How to connect from Internet to local Mashine behind a router?

[Key-Real]

Hi,

I'm new at networking

I can start a synapse server.
When I listen local with my IP Server address, i can connect.
When I listen from my root-server(outside), which has an static IP address connected direct to the network card (same address from outside and which shown in ifconfig), i can connect.

Now I have following situation:
I wanna listen at home, I'm behind a router, so I have a different address of my router(internet, detected with https://whatismyipaddress.com/) and my machine(address detected with ifconfig).

who to listen in this scenario from home to get a connection from outside?

[af0815]

A good idea is, to learn something about Security in Networking :-)

Open the port in your router and told NAT to forward the port can open a major security risk. Normal such things are handled best with "road warrior" configuration aka VPN connections.

[birin]

What you describe is a classic situation.

You have to inform your router that communications for the port used by your server must be routed to the IP address of this server on your local network.

Look for the NAT mechanism (Network Adress Translation).

For example:
If the public address of your router is 100.100.100.100, that the local address of your server is 192.168.1.10 and the port used by your server software is 6950, you can create a NAT rule on your router to route communications arriving at 100.100.100.100 and port 6950 to local address 192.168.1.10 (and port 6950 too).

[Key-Real]

Is it possible to configure this with my pascal program?

[af0815]

Is it possible to configure this with my pascal program?

This is configuration of your internet hardware (router), nothing to do with pascal.

[birin]

No, I think no.
You need to configure your router, accessing the admin page, with login and password.

[Key-Real]

so there are no higher level solution?

I can imagine my users couldn't configure there router.

how other software solve this?

[TRon]

how other software solve this?

A good idea is, to learn something about Security in Networking :-)

NAT traversal in particular

[Warfley]

As already said, the problem is that you are behind a NAT. Basically introduced because of IP address range exhaustion (but today also seen as a security feature), your router is the only device connected to the internet and all devices connected to that router  are just in the home network. When you want to connect outwards,  you basically send your packets to the router, the router then relays them into the internet. The router thereby remembers your computer for the used port, so when a response comes to the same port it can relay it to your computer.

When you forward a port through your NAT you basically hardcode this as a rule that all packets to  a specific port should be relayed to your computer. But you can also "Trick" your router to register a port for you, this is called Hole punching. Basically you connect outwards to the internet, this causes the router to register a port to be redirected to your computer. From that point onwards, any time a packet arrives to that port it will be relayed to your PC, as if you statically forwarded a port in your router. But unlike the static forwarding, after some time the router will forgett about this forwarding (basically close the hole).

So what you can do is to regularly punch a new hole and then listen for anyone connecting to that port. The only thing you need is a way to publish that port. This is usually done by having a lookup server. When punching the hole, you connect to that lookup server. The server registers the port the request came from. When a client wants to connect to you, they ask the lookup server for the correct port, and then connect through the punched hole to your server.

This is how Skype  calls or many streaming and remote control apps like Teamviewer are operating. Instead of having all the communication being handled by a big central server, they just have a register server, which maps usernames onto IP addresses and ports, and all the streaming is then directly between the users. This allows the lookup servers to be very small and lightweight and allow those systems to be operated cheaply (and also much more privacy preserving then the alternatives like MS Teams or Discord)

[ASBzone]

so there are no higher level solution?

At a basic level, no.

If you really want to get sophisticated, then look into uPnP and/or DLNA

For instance: https://www.linksys.com/ca/support-article/?articleNum=138198

Otherwise, this is not easily addressed without making changes on an end-users networking gateway device (router/firewall/proxy/etc)

I can imagine my users couldn't configure there router.

They are not going to get the benefit of any software that needs to listen to traffic on the other side of a NATing device without network level configuration.

how other software solve this?

Most other software of this type provides instructions on how the end-user needs to adjust their network.     Or, you add uPnP or DLNA to your application (which has some security implications).

[TRon]

In addition

Most other software of this type provides instructions on how the end-user needs to adjust their network.

These days the site is a bit riddled with popups trying to sell you their network utilities but https://portforward.com has a bunch of routers and software listed and explains the process for users that have no clue whatsoever. Though as already mentioned it does pose a security risk. You have to know what you are doing but so is using/installing software that requires it.

[Key-Real]

So as I understand hole punching is my solution.

The Theory is clear.

Is there some examples / demos with synapse out there?

[balazsszekely]

@Key-Real

So as I understand hole punching is my solution.
The Theory is clear.

The theory is clear, however covering all the NAT traversal mechanism it's incredibly difficult and you need a lookup server.

Is there some examples / demos with synapse out there?

https://forum.lazarus.freepascal.org/index.php/topic,52110.0.html

[Key-Real]

I managed to establish Hole Punching, see:

https://forum.lazarus.freepascal.org/index.php/topic,63491.0.html

But it doesn't work everywhere

I think the next step is to look at uPnP

[rvk]

I think the next step is to look at uPnP

uPnP should be a lot easier 
https://www.rapid7.com/blog/post/2020/12/22/upnp-with-a-holiday-cheer/

But you'll notice it's turned off in the majority of the routers.