4.3.30 · D1 · HinglishComputer Networks

FoundationsNAT traversal, VPN, tunneling

2,009 words9 min read↑ Read in English

4.3.30 · D1 · Coding › Computer Networks › NAT traversal, VPN, tunneling

Parent note ko follow karne se pehle, tumhe har word ka ek picture chahiye jo woh tumhare saath use karta hai. Yeh page har ek concept ko bilkul zero se build karta hai, ek aisi order mein jahan har idea sirf already-defined ideas use karta hai.


1. IP address kya hota hai? (the house number)

Yeh topic ko kyun chahiye? Parent note ki har trick (NAT, tunneling, VPN) in house numbers ko rewrite ya wrap karne ke baare mein hai. Agar tum number ko delivery address ke roop mein nahi dekhte, toh koi bhi rewriting samajh nahi aayegi.

Exact reserved ranges ke liye Private IP addressing dekho.

Figure dekho: kai houses ek single public mailbox street par share karte hain. Woh ek shared mailbox exactly isliye hai jab NAT (Section 3) exist karna zaroori hai — itne public numbers hain hi nahi ki sab ke liye ho sake (IPv4 exhaustion).


2. Port kya hota hai? (the room inside the house)

Yeh topic ko kyun chahiye? NAT sirf house number rewrite nahi karta — woh port bhi rewrite karta hai, aur uski poori "translation table" IP:port pairs ki list hai. STUN ka poora kaam yahi hai ki tumhe bataye "NAT ne tumhe kaun sa public room number diya?"


3. Packet kya hota hai? (the envelope)

Figure dekho: header (orange) woh label hai jo routers padhte hain; payload (teal) sealed contents hain jo woh kabhi nahi kholte. Yeh ek picture poora topic miniature mein hai — tunneling (Section 6) exactly isliye kaam karta hai kyunki routers sirf outer label padhte hain aur andar sab kuch opaque contents ki tarah treat karte hain.


4. Router kya hota hai? (the post office)

Yeh topic ko kyun chahiye? Parent note ka key sentence yeh hai: "routers only read the outer header." Yeh coincidence nahi hai — yeh definition hai ki router kya karta hai. Kyunki woh payload ignore karta hai, tum wahan poora doosra envelope chhupa sakte ho (tunneling) aur router usse khushi se carry karta hai.


5. NAT kya hota hai? (the shared front desk)

Ab hum topic ke star ko define kar sakte hain, sirf already-built words use karke.

Figure dekho — yeh ek hotel front desk hai:

  • Inside guest 192.168.1.5:51000 (private, Section 1 se) ek letter bahar deta hai.
  • Desk (NAT) guest ka room cross out karta hai aur apna own public address 203.0.113.9:40000 likhta hai, phir swap table mein record karta hai.
  • Jab :40000 ke liye reply aata hai, desk table lookup karta hai aur room 51000 ko forward karta hai.

Full behaviour ke liye NAT dekho, aur Firewalls / Port forwarding ke liye ki tum deliberately permanent hole kaise punch karte ho.


6. Encapsulation kya hota hai? (envelope inside an envelope)

Parent note ise aise likhta hai:

Yahan do symbols samajhne hain:

  • ka matlab concatenation hai — "inhe bytes ko ek doosre ke next stick karo, is order mein." Yeh multiplication nahi hai; yeh gluing hai. = ke bytes immediately phir ke bytes.
  • sirf header ke liye stand karta hai. = naaya bahari label; = original label, ab andar sealed jahan routers nahi padhenge.

Yeh topic ko kyun chahiye? Kyunki ek private 10.x address (Section 1) public Internet par meaningless hai — lekin agar tum us packet ko ek outer envelope mein wrap karo jo ek real public IP par addressed hai, toh har router (Section 4) sirf outer label padhta hai aur deliver kar deta hai. Doosre end par wrapper peel off hota hai aur original intact nikal aata hai. Yahi tunneling hai, 6in4 hai, aur ek VPN ka mechanical heart hai.


7. MTU kya hota hai? (the biggest envelope the mailbox accepts)


8. Yahan "encrypted" ka matlab kya hai? (the sealed, tamper-proof envelope)

Topic ko dono kyun chahiye? Ek plain tunnel (Section 6) kuch hide nahi karta — wire padhne wala koi bhi inner envelope dekh sakta hai. Ek VPN encryption (outsiders padh nahi sakte) aur authentication (outsiders tunnel mein letters forge nahi kar sakte) add karta hai:

Real machinery IPsec, TLS, aur WireGuard mein milegi; WebRTC NAT-traversal wala half use karta hai.


Prerequisite map

IP address = house number

Port = room number

Private vs public IP

Packet = header + payload

Router reads outer header only

NAT rewrites source IP port

Encapsulation = envelope in envelope

MTU shrinks the inner envelope

VPN = tunnel + encryption + auth

Encryption and authentication

4.3.30 NAT traversal VPN tunneling

Arrows ko parent tak follow karo: full topic neeche baitta hai, upar ke har foundation se fed hokar.


Equipment checklist

Ek IP address kya hota hai
ek number jo ek machine identify karta hai (ek house number); packets ise apni destination dhundne ke liye use karte hain.
Port kya hota hai
ek number jo pick karta hai ki machine par kaun sa program packet receive karta hai (house ke andar ka room).
Public aur private IP mein difference
public globally routable aur unique hota hai; private (192.168.x / 10.x) sirf apne network ke andar meaningful hota hai aur har jagah reuse hota hai.
Packet ke do parts
header (address label jo routers padhte hain) aur payload (sealed contents jo woh nahi padhte).
Router payload ke saath kya karta hai
kuch nahi — woh sirf outer header padhta hai aur forward karta hai; payload uske liye opaque hota hai.
NAT kya rewrite karta hai
outgoing packets ka source IP:port, apne own public IP:port se, swap ko translation table mein store karke.
NAT unsolicited incoming packets kyun block karta hai
table row tabhi banti hai jab inside host pehle bhejta hai, isliye outsider ka packet koi row match nahi karta aur drop ho jaata hai.
Encapsulation/tunneling ka matlab
ek poore packet (header + payload) ko ek naaye outer packet ka payload banake wrap karna.
Symbol ka matlab
concatenation — bytes ko order mein ek doosre ke next glue karna, multiplication NAHI.
MTU, aur tunnel use kaise change karta hai
ek link jo sabse bada packet accept karta hai; tunnel ka outer header h usse subtract hota hai, isliye MTU_inner = MTU_path − h.
Ek VPN ke teen ingredients
encapsulation (routing) + encryption (secrecy) + authentication (no forgery).