1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incoming connections confusion with NAT

Discussion in 'Networks' started by kobem, Jul 18, 2009.

  1. kobem

    kobem Megabyte Poster

    791
    1
    50
    First, i want to specify that all questions written down here is related to a computer who wants to connect to Internet
    while behind a NATted device. (Struggling "incoming connections" term while studying NAT )


    Question1 : 1- As you know, Incoming connections are blocked by NAT. Check out the example that makes me sick. For instance, we try to make connection with web server i mean displaying a website content. For this, first we send a request packet to that web server. This time, no problem occurs because NAT allows outgoing connections. However, after getting our request, a reply packet is sent back to our computer. That time, thats why NAT prevents incoming connections, reply can not be taken by us. But, nothing bad happens and we get the reply. So, isn't this "reply packet" a kind of incoming connection?

    Question2 :Imagine something else, for example msn messenger application. Assume, i launched a session on msn messenger. After a while, i began chatting with my friend. I wrote down bla bla bla. Then, he typed some characters and sent me. When i received the message that he sent, NAT could have blocked it since it is an incoming connection. But nothing bad happened.
    why not?

    Question3 : Same example with the second. How can i chat on msn messenger if i am behind a NATted device without any port opening on the other hand port forwarding ?
     
    Certifications: CCNA
  2. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  3. kobem

    kobem Megabyte Poster

    791
    1
    50
    didn't you make out the thing?
     
    Certifications: CCNA
  4. JonnyMX

    JonnyMX Petabyte Poster

    5,239
    211
    236
    ******Sigh******

    :rolleyes:

    :tune

    :hhhmmm

    :snipersmi

    :blowingup

    :clap
     
    Certifications: MCT, MCTS, i-Net+, CIW CI, Prince2, MSP, MCSD
  5. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Isn't it time to ban this fella?

    He's becoming a parody of himself. He keeps asking the same questions over and over and over and over and over and over again. He's been given the answers, told why they're the answers, been advised to learn the material himself, been given advice on how to learn that information... yet still comes back with the same questions again.

    Its frankly ludicrous to expect anyone who still doesn't understand the very basics of networking to grasp a concept like NAT properly - its like a five year old with stabilisers on his bike asking to ride a Ducati monster.

    I'm beginning to believe the other forums he's obviously been banned from were just sick of him - he wasn't abusive or anything, just... pointless.

    He's either borderline disturbed, has the IQ of a nest of tables or is the best, most well thought-out troll I;ve come across for a long time
     
    Certifications: A few
    WIP: None - f*** 'em
  6. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Kobem hows the networking MSc going ?
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  7. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    rofl:twisted:
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  8. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Kobem know why you are banned from so many forums? there is more than one reason.

    1 you do not listen to any advice given to you.

    2 you are trying to learn above your abilty abd you ask questions which you should know the answer to, you need to start at the bottom.

    3 you need to learn basic networking before doing anything you write about.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    As the connection is started as an outbound connection you dont have to worry about inbound ports.

    As above.


    MSN connects outbound to a MS server, again no inbound ports are needed for this app to work.


    Time for a beer... :slidedrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. Ence

    Ence Kilobyte Poster

    338
    8
    30
    Maybe hes a slow learner! It shocking kobem doesn't pick things up as quick as you so what. So dose that mean an CF members can only ask one question on an subject.

    Your put down zebulebu doesn't help if someone is struggling.
     
  11. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Dude - it wasn't a put-down. And he isn't a 'slow learner'. He's just asking the same questions over and over again. He's been given the answers. He's apparently doing a degree in networking - yet doesn't understand that one networking stack = one IP address.

    My nine year old nephew understands IT better than kobem - and he's not doing a degree in networking.

    I know you haven't really been around here that long, so will give you the benefit of the doubt - why don't you check back through the forum, looking at kobem's previous posts? You'll see that - going back at least two years - he has been asking pretty much the same question - and been given the answer on numerous occasions by good samaritans.
     
    Certifications: A few
    WIP: None - f*** 'em
  12. wizard

    wizard Petabyte Poster

    5,763
    35
    174
    Ence there is slow learning and there's not taking any information in at all. Search through all of his posts, search through all of the answers we have given him, then search his replies completely ignoring the answers we've given him.

    Then come back and tell us if zeb is being harsh.
     
    Certifications: SIA DS Licence
    WIP: A+ 2009
  13. kobem

    kobem Megabyte Poster

    791
    1
    50
    Thanks mate.

    Guyz, you have to know something especially Zebulebu. I do not play any game here. You could not make out the situation im in. I meet lots of problems about networking. In spite of everything, i have to succeed it somehow. I have no other choice, no other way.

    1- Let's return to the point. I wonder whether "replies are counted as incoming connection"

    2- File sharing programs need to port forwarded because of NAT. Hence it blocks incoming connections. But, why do not
    we meet the same issue during web browsing?
     
    Certifications: CCNA
  14. dazza786

    dazza786 Megabyte Poster

    758
    30
    67
    In all honesty, I think a large part of it is down to the language. On all of his posts it looks like he has converted a word from Turkish to English, and then put that word through a thesaurus.
     
    Certifications: MCP (271, 272, 270, 290, 291, 621, 681, 685), MCDST, MCTS, MCITP, MCSA, Security+, CCA(XA6.5)
  15. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Not really. An incoming connection is *started* outside your network. Therefore ports etc. will need to be opened. A reply to web request from your browser does not need any inbound ports to be opened.

    Do they? All file sharing applications I have used didnt need any inbound open ports as the client software starts the connection therefore no *inbound* ports are needed.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  16. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  17. kobem

    kobem Megabyte Poster

    791
    1
    50

    God bless you Sparky. You possess very good insight. Now, i got the first completely.
    Time for the second

    Check this out below :

    " Hosts behind NAT-enabled routers do not have end-to-end connectivity and cannot participate in some Internet protocols. Services that require the initiation of TCP connections from the outside network, or stateless protocols such as those using UDP, can be disrupted. Unless the NAT router makes a specific effort to support such protocols, incoming packets cannot reach their destination. Some protocols can accommodate one instance of NAT between participating hosts ("passive mode" FTP, for example), sometimes with the assistance of an Application Layer Gateway (see below), but fail when both systems are separated from the Internet by NAT. Use of NAT also complicates tunneling protocols such as IPsec because NAT modifies values in the headers which interfere with the integrity checks done by IPsec and other tunneling protocols."

    Regarding the lines above, some protocols are not allowed to make a connection from the outside. So, how will you
    be able to do it without port forwarding if you behind a NAT computer for these applications?
     
    Certifications: CCNA
  18. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    For a VPN connection using IPSec the connection is often terminated on the external interface of a firewall. Therefore NAT is not needed to translate a published IP address to an internal address. Internal IPs are accessed through the VPN tunnel without the need for NAT.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  19. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Sparky, do you really think you are helping this guy by giving him these answers? Will he be sending you what ever qualification he eventually earns? Because at the moment it looks like you are doing all the work mate.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  20. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    Sparkys gonna have a Turkish and an English MSc soon ! :biggrin
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH

Share This Page

Loading...