN IP:
Default Gateway: WAN IP:
2.2. Scenario: Two applications from separate computers
behind different NAT routers attempt to connect to each
other using STUN technology.
To aid VoIP (Voice Over IP) in passing through both
NAT routers, the IETF developed STUN (Simple Traversal of
User Datagram Protocol) technology. STUN has its own
1. STUN only supports VoIP applications.
2. STUN requires that the VoIP application be
2.3. Scenario: Two applications from separate computers
behind different NAT routers are able to pass through
each other’s firewalls using UPnP (Universal Plug and
This method requires that the NAT router support
UPnP. Due to UPnP’s interoperability issues, it is not
always reliable. If it were, IETF would not have developed
STUN to support VoIP applications.
3. How Trate Works:
Scenario: (Figure 2). Two applications from separate
computers behind different NAT routers are able to pass
through each other’s firewalls using Trate.
1. Application A will attempt to contact the
Application Listener’s public IP (18.104.22.168)
directly. This is the case with programs such as
BitTorrent and Limewire, as well as online
2. Both PC1 and PC2 have Trate applications
installed and running. Trate (PC1 and PC2) will
automatically register their NAT router’s public
IP with the Trate address server. These
registrations will be renewed periodically. If
Application A receives no reply after sending out
many packets to the Application Lister, Trate
will be triggered into action.
3. Trate (PC1) will send a request to the Trate
address server, asking if 22.214.171.124 is
online or not.
4. If 126.96.36.199 is online, Trate (PC1) will
attempt to send a sync UDP packet with the
source IP/port and destination IP
(188.8.131.52)/port to it. Meanwhile, Trate
(PC1) will also inform the Trate address server
that it is attempting to connect with 64.
5. The Trate address server will record Application
A’s public NAT router IP address
6. On the Application Listener’s PC, Trate (PC2)
remains connected to the Trate address server.
When Trate (PC2) receives a notification from
the Trate address server that Trate (PC1) is
attempting to connect to it, Trate (PC2) will
send a sync UDP packet with source IP/port
and destination IP (184.108.40.206)/port to PC1.
7. Through Steps 4 and 6, the NAT routers of PC1
and PC2 will create a pass-tunnel between PC1
and PC2. Trate (PC1 and PC2) will continue to
send out packets to keep this pass-tunnel open
until one or both users manually disconnects
Trate (PC1 or PC2).
8. After a tunnel is established, a temp-route entry
9. The destination IP (220.127.116.11) will go
through the Trate (PC1) virtual interface
(10.8.0.2). This entry will force all such packets
whose destination IPs is 18.104.22.168 to go to
Trate (PC1) before going anywhere else.
10. Trate (PC1) will encapsulate such packets, or
put tunnel heads on them, before sending them
through the default gateway.
11. Through the default gateway, the packets will
go to the internet.
12. When such encapsulated packets reach the
other NAT router (WAN IP 22.214.171.124), the
router will immediately dispatch them to PC2’s
physic NIC (192.168.1.2).
13. PC2’s operating system will forward these
encapsulated packets to Trate (PC2).
14. Trate (PC2) will de-encapsulate the packets and
then send them to the Application Listener.
15. Packets sent from the Application Listener
(PC2) to Application A (PC1) will follow the same
Trate: Packet Traversal
Application A Temp-Route Entry:
Sender *DIP: Packet IP address at that point.
DIP*: 126.96.36.199 188.8.131.52 **A-DIP: Application destination IP address.
to Router1 Routing
***T-DIP: Trate destination IP addres s.
physic NIC LAN IP:
IP of virtual Trate: 192.168.1.1
A-DIP**: 184.108.40.206 10.8.0.2 WAN IP:
T-DIP***: 10.8.0.3 M ask: 220.127.116.11
DIP*: 18.104.22.168 255.255.0.0 (A2) (A3)
Remove Tem p-Route
PC2 NAT-m apped Packet. Address Server
A -DIP**: 22.214.171.124
T-DIP ***: 10.8.0.3 Encapsulated Packet.
DIP*: 192.168.1.2 A-DIP**: 126.96.36.199
A-DIP**: IP of physic NIC:
188.8.131.52 192.168.1.2 DIP*: 184.108.40.206
T-DIP***: 10.8.0.3 M ask: (A5)
255.255.255.0 physic NIC Router2 Routing
IP of virtual Trate: LAN IP: (A4)
Listener WA N IP:
M ask: Packet.
255.255.0.0 DIP*: 220.127.116.11 18.104.22.168
IP of virtual Trate: