Multiple clients behind a NAT - IP detection using UPnP
 

There are many users who are in an enviroment where there are multiple people that want to use Gnutella at the same time but

where thery is only one connection (one IP) to the Internet and everyone is behind a NAT router .

Example : family with one ADSL connection but has a router with 3 PC's connected

Pic : red lines represent physical wires between devices

http://users.pandora.be/karel.boonen/Temp/lan.gif

Suppose al 3 of those PC's are running a Gnutella client on the same port at hte same time .
Then noone will be able to connect since the NAT can't figure out what needs to be forwared to who .
Port forwarding only works with one IP at the time .
You cannot forward data to multiple places at a time .
If you force the NAT to forward data on a specific port to a specific IP then only that PC can connect . the other 2

remaining PC's are left out in the cold .

Pic : red lines represent Gnutella connections .
the inside of the circle is the LAN .
the outside the Internet .
This config can not work !

http://users.pandora.be/karel.boonen/Temp/noupnp.gif

But suppose that the NAT supports UPnP and all the Gnutella clients too :
The first client that starts up looks if there are any other clients on the LAN by scanning for port 6346 . If there are

none it asks the NAT the outside IP using UPnP (IP detection!) .
then it goes into "peer" mode wich is normal operation + proxy for other clients .

Any other clients that start up after the first one also scan the network like the first one .
But they wil find other clients running on the LAN . (either oher leafs or the peer)
then they go into "leaf" mode .
They ask the first client they encounter the IP of the "peer" on the LAN .
Then they connect to the peer and the peer does everything for them . (searching , forwarding results , etc ... )
You might recognize the Ultrapeer concept introduced by LimeWire but we go further :
the peer also acts as a proxy for connections carying files . (uploads and downloads)
Since the leafs cannot connect directly to the NAT (because the peer already is) they have to route everything tru the

"peer" .
I mean this on a physical level , the leaf cannot acces port 6346 on the NAT because it is in use .

Pic : red lines represent connections .
the inside of the circle is the LAN .
the outside the Internet .
This config does work !

http://users.pandora.be/karel.boonen/Temp/upnp.gif

Notes :
1) What if the peer quits ?

Then the first client that came on after the peer (first leaf) becomes the new peer .
the other leafs on the LAN know that the peer has quit since they suddenly lost their connection .
But what if every leaf has to maintain a list of IP's :
IP of peer
IP of first leaf
IP of second leaf
...

Also every leaf knows wich number it is (second , third , etc)
The first leaf becomes the new "peer"
and all the leafs connect to this new peer .
The list also get's updated : the second leaf now becomes the first leaf and the third leaf becomes the second one , etc ...

2) how do they get that list and keep it updated ?

The peer knows the number and IP of every leaf connected to him . then when a new leaf connects to him the peer sends that

list to that leaf and every other leaf on the LAN (to keep them updated)

3) How does the "peer" find it's real IP ? (the outside IP)

That's were the UPnP comes in : The peer simply asks the NAT !
If the NAT router supports UPnP its real easy to find the IP .

4) And if it doesn't support UPnP ?

Then the client can find it's IP by examining the IP of icoming data originating from outside the LAN .
It should never try to "examine" data originating from inside the LAN or it might conclude it's not on a LAN or think that's

it's real IP .
But this is easily prevented by preventing the client from examining data with private IP's .

5) how does the peer know the difference form leafs and outside connections ?

Inside the LAN there is a set range of IP's . (usually 192. )
So everyone that wants to connect to the peer with a IP in that range is a leaf from the LAN .
Everyone with another IP is a normal connection that got forwarded from the NAT .

The peer can find out the appropiate range by simple looking at its own IP .

6) How does a client know if it is on a private LAN with a NAT or not ?

Because the DCHP server on that LAN (or manually) assigns IP's to everyone in a certain IP range .
And some ranges are reserved for special purposes .
For example : the 192. range is used on LAN's behind NAT .
(Don't know if that is the official definition)
The client has a list of ranges and knows if a IP is a private or public IP .
Most of the IP's listed in red on the download window are private IP's .
And those clients are located on a LAN behind a NAT .

7) what if the peer isn't on port 6346 ?

2 solutions :
- Don't change the default port (6346) on any of the clients on the LAN
- Ask the NAT using UPnP . the NAT knows who the peer is since it is forwarding data to the peer .
Don't sure how this works but I heard that it is possible . (I'm not a networking guru)
If the NAT doesn't support UPnP you wil have to use solution #1

8) Why don't we simply change to port on each client ?

Because there are people that don't bother .
Or are simply too stupid .
But then they come to the forums with posts like "I can't connect" and "x client sucks" .

The idea was to work out a scheme wich doesn't require user input .
If you noticed I never asked that the one in charge of the network to run by every PC to adjust their settings .
Now if you are at home with 2 PC's it isn't that hard to go by every one to change the ports .
But if you work in a company with 100+ PC's and you aren't allowed to acces any of those exept your own ...
Even if they have a T1 they might not have unique IP's for everyone .
IP's cost money : They have to buy every single one from the ISP .

Imagine you are CEO :
Buy 300 IP's at 2$ a piece or buy 150$ NAT ?
I think you won't have to hesitate long .
Some big connections indeed come with limitles IP's but many don't and have limits like 10 or 20 IP's .

"But if they have 100+ PC they will need that big limitles connection"
Trhu in some cases but many companies have enough bandwidt on one connection like a T1 because they are not specialized in

the internet buisnes .
Imagine you work in a big company that for example makes swimming pools (stupid example but will do)
they might have 50+ PC's but they won't need a T3 .

And it is not likely that in such a big company that you are allowed to run by every PC to change their ports .
There are more people stuck in this situation then you think .


So any questions or ideas ?
I think it's really time that someone (don't care who) starts working on this problem .
There are allot of familys nowadays that have 2 or more PC's but with a ISP that only assings one IP .
But they only realize the limitations of a NAT after they picked up a cheap one from their local supermarket .
But they also don't think of changing the ports on each client ...
Remember : my idea was to come up with a solution that doesn't require user input .

If you are behind a router (without port forwarding) you will not be able to accept any incoming connections to your gnutella server port at all, so this is no issue in this case. You should still be able to connect to gnutella however.

The simplest solution is to add proxy support to LimeWire and set up a proxy on the router, - I've got some SOCKS code from an open-source java httpclient on my harddisk, I meant to make it usable for LimeWire, but I did not have time since I had to spend most of my energy on my education (at the university). Since the semester has ended I think I could add it pretty soon and submit the patch to the LimeWire team.

Setting up LimeWire itself to relay connections (including uploads and downloads) for other clients is a nice idea but I think it's not absolutely necessary for that purpose. There are SOCKS servers in java that could do the relaying stuff on any plattform.

Altering a client to relay connections (proxy or SOCKS) is not a problem .
But somehow the clients have to find eachother on the LAN .
Once the clients knows the location of their neighbours the rest can be worked out with several solutions .

On the net it is just thesame problem :
Why do you think we have hostcaches ?
But on the net we atleast have the hostcaches .
They always stay in the same place so the clients know how to find other clients .

But on a home-LAN you have computers jumping on and off al the time .
So you have to have a dynamic solution wich doesn't require dedicated hardware . (meaning : a hostcache)

How do you find eachother on a LAN ?
There is no handy-dandy always-on hostcache on a LAN .
Do you think that our example family will dedicate a PC just to run a hostcache ?

Just thesame with the proxy : Do you think that the average user will dedicate a computer just for a proxy ? I don't think so .

Setting up a proxy on the router ?
Then we again bump into the average user group .
1)The average user doesn't have a comp as a router .
2)The average user doesn't know how to set-up a comp as a router
When you use the term "router" in the average user group you have to think those cheap POS they pick up at RadioShack .

So they can't fiddle with their routers like they want since the thing doesn't support it .
(Unless you find the time to write new firmware for every router on the market)

This solution was meant for the average user .
That in turn means that you can ask the user to do this or that .
You have to come up with a solution with no user input .

And the "average user" as only a few resources on their LAN :
-PC's that jump on and of all the time
-A cheap NAT router wich maybe supports UPnP

You want a hostcache ? can't , they don't have dedicated hardware
You want a proxy ? can't they don't have dedicated hardware
You want to fiddle with their router ? can't , thing doesn't support it
You want average users to do something more then installing your client? can't , they don't know anything about comps and networks .

Damn ! the forum keeps logging me out !

Does this work?
 

This gave me an interesting idea .... take the pc that i run limewire on all the time ... its on a lan (home), enable its ultrapeer capabilities ... take another pc on the lan ... remove all hosts from list except for first computer ....

so I've got 192.168.254.253 as the host and 192.168.254.250 looking at that as its only source of hosts ...

is this going to get me anywhere? .... Just curious, as the .250 machine just pulled up a list of ultrapeers, which I'm assuming it got from the .253 machine. Or is Limewire hard coded with a hosts list?

It isn't hardcoded . Clients pas tru lists of hosts .

But you can prevent it from happening by diasabling the ultrapeer mode and settings the max connections entry to 1