防火墙和NAT之后的P2P消息传输 [英] P2P message transfer behind firewalls and NAT

问题描述

我有两个Java应用程序在世界上两个不同的地方的两个不同的机器上运行.这些机器可以位于NAT之后(也可以不！).

I have two java applications running on two different machines in two different part of the world. The machines can be behind NAT (or not!).

应用程序应该传输一些数据(<500kb).

The applications are supposed transfer some data (<500kb).

我们确实有一个服务器，它可以完成所有操作(例如提供对等方的ip地址)，但是必须始终将对等应用程序中的数据传输给对等方.数据无法通过服务器路由.

We do have a server, which can do everything (like providing ip address of the peers) but the data from the applications must always be transferred peer-to-peer. The data can not be routed through the server.

我必须处理防火墙问题吗?
我必须设置端口转发吗?
我需要JXTA或JGroups吗? 我需要研究UPNP吗? 我应该研究UDP打孔吗?

Do I have to deal with firewall mess?
Do I have to set port forwarding?
Are JXTA or JGroups something that I need? is UPNP something I need to look into? is UDP Hole Punching something I should look into?

我知道我的问题有点含糊，但是请不要把我的问题写下来，我只需要向正确的方向轻推即可.随着评论/答案的不断涌入，我将尽力更好地解释！

I know my question is a bit vague, but please don't shoot my question down, I just need a nudge in the right direction. I am going to try and explain better as the comments/answers start coming in!

推荐答案

我在上面的评论中同意塞尔比的建议.

I agree with selbie's advice in the comment above.

简短的答案是，要进行对等网络，您应该对您提到的所有技术都有基本的了解.

The short answer is that to do peer-to-peer networking you should have a basic understanding of all of the technologies that you mentioned.

我必须处理防火墙问题吗?

Do I have to deal with firewall mess?

如果对等点位于NAT后面，则需要处理NAT遍历.

If the peers are behind NAT you will need to deal with NAT traversal.

我必须设置端口转发吗?

Do I have to set port forwarding?

您必须"吗?不.但是您可以考虑将其作为解决问题的方法.端口转发是一种配置防火墙的方法，以便您的对等方可以有效地进行通信，就好像它们不在防火墙后面一样.这意味着您可以像没有防火墙一样编写软件. NAT打孔是手动端口转发的替代方法.您可以将其视为自动端口转发".

Do you "have to"? No. But you could consider this as a solution to your problem. Port forwarding is a way to configure your firewall so that your peers effectively communicate as if they are not behind the firewall. This means that you can write your software as if there is no firewall. NAT hole punching is an alternative to manual port forwarding. You can think of it as "automatic port forwarding."

我需要JXTA或JGroups吗?

Are JXTA or JGroups something that I need?

对不起.我不知道这些是什么.

Sorry. I don't know what these are.

我需要研究UPNP吗?

is UPNP something I need to look into?

UPnP是一种可能的NAT穿越策略:

UPnP is one possible NAT traversal strategy:

http://en.wikipedia.org/wiki/Universal_Plug_and_Play#NAT_traversal

请注意，已知UPnP是不安全的，可能不应该启用它，例如:

Note that UPnP is known to be insecure and probably should not be enabled, see e.g.:

http://www.zdnet.com /how-to-fix-the-upnp-security-holes-7000010584/

我的印象是UPnP不是最重要的NAT遍历技术，但对于实现更大的兼容性(例如，如果STUN失败，则作为后备)，它可能是一个有用的实现.

My impression is that UPnP is not the most important NAT traversal technique, but it could be a useful one to implement to achieve greater compatibility (i.e. as a fallback if STUN fails).

我应该研究UDP打孔吗?

is UDP Hole Punching something I should look into?

您将需要NAT遍历策略. UDP打孔(STUN等)就是这样一种策略，正如selbie所说，这是一种常见的策略.还有无服务器技术(请查看SubEthaEdit使用的机制).

You will need a NAT traversal strategy. UDP Hole Punching (STUN etc.) is one such strategy, and as selbie says, it is a common one. There are also serverless techniques (look into the mechanism that SubEthaEdit uses).

完整的NAT遍历堆栈可能需要采用多种方法，以最大程度地与不同的路由器/防火墙兼容.

A full NAT traversal stack may need to employ multiple approaches for maximum compatibility with different routers/firewalls.

这篇关于防火墙和NAT之后的P2P消息传输的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！