darkline
Contributor
Contributor

Hole punching through Vmware NAT

Jump to solution

I am really not sure where to put this so if i'm in the wrong area please redirect me.

Anyway what i am doing iis using VMware to test out a few programs, which use holepunching techniques to get throught NAT, so what i want to know is to what extent does the VMware NAT support hole punching. Particularly with TCP - does it check the ACK numbers etc?

For any info given thanks, if i posted this in the wrong place sorry.

Hen

0 Kudos
1 Solution

Accepted Solutions
mike_laspina
Champion
Champion

NAT does not deal with SYN ACK FIN in only deals with MACs, IP's and some times ports. There should not be any interaction with the session state info.

http://blog.laspina.ca/ vExpert 2009

View solution in original post

0 Kudos
8 Replies
Dave_Mishchenko
Immortal
Immortal

Which VMware product are you using?

0 Kudos
mike_laspina
Champion
Champion

NAT does not deal with SYN ACK FIN in only deals with MACs, IP's and some times ports. There should not be any interaction with the session state info.

http://blog.laspina.ca/ vExpert 2009
0 Kudos
darkline
Contributor
Contributor

Sorry i dont understand your last sentance - i am a real novice at this stuff.

If the NAT only deals with the MAC's IP's and ports all i need to do for hole punching with tcp would be ::-

1. Virtual Os sends to outside computer (1.1.1.1:1111) opening up a port

2. 1.1.1.1:1111 connects to the computer with VMware on (2.2.2.2) and the VMware nat forwards it - connection established

if thats it then all is good

thanks

0 Kudos
darkline
Contributor
Contributor

Sorry i dont understand your last sentance - i am a real novice at this stuff.

If the NAT only deals with the MAC's IP's and ports all i need to do for hole punching with tcp would be ::-

1. Virtual Os sends to outside computer (1.1.1.1:1111) opening up a port

2. 1.1.1.1:1111 connects to the computer with VMware on (2.2.2.2) and the VMware nat forwards it - connection established

if thats it then all is good

thanks

0 Kudos
mcowger
Immortal
Immortal

What you have described is basic NAT functionality, and yes, Server/Workstation do this.

--Matt

--Matt VCDX #52 blog.cowger.us
0 Kudos
mike_laspina
Champion
Champion

Yes thats is pretty much it. NAT maintains a table of what MAC belongs to what IP to figure out where to send it. Sometimes a port method is also employed along with it but that's not common.

e.g. VM 00-C1-E3-00-55-11:192.168.0.1:Port 80 = Host 00-33-D4-43-7F-12:145.230.1.22:Port 80

http://blog.laspina.ca/ vExpert 2009
0 Kudos
mcowger
Immortal
Immortal

While NIT picky, I would add that NAT has nothing to do with MAC addresses or layer 2 - its a purely layer 3 protocol. ARP and ARP tables is responsible for IP->MAC mappings.

--Matt

--Matt VCDX #52 blog.cowger.us
0 Kudos
darkline
Contributor
Contributor

Thanks very much everyone,

0 Kudos