On 2020-12-17, Bit Twister <
BitTw...@mouse-potato.com> wrote:
> On Thu, 17 Dec 2020 17:38:54 +0100, Pascal Hambourg wrote:
>> Le 16/12/2020 à 16:54, Bit Twister a écrit :
>>> 192.168.1 My basic hardware setup using two routers
>>> .------. .-----------. .----------.
>>> .50 | wb |------| lan router|----|isp router|--
>>> `------' `-----------' `----------'
>>> .------. | | |
>>> .60 | mtv |--------' | | SIP .-------.
>>> `------' | `-------| phone |
>>> .------. | `-------'
>>> .70 | tb |-----------'
>>> `------'
>>>
>>> Nodes using shorewall firewall running Mageia Release 7.1 Linux
The router uses NAT. zoom ports are for receiving, not necessarily
transmitting.
You machine A sends out a packet from A:PA to internet address Q:PQ where PQ is the
port and the address is Q. The router replaces A:PA with a new port RA
and a new address R, and keeps a table which says that R:PR is linked
with A:PA When the reply comes back to R:PR, the router looks up the
table, and forwards that replay to A:PA. It does that with each packet.
The ISP router does the same thing.
If an outsider does a connection, then you would need to set up a table
in your router that says "If a packet comes into the router for R:PZ (
where PZ is the zoom port say, of port 80 for http) it looks in its
table ( which you set up beforehand) and says OK, you said that if R:80
comes in, then send that to C:80, where C is what you chose as your http
handler. I do this for many of my ports.
I have this set up for many of the ports coming to me, who are behind a
router, for example with ssh, or mail.
>>
>> Including the routers ?
>
> No, routers the ones a normal house hold internet user would buy.
>
>>> Examples are two users on mtv and wb nodes doing the same activity
>>> at the same time on my same internet address/connection.
>>>
>>> isp router configured to pass all ports to same ports in lan router.
I presume not to tranlate the ports.
>>
>> What do you mean exactly by "pass ports to same ports" ?
>
> If you were to look in your router you might find a Port Forwarding
> screen which allows you to configure what Wan ports are
> to be forwarded to desired ip addresses on the Lan.
>
>
>
>>> A simple example, Firefox open a bi-directional connection.
>>
>> What are you calling "bi-directional connection" ?
>> I would say that any HTTP connection is bidirectional by nature, as the
>> client sends requests and the server sends replies.
>
> Yup, you and I are on the same page about that definition.
>
>>
>>> If wb and mtv user run firefox
www.yahoo.com and click
>>> Sign In, yahoo only sees my internet ip address.
So?
>>
>> What are you calling "my internet ip address" ?
>
> Just like any home user has an internet ip address.
Well, no. Your home could either be assigned a private address
(10.x.x.x, 192.168.x.x) in which case I think it is impossible for an
outsider to connect to your machine, or a public address (most of the
other possibilities), in which case it knows exactly where to send the
packet to.
>
>>> How does the packet stream get back to the correct user?
The user is up to the local machine. I presume you mean that local
machine. It is either a reply, in which the NAT tables in the router
know where to send the reply to, or it is call out of the blue, in which
case the port forwarding tables tell it where to go.
>>
>> Using the destination address and port, as usual.
>
> Me thinks you are looking through the wrong end of this conversation.
>
> I understand routing from my node to some site on the internet.
> David Hodgins's reply describes how the router knows which Lan ip
> is to get the packet.
>
>>> A complex example,
zoom.us connects 8801, 8802 for the meeting.
>>
>> What do you mean by "connect 8801, 8802" ?
>
> Picture/Audio from the meeting server is sent on ports 8801, 8802
> after the server has made the connection with the Zoom client
> running on your node.
Those are the server's ports, not your ports. The two computers decide
which port on your machine is to get the information. You initiate the
zoom connection. Your computer sends a packet to the zoom server on some
random port. Zoom then knows to reply to that random port if it wants to
send something to your machine, and the NAT router knows which machine
those reply packets are to go to.
>
>>
>>> I do not know how my router would know to route the incoming
>>> request to the correct user.
Becaue that machine your user used connected to the zoom server on some
port, and the router knows that stuff coming back on that port should be
directed to your machine.
>>
>> The router doesn't know anything about users. It just forwards the
>> packet to the destination host. The destination host delivers the data
>> to the destination socket and process.
>
> Ok, I was using user as a pronoun for node and process/client.
Bad idea.
>
>>> The reason I ask, zoom uses these ports,
>>> TCP 80, 443 *.
zoom.us
>>> TCP 443, 8801, 8802 MeetingConnector
>>> UDP 3478, 3479, 8801, 8802 MeetingConnector
No, it uses a whole bunch of ports. Those are the ports that are used if
you, cold turkey, what to talks to the server on.
For example, my machines are behind a firewall. ports8801 and 8802 are
NOT allowed inbound through the firewall. Yet I use zoom all the time.
Why? Because my machine sends packets to the server over a random port,
and when that happens, the router and the firewall software know that if
a reply comes on that port, it should be forwarded to your machine.
>>
>> What is "MeetingConnector" ?
>
> Term about the Zoom server which connects you to the desired meeting.
>
>>> and if ports 8801, 8802 are the ports
zoom.us wants to open for >> the meeting. How would the router know to route those packets >> to the correct node?
>>
>> What do you mean by "ports
zoom.us wants to open" ?
>
> Just what I said. Zoom is going to open/establish a connection to
> my internet address to one or more of those ports.
>
No it is not. It is going to establish a connection on some random port
chosen by your machine. After the connection is established, the server
may or may not use the those ports.
(It is also possible that that your machine will establish connections
on those zoom ports, and then, because the connection on those ports was
instituted by your machine, the router knows to send replies back to
you. In general the server will not see those ports at all. It will see
a request from your machine whose port has been translated by the NAT to
some random port and the zoom server will only see that random port.
There are only 64000 ports, so if you have 64000 machines on your end
all trying to be NATed, the NAT router will run out of ports, and you
will have a mess. ( There are 2^24 address in 10.x.x.x and only 2^16
(64000) ports, but I doubt that you are in that situation. I do not know
IPV6 has more port possibilities.