CGHMN NAT and Firewalls

From Cursed Silicons Wiki
Revision as of 22:25, 25 October 2025 by CursedSilicon (talk | contribs) (Still a WIP but this is as much as I could write before sickness took over and I passed out)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Compu-Global-Hyper-Mega-Net (CGHMN) exists in a difficult kind of space. We aim to emulate "the old web". A time of roughly 1995 to around 2005 or so. Before "Web 2.0" took off.

At time of writing that might not sound like too big a problem. After all, Windows 10 came out in 2015 and now it's 2025. But your 4th gen Core i7 PC is still perfectly usable. Just install Linux, right?

Unfortunately for us now we live at the end of history. In 1995 however the "World Wide Web" was in its infancy in such a way that every single year brought quantum technological leaps over the previous year. By the end of the millennium we'd gone from rudimentary analog Dial-Up services to Wireless Networking being accessible to consumers (Apple's AirPort routers alone showed up in 1999)

However on a technical level this began to create severe technical issues. The internet as it was originally designed assumed simple "end-to-end" connectivity. Every computer on the internet could (more or less) talk to another computer without exception.

This created two major problems.

The first one was IP exhaustion. Even by the 1990's there was an understanding that there simply wouldn't be enough IP addresses for everyone on the internet. This needed to be fixed, and fast! This lead to IPv6 as an evolutionary upgrade (a problem the internet still struggles to even deploy in 2025, despite being ratified in 1998)

The second, and much more obvious problem was security. By the year 2000 it was obviously apparent that every machine being able to talk to every other machine on Earth was a problem. Particularly when the dominant operating system these machines ran was what could be charitably described as..."not great" in terms of security. In the 2000's this would only escalate as the "ILOVEYOU" worm gave way to some of Windows XP's greatest hits, Blaster, Sasser, Mydoom, Nimda and Conficker. Among others.

A fortunate side-effect at the time of the explosive growth of computers on the internet was the institution of "Network Address Translation" or "NAT". In laymans terms this allows a bunch of computers to all sit behind a single IP address using a device such as a router. This technology is so ubiquitous that even in 2025 at time of writing it's still the defacto standard for computers and other devices to access the modern internet through.

However, this technology came at a cost. The internet was originally predicated on the idea that every computer had its own, unique, IP address. NAT removed that assumption. And, in doing so, programs broke. Sometimes completely with services like FTP, sometimes in subtle ways. Like being unable to connect certain game players in a StarCraft lobby.

The problem that NAT inadvertently introduced was that while "outbound" traffic would work fine. Such as you connecting to a website. If a program needed to receive data on your local computer, it could no longer simply sit and wait for a connection from a remote PC. An example would be AOL Instant Messenger (AIM). Chats between users are routed through a remote server. However to save on bandwidth, sending files happens directly between users. If user A is behind NAT. User B won't be able to "see" the computer and send data to it as desired.

The "solution" to this problem is known as Port Forwarding. You tell your router that [these ports] *always* go to "this PC on the LAN" exclusively.

Retrieved from "https://wiki.cursedsilicon.net/index.php?title=CGHMN_NAT_and_Firewalls&oldid=290"