Bob has been running the same Friday night D&D game for over ten years now. Sure, players have come and gone, but as far as Bob is concerned, it's been one very long adventure. Several months ago Bob had a good idea: use the resources of the Internet to bring those players that were no longer in South Florida the ability to game at his table once again by using a combination of webcams, microphones and software to instantiate a “virtual gaming table.”
It's been a valiant effort but it's not quite there yet. And I'm not sure if it ever will be there. Not if the phone and media companies have their say in how the Internet works. We've gone from a time when all computers were equal, to where all computers are equal, just some more than others. And nowhere is this more evident than Bob's network.
The Internet today is a vastly different creature than the Internet of even ten years ago. Back in 1993 all computers on the Internet were peer-to-peer. Automatic configuration via DHCP was documented in October of that year and due to a perceived lack of IP addresses NAT was documented in May of 1994. Now most networks exist behind firewalls that NAT and it's rare for TCP/IP to be hand configured anymore thanks to DHCP. And most consumer grade TCP/IP router equipment automatically assumes you want both NAT and DHCP.
Fine if you don't care, or have a typical setup, or don't really care about being a full peer on the Internet. But Bob doesn't have a typical setup, and (even if he doesn't realize it) he needs to be a full Internet peer. But it's the consumer equipment that he has that makes this all the more fun (yea, right, ha ha!).
He has a DSL router, which prior to some mucking last month, was acting as a firewall/NAT/DHCP server, but was configured to be just a bridge, because the next piece of equipment in line required that it have the public IP address, so now it is the firewall/NAT/DHCP server. It is then plugged into Bob's WAP/switch, which, because it too is a piece of consumer electronics, is also a firewall/NAT/DHCP server and it's into that that Bob's computer is plugged into. And it's Bob's computer that is running a specialized service that the Internet players need to communicate with.
So, we have:
And it's worse than it appears. All the computers are behind the second NAT system, and first NAT system uses one private network while the second NAT uses a different private network. So while the first NAT system can forward traffic, it can't forward it directly to Bob's main computer because it's on a completely different network that the first NAT system can't route to. The best it can do is forward it to the second NAT system. And I couldn't get that to forward the traffic.
After struggling, the obvious solution is to put Bob's computer behind the first NAT, and leave the laptops behind the WAP. And to do that, he has to get a separate network switch (and not use the one in the WAP). I told him not to install the switch until I get back there to configure this entire mess since I seem to be the only one there at the table that understands all this crap.
Not that I mind; it's just that TCP/IP was never supposed to be this difficult.