Jim Rees wrote: > Unfortunately, switching to tcp will not solve your NAT problems. > NATs drop their mappings from internal addr/port to external port > equally for both both udp and tcp. > > I don't believe that's true for most nats. The one I use at home has a one > day timeout for tcp, and 60 seconds for udp. Linksys firewall/routers have > a two hour tcp timeout, and much shorter udp (I don't know the exact > number). I suspect most commercial nats are similar. I've seen timeouts as > short as 30 seconds for udp.
I have found that with the Linksys routers that SSH sessions drop after 10 or 15 minutes of being idle if the server decides it wants to send data to the client. It may be that the NAT will allow the client to re-use the same external port if it sends data, but the mapping is certainly removed in the in-bound direction after a relatively short period of time. > There is apparently a protocol called something like "nat upnp" that some > gnutella clients use to set up service mappings on nat boxes. Last time I > looked at it, I thought using it for afs would be killing a flea with a > sledgehammer, but maybe we should look into it. The Linksys devices do support UPNP as does Windows. I have found that network performance when UPNP is used to manage the outbound connections suffer significantly. At least with the Linksys implementations. Therefore, I turn it off. I have not seen the spec and I do not know how feasible it would be to implement it as part of the application when the OS is already supporting it directly. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
