How do I configure my Ice server for NAT?
First we should create a sample network configuration that we can use for this discussion. We'll assume that your firewall has the IP address 123.4.1.1 and that your server host is in a private network with the address 192.168.0.5. The firewall is configured to forward all network traffic from its port 7000 to port 9999 on your server's host.
If your server's object adapter is named LoginAdapter, you can configure its endpoint with the property shown below:
LoginAdapter.Endpoints=tcp -h 192.168.0.5 -p 9999
This configuration is sufficient to allow the server to receive port-forwarded requests from the firewall, but there is a potential problem: proxies created by this object adapter contain the server host's private IP address and port, which are inaccessible to clients on the other side of the firewall. In order for a client to communicate with your server, the client must use a proxy that contains the firewall's address and port.
This is not an insurmountable problem. In simple situations, where a client only uses one proxy to communicate with the server, the client can bootstrap a proxy containing the firewall's address in a number of ways, such as by calling stringToProxy or reading it from a file. However, when the server creates proxies dynamically that the client may eventually use for invocations, the object adapter requires additional configuration.
An object adapter actually has two sets of endpoints: the physical endpoints on which it listens for requests, and the published endpoints that appear in the proxies it creates. If no published endpoints are defined, then the physical endpoints are used by default. The example above illustrates why it isn't always appropriate to publish the object adapter's physical endpoints.
To correct the problem, we add a PublishedEndpoints property:
LoginAdapter.Endpoints=tcp -h 192.168.0.5 -p 9999 LoginAdapter.PublishedEndpoints=tcp -h 123.4.1.1 -p 7000
Now all of the proxies created by the object adapter will advertise the firewall's address and port.