CGHMN NAT and Firewalls: Difference between revisions

From Cursed Silicons Wiki
Jump to navigation Jump to search
Newer edit →
VisualWikitext
Still a WIP but this is as much as I could write before sickness took over and I passed out
 
No edit summary
Line 1: Line 1:
[[Compu-Global-Hyper-Mega-Net|Compu-Global-Hyper-Mega-Net (CGHMN)]] exists in a difficult kind of space. We aim to emulate "the old web". A time of roughly 1995 to around 2005 or so. Before "Web 2.0" took off.
[[Compu-Global-Hyper-Mega-Net|Compu-Global-Hyper-Mega-Net (CGHMN)]] exists in a difficult kind of space. We aim to emulate "the old web". A time of roughly "1995 to around 2005 or so". Before "Web 2.0" took off. Though, really we support anything that speaks ethernet and (usually) TCP/IP. We've had devices as old as a DOS 286 PC clone connected successfully.


At time of writing that might not sound like too big a problem. After all, Windows 10 came out in 2015 and now it's 2025. But your 4th gen Core i7 PC is still perfectly usable. Just install Linux, right?


Unfortunately for us now we live at the end of history. In 1995 however the "World Wide Web" was in its infancy in such a way that every single year brought quantum technological leaps over the previous year. By the end of the millennium we'd gone from rudimentary analog Dial-Up services to Wireless Networking being accessible to consumers (Apple's AirPort routers alone showed up in 1999)
Unfortunately for us now we live at the end of history. In 1995 the "World Wide Web" was in its infancy in such a way that every single year brought quantum technological leaps over the previous year. By the end of the millennium we'd gone from rudimentary analog Dial-Up services to ''Wireless Networking'' being accessible to consumers (Apple's AirPort routers alone showed up in 1999)


However on a technical level this began to create severe technical issues. The internet as it was originally designed assumed simple "end-to-end" connectivity. Every computer on the internet could (more or less) talk to another computer without exception.
However on a technical level this began to create severe issues. The internet as it was originally designed assumed simple "end-to-end" connectivity. Every computer on the internet could (more or less) talk to another computer without exception.


This created two major problems.
 
'''This created two major problems.'''


The first one was IP exhaustion. Even by the 1990's there was an understanding that there simply wouldn't be enough IP addresses for everyone on the internet. This needed to be fixed, and fast! This lead to IPv6 as an evolutionary upgrade (a problem the internet still struggles to even deploy in 2025, despite being ratified in 1998)
The first one was IP exhaustion. Even by the 1990's there was an understanding that there simply wouldn't be enough IP addresses for everyone on the internet. This needed to be fixed, and fast! This lead to IPv6 as an evolutionary upgrade (a problem the internet still struggles to even deploy in 2025, despite being ratified in 1998)


The second, and much more obvious problem was security. By the year 2000 it was obviously apparent that every machine being able to talk to every other machine on Earth was a problem. Particularly when the dominant operating system these machines ran was what could be charitably described as..."not great" in terms of security. In the 2000's this would only escalate as the "[https://en.wikipedia.org/wiki/ILOVEYOU ILOVEYOU]" worm gave way to some of Windows XP's greatest hits, [https://en.wikipedia.org/wiki/Blaster_(computer_worm) Blaster], [https://en.wikipedia.org/wiki/Sasser_(computer_worm) Sasser], [https://en.wikipedia.org/wiki/Mydoom Mydoom], [https://en.wikipedia.org/wiki/Nimda Nimda] and [https://en.wikipedia.org/wiki/Conficker Conficker]. Among others.


A fortunate side-effect at the time of the explosive growth of computers on the internet was the institution of "Network Address Translation" or "NAT". In laymans terms this allows a bunch of computers to all sit behind a single IP address using a device such as a router. This technology is so ubiquitous that even in 2025 at time of writing it's still the defacto standard for computers and other devices to access the modern internet through.  
The second, and much more obvious problem was security. By the year 2000 it was obviously apparent that every machine being able to talk to every other machine on Earth was a problem. Particularly when the dominant operating system these machines ran was what could be charitably described as..."not great" in terms of security. In the 2000's this would only escalate as the "[[wikipedia:ILOVEYOU|ILOVEYOU]]" worm gave way to some of Windows XP's greatest hits, [[wikipedia:Blaster_(computer_worm)|Blaster]], [[wikipedia:Sasser_(computer_worm)|Sasser]], [[wikipedia:Mydoom|Mydoom]], [[wikipedia:Nimda|Nimda]] and [[wikipedia:Conficker|Conficker]]. Among others.
 
A remedy proposed in the 1990's to the issue of IP exhaustion was "Network Address Translation" or "NAT". In layman terms this allows a bunch of computers to all sit behind a single IP address using a device such as a router. This technology is so ubiquitous that even in 2025 at time of writing it's still the defacto standard for home and business computers and other devices to access the modern internet
 
'''''However,''''' this technology came at a cost. The internet as most folks imagine (or remember it) was originally built on the idea that every computer had its own, unique, IP address. NAT broke that assumption. And, in doing so, programs broke. Sometimes completely with services like FTP, sometimes in subtle ways. Like being unable to connect certain game players in a StarCraft lobby.
 
 
The problem that NAT introduced was that while "outbound" traffic would work fine. Such as you connecting to a website. If a program needed to ''receive'' data on your local computer, it could no longer simply sit and wait for a connection from a remote PC. An example would be AOL Instant Messenger (AIM). Chats between users are routed through a remote server. You and the Other User talk to a central server and it handles sending messages to-and-fro. ''However'' to save on bandwidth, sending files happens directly between users. If either user is behind NAT. They won't be able to "see" the remote computer and send data to it as desired.


'''''However,''''' this technology came at a cost. The internet was originally predicated on the idea that every computer had its own, unique, IP address. NAT removed that assumption. And, in doing so, programs broke. Sometimes completely with services like FTP, sometimes in subtle ways. Like being unable to connect certain game players in a StarCraft lobby.  
The "solution" to this problem is known as '''''Port Forwarding'''''. You tell your router that [these ports] *always* go to [this IP address on the LAN] exclusively. This (mostly) solved the problem at the time. Additional solutions were proposed such as "UPnP" to allow programs to ask the router to forward ports for them dynamically. However, support for this was few-and-far-between (mostly BitTorrent clients) and in time it faded into oblivion.  


The problem that NAT inadvertently introduced was that while "outbound" traffic would work fine. Such as you connecting to a website. If a program needed to receive data on your local computer, it could no longer simply sit and wait for a connection from a remote PC. An example would be AOL Instant Messenger (AIM). Chats between users are routed through a remote server. However to save on bandwidth, sending files happens directly between users. If user A is behind NAT. User B won't be able to "see" the computer and send data to it as desired.


The "solution" to this problem is known as '''''Port Forwarding'''''. You tell your router that [these ports] *always* go to "this PC on the LAN" exclusively.
As stated before, we live at the end of history however. Which means we've got historical hindsight on the problems that existed

Revision as of 14:42, 26 October 2025

Compu-Global-Hyper-Mega-Net (CGHMN) exists in a difficult kind of space. We aim to emulate "the old web". A time of roughly "1995 to around 2005 or so". Before "Web 2.0" took off. Though, really we support anything that speaks ethernet and (usually) TCP/IP. We've had devices as old as a DOS 286 PC clone connected successfully.


Unfortunately for us now we live at the end of history. In 1995 the "World Wide Web" was in its infancy in such a way that every single year brought quantum technological leaps over the previous year. By the end of the millennium we'd gone from rudimentary analog Dial-Up services to Wireless Networking being accessible to consumers (Apple's AirPort routers alone showed up in 1999)

However on a technical level this began to create severe issues. The internet as it was originally designed assumed simple "end-to-end" connectivity. Every computer on the internet could (more or less) talk to another computer without exception.


This created two major problems.

The first one was IP exhaustion. Even by the 1990's there was an understanding that there simply wouldn't be enough IP addresses for everyone on the internet. This needed to be fixed, and fast! This lead to IPv6 as an evolutionary upgrade (a problem the internet still struggles to even deploy in 2025, despite being ratified in 1998)


The second, and much more obvious problem was security. By the year 2000 it was obviously apparent that every machine being able to talk to every other machine on Earth was a problem. Particularly when the dominant operating system these machines ran was what could be charitably described as..."not great" in terms of security. In the 2000's this would only escalate as the "ILOVEYOU" worm gave way to some of Windows XP's greatest hits, Blaster, Sasser, Mydoom, Nimda and Conficker. Among others.

A remedy proposed in the 1990's to the issue of IP exhaustion was "Network Address Translation" or "NAT". In layman terms this allows a bunch of computers to all sit behind a single IP address using a device such as a router. This technology is so ubiquitous that even in 2025 at time of writing it's still the defacto standard for home and business computers and other devices to access the modern internet.

However, this technology came at a cost. The internet as most folks imagine (or remember it) was originally built on the idea that every computer had its own, unique, IP address. NAT broke that assumption. And, in doing so, programs broke. Sometimes completely with services like FTP, sometimes in subtle ways. Like being unable to connect certain game players in a StarCraft lobby.


The problem that NAT introduced was that while "outbound" traffic would work fine. Such as you connecting to a website. If a program needed to receive data on your local computer, it could no longer simply sit and wait for a connection from a remote PC. An example would be AOL Instant Messenger (AIM). Chats between users are routed through a remote server. You and the Other User talk to a central server and it handles sending messages to-and-fro. However to save on bandwidth, sending files happens directly between users. If either user is behind NAT. They won't be able to "see" the remote computer and send data to it as desired.

The "solution" to this problem is known as Port Forwarding. You tell your router that [these ports] *always* go to [this IP address on the LAN] exclusively. This (mostly) solved the problem at the time. Additional solutions were proposed such as "UPnP" to allow programs to ask the router to forward ports for them dynamically. However, support for this was few-and-far-between (mostly BitTorrent clients) and in time it faded into oblivion.


As stated before, we live at the end of history however. Which means we've got historical hindsight on the problems that existed

Retrieved from "https://wiki.cursedsilicon.net/index.php?title=CGHMN_NAT_and_Firewalls&oldid=291"