使用STUN打孔 [英] Hole punching using STUN
问题描述
我目前正在尝试通过Internet发送UDP消息,并且必须为端点A和B(都位于NAT之后)设置防火墙.为此,我想通过STUN服务器使用打孔.
I'm currently trying to send UDP messages over the internet and have to set up the firewalls for both endpoints A and B (which are both behind a NAT). To do this, I want to use hole punching using a STUN server.
当A向STUN服务器创建请求时(例如,私有:85.1.1.12:6000,公共:173.194.78.127:19302),我得到85.1.1.12:6000作为响应.如果我要将数据包从相同的原始配置(用于STUN请求的原始IP和端口)发送到任何其他目标地址(目标端口保持不变),那么我的NAT将再次更改公用端口( (从6000到其他).我发现对两个不同的STUN服务器请求使用相同的地址端口配置(两个请求都使用端口19302).
When A creates a request to the STUN server (say, private: 85.1.1.12:6000 and public: 173.194.78.127:19302) I get 85.1.1.12:6000 as a response. If I were to send a packet from the same origin configuration (same origin ip and port that were used for the STUN-request) to any other destination address (the destination port stays the same) then my NAT would change the public port again (from 6000 to anything else). I found out by using the same address-port configuration for two different STUN server requests (using port 19302 for both requests).
像这样,我无法知道将数据包发送到B时我的NAT转换了哪个端口(B无法接收任何东西,因为它的防火墙未设置).
Like this, I have no possibility of knowing what port my NAT does the translation when sending a packet to B (B can't receive anything because its firewall is not set up).
这是因为我的NAT类型与打孔不兼容,还是我弄错了概念?
Is this because my NAT type is not compatible for hole punching or did I get the concept wrong?
谢谢!
推荐答案
85.1.1.12:6000不是您的私有IP地址.它是您NAT的公共/外部IP:端口.专用IP是您的PC/设备的接口地址.
85.1.1.12:6000 is not your private IP address. Its your NAT's public/external IP:Port. Private IP is your PC/Device's interface address.
根据您的情况,我猜您有一个对称NAT.在对称NAT中,每次将某些数据包发送到另一个目标时,NAT的公共端口都会更改.如果您的目的地保持不变,那么NAT的公共IP:端口也将保持不变.
From your scenario I am guessing you have a symmetric NAT. In Symmetric NAT, your NAT's public port changes every time you send some packets to a different destination. If your destination remains same then the NAT's public IP:Port also remains same.
对于其他类型的NAT,如果您的私有IP不变,那么无论您将数据包发送到哪里,您的NAT公用IP:port(在您的情况下为85.1.1.12:6000)都将保持不变.
For other types of NAT if your private IP doesn't change then it doesn't matter where you send your packets, your NATs public IP:port (in your case 85.1.1.12:6000) will remain same.
如果一侧具有**对称NAT,而另一侧具有对称/PRC NAT,则无法进行孔打孔.
Hole punching is not possible if one side has **Symmetric NAT and other side has Symmetric/PRC NAT.
**通过对称NAT,我的意思是对称NAT,它提供了随机的端口分配.
**By Symmetric NAT I mean Symmetric NAT which gives random port allocation.
这篇关于使用STUN打孔的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
