Concept/algorithm Networking Programming

PWNAT : Example

I am having trouble to run PwNAT successfully. The problem was created due to sample provided on official site. Here is how you should run it for case

Machine A (IP: -> NAT A (IP: 122.x.x.x) -> Internet -> NAT B (IP: 59.x.x.x) -> Machine B (

Now if Machine A wants to connect to Machine B and want to access Machine B’s Webserver. Here is what you do

Machine B is a Server in our case so run server here:

#./pwnat.exe -s 2222

Now on Machine A run this

#./pwnat.exe -c 2222 59.x.x.x 2222 localhost 80

Let me explain which values came from what.

First for server:

If you do not define the local IP, and define something like which is ANY IP for machine, then PwNAT do not send the correct IP through NAT A and hence NAT A never forward any incoming request to you. So server IP must be your machine main IP or LAN IP that is connected to NAT A router. IF you have multiple IP Only specific the IP that NAT A router can understand, otherwise it will fail for sure.

You can define any port by since pwnat use 2222 as default I use that

Now on client, I again define Local IP that is understand by NAT B, to avoid any confusion, but here it can be anything because it is used for Tunnel and hence it will not interact with NAT. Port is again any random port you want. Later we define the NAT B Server’ IP because we want to make sure we send Packet to that router. hence we use 59.x.x.x IP. Please note that while establishing connection PWNAT do not use any port. Now Proxy Port is 2222 this should be the same port that server is open. Otherwise connection won’t happen for obvious reason.

Localhost and port 80 is Domain or IP where you want to get connected through NAT traversal Proxy.

I will try to write a code in .NET library but for now. I will use my NMAKE complied copy of pwnat 0.3 beta version. Yes I compile it using NMAKE without Cygwin and it works superb on my windows 7 machine.

By Sumit Gupta

Sumit Gupta, a developer by choice.

28 replies on “PWNAT : Example”

I try to run Pwnat on same public ip for multiple machine and I found that we need to use complete different set of ports for each instance within same network. i.e. if a Machine A use at 2000 then machine B with IP should use 3000. However it is not consistent for me, i.e. I not always get connected in this case.

hello !
so the client MUST use pwnat to connect to pwnat’server too ? If yes , so that’s a big problem, ’cause if I want to make a website server on the computer behind nat , every client has to use pwnat ???

I’m a little confused. I have Machine1 behind NAT1 and Machine2 behind NAT2. Machine1 is hosting a page on port 8080. How would I use pwnat to access Machine1’s hosted page from Machine2?

@Corey, the above example demostrate exactly that case. so in your case you can simple change the command to run on Machine A from

pwnat.exe -c 2222 59.x.x.x 2222 localhost 80


pwnat.exe -c 2222 59.x.x.x 2222 localhost 8080


Thanks for making this example, however, I want to use an SSH server on machine B. This is still possible, right?

Thanks in advance!

Great example. I wonder… because you can specify the remote host name, could you contact other hosts on the server network? Instead of specifying “localhost 22” to access a remote SSH server, could you specify “192.168.1.X 22” to attempt to contact 192.168.1.X on the server’s local subnet? If so, you could essentially use a pwnat server as a port forwarding service to access the entire subnet!

Yes you can use IP address as well. However I do not agree to use PWNAT as port forwarder in realtime. It send lot of packets that make no sense in real world and it will clog your network uselessly. Plus PWNAT in my test wasn’t 100% success, so you can test and see if it is usable to you.

I tried the above example like you did but with no luck. That is what i had and what it did:
– 2 PCs (Windows 7) behind different NATs
– No firewalls (no local and no network firewall)

Server side (internal IP:; external IP: with a webserver on port 80
Command: pwnat.exe -s 2222

Output: Listening on UDP (looked quite well)

Client side: (IP:
Command: pwnat.exe -c 2222 2222 locahlost 80

Output: Listening on TCP (something like that)

So now i tried to connect to port 2222 at ( in the browser at the client side. Something like a time out appeared and it blocked nearly the whole internet traffic so that i was not able anymore to control the machine via TeamViewer.

I even used 80 instead localhost 80 but no difference. Neither an output at the client side nor at the server side was given. Did i make anything wrong?

Hey, I cannot really tell much, as I too see those uncertaininty in pwnat’s operation. I really never use it for my purpose as it never is 100% reliable, but I guess it is only 50-60% reliable way. Though did you try to use different port on Client machine, you try to open 2222 on client machine as well, this can confuse the NAT device if they are on same NAT.

Also, when you try to connect to LAN server don’t use 91.xx IP it most probably don’t work, but use that ip only if you are on different networks. Hope that information helps.

Also, if you are trying to use Teamviewer that it do not need pwnat, as Teamviewer works on it’s internet server configuration. I use teamviewer over NAT a lot and it never had problem. just use it directly.

Hi Sumit,

I want to test pwnat but I no longer have access to the MS dev environment to build the Windows exe. Can you share yours? Pls email.


Great article!
You mentioned that you are planning to write .NET library. Have you succeeded and willing to release the source? I need this to use in my project, and if I don’t find I will have to probably do it by my own

Nope, I didn’t write .net version of it. The reason was simple it doesn’t work for me and hence I opt out of it. If you can I suggest instead try using IPv6 based communication and it work same as this.

Thanks for the reply and suggested work around. The problem is that not everyone own IPv6 address yet or I am not up to date with news about IPv6.

Well, I am not sure where you are going to use it. But IPv6 is available on all machine that are released after Vista release. Vista onwards all Microsoft OS has IPv6 preinstalled. and on Linux again it become part of most computer back in 2010 or before. I am sure if your client machine are modern then 90% of chance is that they have ipv6 enable.

Well, I use IPv6 and it works for my cause fine. Second, if OS or router in between didn’t have IPv6 then those packet goes over to IPv4 and it will work. You can try it!!!

PwNat was never 100% success. The alternative that works for me almost 100% is using IPv6. If you can based your application using IPv6 it works behind NAT router and works smooth without any configuration changes in router or network settings (as long as IPv6 is not intentionally blocked). All modern OS version use it.

Comments are closed.