A simple example, Firefox open a bi-directional connection.
If wb and mtv user run firefox www.yahoo.com and click
Sign In, yahoo only sees my internet ip address.
How does the packet stream get back to the correct user?
192.168.1 My basic hardware setup using two routers
.-----. .-----------. .----------.
.50 | wb |------| lan router|----|isp router|--
`-----' `-----------' `----------'
.-----. | | |
.60 | mtv |--------' | | SIP .-------.
`-----' | `-------| phone |
.-----. | `-------'
.70 | tb |-----------'
`-----'
Nodes using shorewall firewall running Mageia Release 7.1 Linux
Examples are two users on mtv and wb nodes doing the same activity
at the same time on my same internet address/connection.
isp router configured to pass all ports to same ports in lan router.
A simple example, Firefox open a bi-directional connection.
If wb and mtv user run firefox www.yahoo.com and click
Sign In, yahoo only sees my internet ip address.
How does the packet stream get back to the correct user?
A complex example, zoom.us connects 8801, 8802 for the meeting.
I do not know how my router would know to route the incoming
request to the correct user.
The reason I ask, zoom uses these ports,
TCP 80, 443 *.zoom.us
TCP 443, 8801, 8802 MeetingConnector
UDP 3478, 3479, 8801, 8802 MeetingConnector
and if ports 8801, 8802 are the ports zoom.us wants to open for the
meeting. How would the router know to route those packets to the
correct node?
Le 16/12/2020 à 16:54, Bit Twister a écrit :
192.168.1 My basic hardware setup using two routers
.------. .-----------. .----------.
.50 | wb |------| lan router|----|isp router|--
`------' `-----------' `----------'
.------. | | |
.60 | mtv |--------' | | SIP .-------.
`------' | `-------| phone |
.------. | `-------'
.70 | tb |-----------'
`------'
Nodes using shorewall firewall running Mageia Release 7.1 Linux
Including the routers ?
Examples are two users on mtv and wb nodes doing the same activity
at the same time on my same internet address/connection.
isp router configured to pass all ports to same ports in lan router.
What do you mean exactly by "pass ports to same ports" ?
A simple example, Firefox open a bi-directional connection.
What are you calling "bi-directional connection" ?
I would say that any HTTP connection is bidirectional by nature, as the client sends requests and the server sends replies.
If wb and mtv user run firefox www.yahoo.com and click
Sign In, yahoo only sees my internet ip address.
What are you calling "my internet ip address" ?
How does the packet stream get back to the correct user?
Using the destination address and port, as usual.
A complex example, zoom.us connects 8801, 8802 for the meeting.
What do you mean by "connect 8801, 8802" ?
I do not know how my router would know to route the incoming
request to the correct user.
The router doesn't know anything about users. It just forwards the
packet to the destination host. The destination host delivers the data
to the destination socket and process.
The reason I ask, zoom uses these ports,
TCP 80, 443 *.zoom.us
TCP 443, 8801, 8802 MeetingConnector
UDP 3478, 3479, 8801, 8802 MeetingConnector
What is "MeetingConnector" ?
and if ports 8801, 8802 are the ports zoom.us wants to open for >> the meeting. How would the router know to route those packets >> to the correct node?
What do you mean by "ports zoom.us wants to open" ?
On Thu, 17 Dec 2020 17:38:54 +0100, Pascal Hambourg wrote:
Le 16/12/2020 à 16:54, Bit Twister a écrit :
192.168.1 My basic hardware setup using two routers
.------. .-----------. .----------.
.50 | wb |------| lan router|----|isp router|--
`------' `-----------' `----------'
.------. | | |
.60 | mtv |--------' | | SIP .-------.
`------' | `-------| phone |
.------. | `-------'
.70 | tb |-----------'
`------'
Nodes using shorewall firewall running Mageia Release 7.1 Linux
Including the routers ?
No, routers the ones a normal house hold internet user would buy.
Examples are two users on mtv and wb nodes doing the same activity
at the same time on my same internet address/connection.
isp router configured to pass all ports to same ports in lan router.
What do you mean exactly by "pass ports to same ports" ?
If you were to look in your router you might find a Port Forwarding
screen which allows you to configure what Wan ports are
to be forwarded to desired ip addresses on the Lan.
A simple example, Firefox open a bi-directional connection.
What are you calling "bi-directional connection" ?
I would say that any HTTP connection is bidirectional by nature, as the
client sends requests and the server sends replies.
Yup, you and I are on the same page about that definition.
If wb and mtv user run firefox www.yahoo.com and click
Sign In, yahoo only sees my internet ip address.
What are you calling "my internet ip address" ?
Just like any home user has an internet ip address.
How does the packet stream get back to the correct user?
Using the destination address and port, as usual.
Me thinks you are looking through the wrong end of this conversation.
I understand routing from my node to some site on the internet.
David Hodgins's reply describes how the router knows which Lan ip
is to get the packet.
A complex example, zoom.us connects 8801, 8802 for the meeting.
What do you mean by "connect 8801, 8802" ?
Picture/Audio from the meeting server is sent on ports 8801, 8802
after the server has made the connection with the Zoom client
running on your node.
I do not know how my router would know to route the incoming
request to the correct user.
The router doesn't know anything about users. It just forwards the
packet to the destination host. The destination host delivers the data
to the destination socket and process.
Ok, I was using user as a pronoun for node and process/client.
The reason I ask, zoom uses these ports,
TCP 80, 443 *.zoom.us
TCP 443, 8801, 8802 MeetingConnector
UDP 3478, 3479, 8801, 8802 MeetingConnector
What is "MeetingConnector" ?
Term about the Zoom server which connects you to the desired meeting.
and if ports 8801, 8802 are the ports zoom.us wants to open for >> the meeting. How would the router know to route those packets >> to the correct node?
What do you mean by "ports zoom.us wants to open" ?
Just what I said. Zoom is going to open/establish a connection to
my internet address to one or more of those ports.
On 2020-12-17, Bit Twister <BitTwister@mouse-potato.com> wrote:
Just like any home user has an internet ip address.
Well, no. Your home could either be assigned a private address
(10.x.x.x, 192.168.x.x) in which case I think it is impossible for an outsider to connect to your machine, or a public address (most of the
other possibilities), in which case it knows exactly where to send the
packet to.
Those are the server's ports, not your ports. The two computers decide
which port on your machine is to get the information. You initiate the
zoom connection. Your computer sends a packet to the zoom server on some random port. Zoom then knows to reply to that random port if it wants to
send something to your machine, and the NAT router knows which machine
those reply packets are to go to.
Becaue that machine your user used connected to the zoom server on some
port, and the router knows that stuff coming back on that port should be directed to your machine.
It is going to establish a connection on some random port
chosen by your machine. After the connection is established, the server
may or may not use the those ports.
(It is also possible that that your machine will establish connections
on those zoom ports, and then, because the connection on those ports was instituted by your machine, the router knows to send replies back to
you. In general the server will not see those ports at all. It will see
a request from your machine whose port has been translated by the NAT to
some random port and the zoom server will only see that random port.
There are only 64000 ports, so if you have 64000 machines on your end
all trying to be NATed, the NAT router will run out of ports, and you
will have a mess. ( There are 2^24 address in 10.x.x.x and only 2^16
(64000) ports, but I doubt that you are in that situation. I do not know
IPV6 has more port possibilities.
On Thu, 17 Dec 2020 18:50:53 -0000 (UTC), William Unruh wrote:
On 2020-12-17, Bit Twister <BitTwister@mouse-potato.com> wrote:
Just like any home user has an internet ip address.
Well, no. Your home could either be assigned a private address
(10.x.x.x, 192.168.x.x) in which case I think it is impossible for an
outsider to connect to your machine, or a public address (most of the
other possibilities), in which case it knows exactly where to send the
packet to.
Technically your description is correct inside the ISP network,
but you can get your internet address by running any of these in a terminal
wget -qO - http://smxi.org/opt/ip.php
curl http://icanhazip.co
Those are the server's ports, not your ports. The two computers decide
which port on your machine is to get the information. You initiate the
zoom connection. Your computer sends a packet to the zoom server on some
random port. Zoom then knows to reply to that random port if it wants to
send something to your machine, and the NAT router knows which machine
those reply packets are to go to.
Becaue that machine your user used connected to the zoom server on some
port, and the router knows that stuff coming back on that port should be
directed to your machine.
It is going to establish a connection on some random port
chosen by your machine. After the connection is established, the server
may or may not use the those ports.
(It is also possible that that your machine will establish connections
on those zoom ports, and then, because the connection on those ports was
instituted by your machine, the router knows to send replies back to
you. In general the server will not see those ports at all. It will see
a request from your machine whose port has been translated by the NAT to
some random port and the zoom server will only see that random port.
There are only 64000 ports, so if you have 64000 machines on your end
all trying to be NATed, the NAT router will run out of ports, and you
will have a mess. ( There are 2^24 address in 10.x.x.x and only 2^16
(64000) ports, but I doubt that you are in that situation. I do not know
IPV6 has more port possibilities.
Ok, that makes sense, somewhat, and if so, then I understand how any
user at work/school can enter a Zoom meeting.
My questions come from reading about having to whitelist Zoom servers.
Your description seems to indicate all communication is though
connections made by Zoom client on the computer.
Hopefully my webcam gets here this week and my meeting test should have
no problems.
No, that is not your internet address. That is the internet of the
address of your router or of the ISPs router, depending on how to handle things.
ifconfig -a
will give you your computer's IP address. And that is usually a
non-routable address like 10.x.x.x or 192.168.x.x.
The "internet address" as you define it will be the same for all of the computers in your own local network. For example on my system, I get
75.155.y.y for all of the computers on my home network, where y.y is
the same for all of them.
That address is the address of the router that connects me to the
internet.
On Thu, 17 Dec 2020 22:49:44 -0000 (UTC), William Unruh wrote:
No, that is not your internet address. That is the internet of the
address of your router or of the ISPs router, depending on how to handle
things.
ifconfig -a
will give you your computer's IP address. And that is usually a
non-routable address like 10.x.x.x or 192.168.x.x.
The "internet address" as you define it will be the same for all of the
computers in your own local network. For example on my system, I get
75.155.y.y for all of the computers on my home network, where y.y is
the same for all of them.
That address is the address of the router that connects me to the
internet.
Heheh, we are in a violent agreement that if you want to connect to another site/user on the Internet you have to use the Internet Ip Address.
If you want to connect with anyone on LAN side you have to use the LAN
ip address.
Using multiple levels of routers is relatively rare for home users. It's more common in corporate environments and when it's necessary to bridge long distances
for connections between the computer and the modem used to connect to the isp.
On Thu, 17 Dec 2020 19:54:23 -0500, David W. Hodgins wrote:
Using multiple levels of routers is relatively rare for home users. It's more
common in corporate environments and when it's necessary to bridge long distances
for connections between the computer and the modem used to connect to the isp.
Yep, I agree. The reason I have two is anytime I can switch providers
and save $20 a month, I switch providers. I got tied of having to
get into the router and reconfigure it for my lan nodes.
Same thing when the Helpless Desk says to factory reset modem. :(
With the second router, my LAN nodes keeps their address and I have
to nothing to the ISP router except forward all ports to my router
disable UPnP, ALG Passthrough, remote internet access, and
turn off the wireless transmitter(s).
A big thank you for your Mageia community support David
and thanks to William for his replies.
On Thu, 17 Dec 2020 19:54:23 -0500, David W. Hodgins wrote:simpler that forwarding all ports. I have a similar setup as you do.
Using multiple levels of routers is relatively rare for home users. It's more
common in corporate environments and when it's necessary to bridge long distances
for connections between the computer and the modem used to connect to the isp.
Yep, I agree. The reason I have two is anytime I can switch providers
and save $20 a month, I switch providers. I got tied of having to
get into the router and reconfigure it for my lan nodes.
Same thing when the Helpless Desk says to factory reset modem. :(
With the second router, my LAN nodes keeps their address and I have
to nothing to the ISP router except forward all ports to my router
disable UPnP, ALG Passthrough, remote internet access, and
turn off the wireless transmitter(s).
A big thank you for your Mageia community support David
and thanks to William for his replies.
Why not set the isp router to 'bridge' mode. That's what I do. Much
The "internet address" as you define it will be the same for all of the computers in your own local network. For example on my system, I get
75.155.y.y for all of the computers on my home network, where y.y is
the same for all of them.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 286 |
Nodes: | 16 (3 / 13) |
Uptime: | 91:27:14 |
Calls: | 6,497 |
Calls today: | 8 |
Files: | 12,100 |
Messages: | 5,277,694 |