>> Dan Kolis wrote: >> Yes indeed. Probably the #1 biggest use for STUN short >> term is going to be SIP. It seems like not too much >> information has to go thru the known reachable machine. >> Maybe just about the same loading as a DNS server? > Masataka Ohta wrote: > Wrong. No. _you_ are wrong, Dan is right, it's a glorified DNS server that instead of resolving names to addresses resolves names to addresses + ports. In case of P2P, there is also the load associated with searches. So, two hosts behind NAT can't talk if they don't have a port open can they? Here's how it works: - Dan and Michel are two hosts behind NAT. They both use the same P2P app. Both their NAT boxes are default config, no ingress open. - Dan wants to download the file "unforgiven.mp3" that Michel has. - Michel opens a connection to the P2P server. - Michel to P2p server: I have "unforgiven.mp3" - Dan opens a connection to the P2P server. - Dan to P2P server: search "unforgiven.mp3" - P2P server to Dan: Michel has it, his IP address is M.I.P.A (P2P server knows Michel's public address as being the src address on Michel's open session) - Dan to Michel: UDP packet, src port randomA, dst port randomB, "hello". (this packet is discarded at Michel's NAT but opens the NAT hole on Dan's NAT). - Dan to P2P server: tell Michel that I need to talk on randomA, randomB. - P2P server to Michel: BTW, Dan at IP D.I.P.A needs to talk to you on randomA, randomB. - Michel to Dan: UDP packet, src port randomB, dst port randomA, "hi there, what is the name of the pirated mp3 you want?". (this opens the NAT hole on Michel's NAT _and_ does reach Dan's host, as the hole was opened before). - Dan to Michel (direct, now goes through): "unforgiven.mp3" Voila. If you don't understand/can't code what's above, don't worry: I know plenty of 16-years-old that can code it for me in exchange for the latest 60GB mp3 player. Michel. P.S. I never had "unforgiven.mp3". Metallica is not the kind of stuff I listen to.