|
|
|
|
|
|
by TrueDuality
2556 days ago
|
|
|
That is generally true, but has weird edge cases. For example using not so specially crafted ICMP packets[1] two hosts each behind independent NATs can communicate with each other without any change to a firewall configuration. Also honorable mentions: The UPnP protocol & STUN servers [1]: https://samy.pl/chownat/ |
|
|
Server sends constant icmp pings with fixed payload to unreachable dead Internet IP. Client sends icmp time exceeded message to server containing original fixed ping subpayload, which the server NAT lets through because the payloads match as related traffic. Server then learns client IP and usual chownat udp hole punching tricks apply.