NAT Gateways
NAT stands for "Network Address Translation". NAT is a form of firewall that lets you have a set number of routable IP numbers at the firewall (or gateway/router), and share those among many more machines. An example of this would be if you had an office with a circuit and were assigned only 5 usable IP's, but had 15 machines that need to be connected. Same principle applies if you only have one IP address available.
NAT and Windows
With Windows 98 and Windows 2000, Microsoft Windows has a feature they call "Internet Connection Sharing". This is quite simply a NAT system that allows you to share the IP that system is using to the rest of the network. This is what you'd use if you and your 2 roommates wanted to share a dialup connection. Windows will typically use the internal class C reserved address space (defined in RFC 1918), which is 192.168.*.*.
This is actually quite easy for Gnutella to work with. Under the advanced properties (when you tell Windows to "Share this connection"), you will see something called "Exported Services". If you go in here, you can tell the NAT system to forward all connections on a given port on the NAT machine to one of the internal addresses.
Assume for a second that you're running Windows NAT on a DSL, and the IP given to you by your ISP is 1.2.3.4. Windows will assign 192.168.0.1 to the internal side of the network and set up a rudimentary DHCP server. Your machine is 192.168.0.6, and you're running Gnutella on port 6350. You would tell your NAT configuration to export port 6350 to 192.168.0.6. In Gnutella, you go into your configuration and tell it to Force Local IP to the address of the NAT system (1.2.3.4). This way, you're telling the GnutellaNet that you're running a servant on 1.2.3.4:6350, and that's where everyone will connect, Since the service on port 6350 is being exported to 192.168.0.6, it will simply be passed on to the Gnutella servant running on your workstation.
NAT and Linux
Linux does not currently support NAT at the kernel level (It's in development for the 2.4 kernel release. Current production kernels use IP Masquerading with ipchains).
NAT and Routers
Many home and small-business routers also have NAT built-in to their feature set. They also have a configuration option commonly referred to as "Exported Services". How to configure it varies widely from one router to the next, and you should consult the documentation provided with it. Here's a short list of links to vendor documentation on some common routers:
- Netopia R7100 (SDSL) [ specs | docs ]
- D-Link DI-701 (DSL) [ specs |
docs ]
IP Masquerading
IP Masquerading works similarly to NAT, except that it works at a different layer than NAT does. IP Masquerading functions at the packet level and is commonly referred to as PAT (Packet Address Translation). Examples of IP Masquerading applications are ipchains in Linux, ipfw under most other Unix systems, and WinGate under Windows.
Some applications have difficulty with packets that have been mangled by IP Masquerading and usually require special handling. Linux does this in the form of kernel modules. Gnutella doesn't currently appear to require any special treatment. Setup on a masqueraded system is very similar to that of NAT, except that you will need a port forwarding utility on your masquerading application. Please refer to the accompanying documentation for details.
SOCKS
Neither Gnutella nor its clients appear to have any kind of native support for SOCKS proxies at this time. However, you may socksify the application with a utility such as SocksCAP, or the entire system with an application like Hummingbird SOCKS Client. Please refer to the documentation for your individual client. Gnutella runs quite well in an environment like this, but cannot accept incoming connections from outside the firewall unless you're using a secure inbound SOCKS client.