Headwind Remote server behind a NAT

Some cloud hostings do not provide an external net interface, however Headwind Remote can work behind a NAT

What is NAT?

To be able to serve requests from Internet, your server must have a public IP address. There are two ways how the access to the server from Internet can be set up:

  • The external IP address is set up directly on a host as a network interface;
  • The traffic from Internet is forwarded to the host from some router.

The most hosting providers allow you to set up an external network interface on your host. However some providers like AWS and Oracle hide your host behind a NAT (a second solution).

NAT is an acronym for Network Address Translation.

Strictly speaking, using an intermediate router is a better solution. The hosting provider delegates the network security and scaling functions to his network infrastructure, so you can concentrate on your service without spending your time on secondary tasks. Therefore, in the future, we can expect growing popularity of NAT-ed servers.

Is my host behind a NAT?

To check whether your host is behind a NAT, you can perform a simple test consisting of two steps.

Get the IP address of your domain name. On some computer (but NOT from the host itself!), run the command:

ping your-domain.com

You will get an IP address consisting of 4 numbers separated by dots.

Get IP address by ping

Note that Headwind Remote currently works with IPv4 only (no IPv6 support), so if you see something different (8 groups of hexadecimal characters separated by semicolons), please contact your hosting provider and ask how to get an IPv4 address.

Find this IP address among your network interfaces. On your host, run the command:

ip -c a

You must get a bunch of info, also containing IP addresses.

Show network interfaces

If you found your public IP address among those displayed by the ip command, then your server is not behind a NAT. Just continue with the straight setup flow.

If you didn’t find your public IP address, then your server is NAT-ed. Fortunately Headwind Remote works well behind a NAT, you just need to perform some additional steps to configure the software.

Headwind Remote configuration for NAT

Headwind Remote uses UDP to send commands and retrieve screencast from the device. UDP services protected by NAT use Interactive Connectivity Establishment (ICE) to establish connections with clients. ICE uses random UDP ports, so you are required to allow all incoming and outgoing UDP traffic to your host. In most cases, allowing UDP traffic is safe, but we still recommend to consult your cybersecurity engineer before doing that.

To configure Headwind Remote behind a NAT, you need to know your public IP address (you already determined it by the above tests).

Add the following parameters to your config.yaml file:

nat: true
public_ip: "your public IP here"

for example,

nat: true
public_ip: "77.222.59.36"

After making changes, run the command in the Headwind Remote root directory:

./install.sh

This will make your remote access server working behind a NAT.