March 14, 2026
Punching NATs, taking ports
A most elegant TCP hole punching algorithm
Reddit melts down over a “no-setup” router hack: genius shortcut or chaos waiting to happen
TLDR: A clever clock-based trick lets two devices behind home routers connect without extra servers, mainly for testing. Commenters split between praising the clean idea, doubting it works on many routers, and blasting that the real problem is routers breaking direct connections.
An engineer drops a slick trick to make two computers talk through home routers without extra servers: both sides glance at the clock, pick the same secret “bucket,” then auto-select matching ports, and try to meet in the middle. It’s meant for testing, not world peace—yet the comments turned it into a full-on internet philosophy fight. Fans cheered the back-to-basics vibe. “Determinism is back, baby,” crowed one, with sholladay loving that it’s clean logic in an AI-blurry world. Others flexed standards lore: jcalvinowens waved RFC 9293 to say you don’t even need a listener if both connect at once—mic drop. But skeptics dragged it. athrowaway3z called the overlap of required conditions “tiny,” joking the Venn diagram looks like a dot. Real-world pain spilled in too: EnigmaCurry said pfSense routers blow up the “same port inside and out” assumption—aka the party trick this relies on. And then came the big mood: Veserv torched the entire idea of punching holes through routers, calling it an “idiotic own-goal” and arguing the real fix is ditching the address-sharing mess that breaks direct connections in the first place. TL;DR: elegant hack vs reality check vs “burn NAT to the ground.”
Key Points
- •The article proposes a deterministic method to test TCP hole punching without external infrastructure such as STUN, NAT enumeration, or NTP.
- •A shared “bucket” is computed from the UNIX timestamp with allowances for clock skew to synchronize peers without communication.
- •Using the bucket as a PRNG seed, both sides generate identical lists of candidate ports, assuming NATs that preserve source ports (equal delta mapping).
- •Specific socket options (SO_REUSEADDR and SO_REUSEPORT) are required; closing sockets can send RST and disrupt NAT mappings, so sockets must be kept open.
- •The method prioritizes simplicity and testability over universal coverage, acknowledging variability in NAT behaviors and potential port binding collisions.