0

I would like to setup a network connection (RTP or UDP) between two computers at different locations, each of which is behind a NAT modem/firewall. I do not want any modification of the firewalls.

My working assumption is that I need a bot somewhere that both computers can reach (eg a shell account on an internet server). Each computer connects out to the bot and the bot allows the two computers to update and query status and to exchange data.

This is ok as far as it goes, but it means that all data travels via the bot. Is there a way I can connect the two computers without the bot, or failing that, allow the bot to drop out of the data exchange once a connection has been setup? My feeling is that there is no way to do this, but my TCP/IP is a bit rusty...

William Morris
  • 3,554
  • 2
  • 23
  • 24
  • possible duplicate of [How do I make a TCP server work behind a router (NAT) without any redirection configuration needed](http://stackoverflow.com/questions/1511562/how-do-i-make-a-tcp-server-work-behind-a-router-nat-without-any-redirection-co) or [c++ Hole-punching UDP/RTP](http://stackoverflow.com/questions/4634780/c-hole-punching-udprtp) – Adam Liss Feb 11 '12 at 03:49
  • @Adam Liss: correct, sorry :-( – William Morris Feb 11 '12 at 13:57

1 Answers1

1

If you assume nothing on the NAT/Firewall your are correct.

Hole-Punching for example will not work with overloaded NAT (PAT) as far as I know, because the source port is randomized by the NAT device, and it maps/match both the destination public address and the picked up source port elected.

UPnP may work, but again you need to assume it exist and enabled on the NAT device.

As I see it, you got only two options if you want to be generic: 1. Configure the NAT. 2. Use a proxy (the bot you mentioned). Skype for example uses the second, but does it in a distributed manner by using every Skype client as a potential proxy (probably only if it detects it is not behind a NAT or not limited by it).

EdwardH
  • 1,523
  • 2
  • 12
  • 20
  • thanks I'll take a look at hole punching (although you indicate it will not work, I should know some more about it). Is UPnP not intended for service discovery within private networks? My scenario is over the public net. – William Morris Feb 11 '12 at 13:57
  • If I understand correctly, UPnP is used in a private network to allow negotiations between elements. In this context, to allow a client to update the router/firewall on the ports he needs to open for communication (in practice, modify the router or firewall automatically), if this is done, both clients can exchange the ports through which they can be reached (the exchange will probably occur through the Proxy). – EdwardH Feb 11 '12 at 19:03