2

I finished a P2P program in Java that is working perfectly in LAN range, and now I'm stuck at the well-known NAT traversal problem. I want to allow my users to connect to each other passing through the NAT boundaries (I know that is impossible to have a 100% about it). I've read a lot about the subject and, although I've understood the concept, I still have doubts doing a TCP hole puching.

What I want to do is to connect two clients to each other (they live under the same NAT), which ips are, respectively, 192.168.100.1 and 192.168.100.2 (they can connect to each other directly). They first connect to a PHP server through sockets at the port 80. The server register its public ips and ports, something like that:

Client 1: 200.000.000.1:1478
Client 2: 120.000.000.1:2547

And the Java sockets of each client returns, upon connection, for instance:

Client 1: Socket[addr=/xx.xx.xx.xx,port=80,localport=54632]
Client 2: Socket[addr=/xx.xx.xx.xx,port=80,localport=41789]

Id est, beyond two tcp connections open with the server through port 80, I also have the private ip, the public ip, the local port and the public port of each client. Then, that's my problem. From now on I don't know how to proceed. What I read was not very clear to me about this step.

Is necessary to have the two clients listening on public ports (1478-2547) or local ports (54632-41789)? Simultaneously making them try to connect on public or private of the other? How many other sockets I need to open? I've done some tests, but I think something is wrong (*connection refused*).

Any help will be welcome.

Sumit Singh
  • 15,743
  • 6
  • 59
  • 89
Uronosvaldo Souza Crates
  • 23
  • 2

1 Answers1

2

There are different ways to proceed.

  1. You could implement some kind of proxy. Both Clients connect to it (outside NAT-Barrier) and have it route their messages.
  2. If you want direct connections Client2Client, your users will have to open a port on their NAT-Barrier and forward it to the local IP.

That's annoying but that's also how it works.

For Client A it's useless to know Client B's local data, because he won't be able to reach it. To your last few questions: Local Client A listens on a port lets say X , then Local Client B has to connect to the public IP of Client A's network. Probably that's a router. There, the port has to be configured to be forwarded to Local Client A. That's all. If you follow possibility #1 (see above) you'll have to have a public service listening on port X, to which Clients A and B connect. Since these will be outgoing connections to a public IP, no Holepunching is needed.

Fildor
  • 14,510
  • 4
  • 35
  • 67
  • Pretty much this, you either proxy, or SNAT. Either way, SOMEONE has to be **listening** for you to open a connection. – lynks Oct 05 '12 at 12:36
  • 1
    UPnP is supported by some (many? most?) firewalls that can be used for applications to programatically request forwarding of "listen" ports. http://www.dd-wrt.com/wiki/index.php/Port_Forwarding – Brian White Oct 05 '12 at 12:51
  • Good addition, thanks. That's basically doing the forwarding-configuration of the router transparently for the user. – Fildor Oct 05 '12 at 12:55