Menu
If a client inside firewall connects to a public server through TCP, once the connection is formed, the firewall allows two-way communication. This is what we normally see in our daily usage. My question is: is this also true for UDP?
Since UDP does not have connect, I will modify the question a little bit...
Suppose the client inside firewall sends a UDP packet to a public server, can the server respond back through firewall using the source address and port of incoming packet?
798
Yes this is called NAT traversal (or UDP punch through) and works in a similar way to TCP - the stateful NAT device is aware you recently sent a UDP packet from a certain end point internally to a certain end point outside and for a period will accept UDP packets from the same outside endpoint and forward them to the same internal end point.
I always prefer the IETF docs than the plethora of conflicting information out there (including on this site):
https://www.rfc-editor.org/rfc/rfc5128
UPDATE: There are other techniques to "UDP hole punching" such as UPnP's Internet Gateway Protocol and PCP. Each has their advantages and disadvantages and I am afraid there is no one solution works on all NATs!
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
