使用c#“UDP打孔进入防火墙"将流量从端口X转发到计算机B [英] forward traffic from port X to computer B with c# "UDP punch hole into firewall"
问题描述
我需要建立一个从家里电脑到办公室电脑的 tcp 连接.
I need to establish a tcp connection from my house computer to my office computer.
办公室里有一个路由器,连接了几台电脑.该路由器有互联网,因此连接到该路由器的所有计算机也有互联网.在我的房子里,我有一台可以上网的电脑.我需要我的办公室电脑作为服务器和我的家用电脑来连接它.以前,我曾经可以通过服务器上的端口转发流量进行连接:
on the office there is a router where several computers are connected to. that router has internet therefore all the computers connected to that router have internet as well. on my house I have a computer with internet access. I need my office computer to act as the server and my home computer to connect to it. Before, I used to be able to connect by port forwarding traffic on the server as:
NATUPNPLib.UPnPNATClass upnpnat;
NATUPNPLib.IStaticPortMappingCollection mappings;
public ServerExample()
{
InitializeComponent();
upnpnat = new NATUPNPLib.UPnPNATClass();
mappings = upnpnat.StaticPortMappingCollection;
// server local IP address
mappings.Add(1300, "TCP", 1300, "192.168.150.146", true, "plsease work");
// this code tels the router to forward all tcp traffic comming from port
// 1300 to the server computer (it's lan ip address happens to be 192.168.150.146)
//...
并且我能够从我家连接.(我知道简单的方法是打开办公室路由器上的端口并将它们转发到我的计算机,问题是我无法访问办公室路由器)
and I was able to connect from my house. (I know that the simple way will be to open the ports on the office router and forward them to my computer the problem is that I do not have access to the office router)
现在他们用新的路由器替换了我办公室的路由器,我无法使用我的代码.现在,使用新路由器时,当我执行私有代码时:
now they replaced the router on my office with a newer one and I am not able to use my code.Now, with the new router, when I execute the privious code I get:
注意映射返回空值;因此,我无法添加映射.
note that mappings returns null; therefore, I am not able to add a mapping.
我确信应该有一种方法可以建立连接,因为办公室中的某些人例如使用limewire 或bit torrent.我认为我的问题可能与权限有关?我该如何解决这个问题?
I am sure there should be a way to establish a connection because some people in the office use limewire for example or bit torrent. I think my problem has to do with permissions maybe? How can I resolve this?
.
.
.
.
.
.
好的,所以我相信我已经尝试使用 c# 执行你们在这个问题上发布的内容:好的,让我向您展示我所做的:
OK so I believe I have tried doing what you guys posted on this question with c#: ok let me show you what I did:
请注意,您可能需要参考此图才能理解我将要解释的内容:
note you may need to refer to this diagram in order to understand what I will be explain:
如您所知,我想在计算机 A 和计算机 B 之间建立 tcp 连接.我设法做到这一点的方法是执行所谓的 tcp 打孔.
As you know I want to establish a tcp connection between computer A and computer B. The way I manage to do this is by doing what is called tcp punch holing.
第 1 步:我做的第一件事是开始侦听服务器 S 上的新连接.
Step 1: The first thing that I do is to start listening for new connections on the server S.
TcpListener server = new TcpListener(System.Net.IPAddress.Parse("192.168.11.109"), 55550);
Server.Start();
var client = server.AcceptSocket(); \ wait here until someone connects
第 2 步:现在使用计算机 A 连接到服务器:
Step 2: Now connect to the server with computer A as:
TcpClient tcpClient = new TcpClient("192.168.11.109", 55550);
第 3 步:在计算机 A 上执行第 2 步代码后,服务器 S 调试应如下所示:
Step 3: After executing step 2 code on computer A the server S debug should look like:
第 4 步:现在我们的目标是从计算机 B 连接到计算机 A.服务器 S 拥有 B 建立连接所需的信息.实际上,我必须在计算机 B 和服务器 S 之间建立连接,以便服务器 S 可以为 B 提供适当的参数,以便 B 连接到 A.
Step 4: Now our goal is to connect from computer B to computer A. Server S has the information that B needs in order to establish the connection. In reality I will have to establish a connection between computer B and server S so that server S can give B the appropriate parameters in order for B to connect to A.
第 5 步:因为我正在调试,所以我能够看到参数,所以我现在将通过侦听端口 3313 使计算机 A 成为服务器.我希望计算机 A 现在正在侦听该端口(3313),因为所有包都通过端口发送到路由器 X3313 应该发送到计算机 A.
Step 5: since I am debuging I am able to see the parameters so I will make computer A a server now by listening on port 3313. I want computer A to be listening now on that port (3313) because all the packages sent to router X with port 3313 should be sent to computer A.
\ COMPUTER A
TcpListener server = new TcpListener(System.Net.IPAddress.Parse("192.168.0.120"), 3313);
server.Start();
var newClient = server.AcceptSocket(); \ wait here until a client gets connected
第 6 步:所以计算机 A 现在应该监听端口 3313 上的新连接.端口 3313 再次很重要,因为路由器 x 应该将从该端口接收的所有数据包转发到计算机 A.
Step 6: So computer A should now be listening for new connections on port 3313. again port 3313 is important because router x should forward all packages received from that port to computer A.
计算机 A 正在等待新的连接.
Computer A is waiting for new connections.
第 7 步:所以现在快点!我们想从计算机 B 建立连接.实际上,服务器 S 将传递参数,但由于我只是想完成这项工作,因此我将在计算机 B 上快速编写程序.
Step 7: So now quickly! We want to establish that connection from computer B. In reality server S will pass the parameters but since I am just trying to make this work I will write the program really quick on computer B.
TcpClient tcpClient = new TcpClient("192.168.11.108", 3313);
\192.168.11.108 is the address of router X
最后:
由于某种原因,计算机 B 无法连接到计算机 A.
For some reason, computer B is not able to connect to computer A.
无法连接的原因是路由器 X 没有将包转发到计算机 A.(我知道这一点是因为我在路由器 X 的端口 54540 上启用了端口转发,当我使用该端口时它可以工作)我的意思是我不明白为什么路由器 X 没有将来自端口 3313 的流量转发到计算机 A.计算机 A 已经与服务器 S 建立了连接,并且服务器 S 通过端口 3313 发送到路由器 X 的所有内容都已发送到计算机 A. 为什么如果我通过端口 3313 向路由器 X 发送包,它们不会被计算机 A 接收到!?
The reason why it is not able to connect is because router X did not forwarded the packages to computer A. (I know this because I have enabled port forwarding on port 54540 on router X and when I use that port it works) I mean I don’t understand why router X did not forward traffic coming from port 3313 to computer A. Computer A already established a connection to server S and all the things that server S sent to router X through port 3313 got sent to computer A. why is it that if I send packages to router X through port 3313 they don’t get received by computer A!?
附注:
请注意,我在这里展示的所有内容,实际上都有三个路由器 X、Y 和 Z,还有服务器 S、计算机 A 和计算机 B:
Note that everything that I showed here, I actually have the three routers X, Y and Z and also I have server S, computer A and computer B:
推荐答案
TCP 打孔经常不起作用.您最好的选择是坚持使用 UDP 打孔.如果您需要类似 TCP 的行为,您可以使用 RDP 或类似的协议,该协议为您提供 TCP 行为但可以使用 UDP 作为其传输.
TCP hole punching frequently doesn't work. You're best bet is to stick to UDP hole punching. If you need TCP-like behavior, you can use RDP or a similar protocol that gives you TCP behavior but can use UDP as its transport.
另一种方法是通过服务器中继所有流量.每个主机都可以连接到服务器,服务器可以将流量从一个连接复制到另一个连接.
The other approach is to relay all traffic through the server. Each host can connect to the server and the server can copy traffic from one connection to the other.
最好的解决方案是如果您可以从路由器获得一些支持,例如端口转发或 UPnP.
The best solution would be if you can get some support from the routers such as port forwarding or UPnP.
这篇关于使用c#“UDP打孔进入防火墙"将流量从端口X转发到计算机B的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
