Re: connect directly to another computer bypassing firewalls using a third server
On Sun, 21 Apr 2013 23:59:00 -0700
Rick Thomas <rbthomas@pobox.com> wrote:
> Alberto,
>
> What you want to do is possible. In particular, skype and bittorrent do it.
>
> As I understand it, they make use of a server with a public IP address. I'm not going to get it exactly right, but the general idea is this:
>
> Two clients, A and B, both behind NAT firewalls. Server, S, with a public IP, i.e. *not* behind NAT.
>
> A calls S and says I want to talk to B. (This is possible because the call is originated inside A's NAT)
> At approximately the same time, B calls S and says I'm willing to talk to A. (Possible because call is originated inside B's NAT)
>
> Server tells each of A and B (over the connections each of them have open with S) in exactly 1 second (or whenever) from receiving this packet, try to open a connection to your opposite number on port 40000 (or whatever).
>
> With luck, each NAT will receive and act upon the outgoing request to setup the connection *before* it receives the incoming request. So by the time the incoming request is received, the channel will be open and ready to receive.
>
> If it doesn't work the first time, try again with slightly different timing.
>
> Keep trying until it does work -- or you get tired and quit.
>
> The result is a direct connection between A and B, which *both* NATs see as having been started from inside.
>
> The server, S, is only involved for a brief time at the beginning.
>
> Other than skype and bittorrent, I'm not aware of any packages that do this. Neither of them are directly useful for your purposes.
>
> It's possible that nat-traverse is a general purpose implementation of this trick, but I haven't read the documentation, so I can't say for sure.
Yes: http://m19s28.dyndns.org/iblech/nat-traverse/#technique
General discussion:
http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html
Celejar
Reply to: