从口X与C#&QUOT计算机B转发流量; UDP打孔到防火墙" [英] forward traffic from port X to computer B with c# "UDP punch hole into firewall"
问题描述
我需要建立一个从我家的电脑到我的办公室的电脑建立TCP连接。
I need to establish a tcp connection from my house computer to my office computer.
在办公室的存在,几个计算机连接到路由器。该路由器具有上网,因此所有连接到该路由器的计算机有互联网以及。在我的房子我有上网的电脑。我需要我的办公室的电脑作为服务器,我家里的电脑连接到它。之前,我曾经是能够通过端口转发的流量在服务器上连接为:
on the office there is a router where several computers are connected to. that router has internet therefore all the computers connected to that router have internet as well. on my house I have a computer with internet access. I need my office computer to act as the server and my home computer to connect to it. Before, I used to be able to connect by port forwarding traffic on the server as:
NATUPNPLib.UPnPNATClass upnpnat;
NATUPNPLib.IStaticPortMappingCollection mappings;
public ServerExample()
{
InitializeComponent();
upnpnat = new NATUPNPLib.UPnPNATClass();
mappings = upnpnat.StaticPortMappingCollection;
// server local IP address
mappings.Add(1300, "TCP", 1300, "192.168.150.146", true, "plsease work");
// this code tels the router to forward all tcp traffic comming from port
// 1300 to the server computer (it's lan ip address happens to be 192.168.150.146)
//...
和我能够从我家连接。 (我知道简单的方法将是打开办公室路由器上的端口,并转发到我的电脑问题是,我没有进入办公室路由器)
and I was able to connect from my house. (I know that the simple way will be to open the ports on the office router and forward them to my computer the problem is that I do not have access to the office router)
现在,他们更换了路由器上我办公室用较新的,我不能用我的code.Now,随着新的路由器,当我执行privious code我得到:
now they replaced the router on my office with a newer one and I am not able to use my code.Now, with the new router, when I execute the privious code I get:
请注意:空映射的回报;因此,我不能够添加映射。
note that mappings returns null; therefore, I am not able to add a mapping.
我相信应该有建立连接的方式,因为有些人在办公室使用的LimeWire例如或位洪流。我想我的问题有可能的权限呢?我怎样才能解决这个问题?
I am sure there should be a way to establish a connection because some people in the office use limewire for example or bit torrent. I think my problem has to do with permissions maybe? How can I resolve this?
行,所以我相信我已经尝试在做什么张贴在用C#这个问题你们:好让我告诉你我做了什么:
OK so I believe I have tried doing what you guys posted on this question with c#: ok let me show you what I did:
请注意,你可能需要参考此图以了解我是什么解释:
note you may need to refer to this diagram in order to understand what I will be explain:
你知道我要建立计算机A和计算机B之间的TCP连接,我能做到这一点的方法是做什么叫做TCP冲入座。
As you know I want to establish a tcp connection between computer A and computer B. The way I manage to do this is by doing what is called tcp punch holing.
第1步:
我做的第一件事是开始监听在服务器S的新连接。
Step 1: The first thing that I do is to start listening for new connections on the server S.
TcpListener server = new TcpListener(System.Net.IPAddress.Parse("192.168.11.109"), 55550);
Server.Start();
var client = server.AcceptSocket(); \\ wait here until someone connects
步骤2:
现在,随着计算机A连接到服务器:
Step 2: Now connect to the server with computer A as:
TcpClient tcpClient = new TcpClient("192.168.11.109", 55550);
步骤3:
在计算机A上执行步骤2 code后服务器S调试应该是这样的:
Step 3: After executing step 2 code on computer A the server S debug should look like:
步骤4:
现在我们的目标是从计算机B连接到计算机A.服务器S有两个B的顺序建立连接所需要的信息。在现实中,我将不得不建立计算机B和服务器秒之间的连接,以便服务器S能够给B中的相应的参数,以便对B连接到A.
Step 4: Now our goal is to connect from computer B to computer A. Server S has the information that B needs in order to establish the connection. In reality I will have to establish a connection between computer B and server S so that server S can give B the appropriate parameters in order for B to connect to A.
第五步:
因为我debuging我能看到的参数,所以我将计算机中的一台服务器现在监听端口3313我想计算机A是该端口(3313)上,现在听,因为所有的包发送到路由器X与港口3313应该发送到计算机A
Step 5: since I am debuging I am able to see the parameters so I will make computer A a server now by listening on port 3313. I want computer A to be listening now on that port (3313) because all the packages sent to router X with port 3313 should be sent to computer A.
\\ COMPUTER A
TcpListener server = new TcpListener(System.Net.IPAddress.Parse("192.168.0.120"), 3313);
server.Start();
var newClient = server.AcceptSocket(); \\ wait here until a client gets connected
第六步:
所以,计算机A现在应该监听端口3313端口再新的3313连接,因为路由器X应该转发来自该端口的计算机A接收所有的包是很重要的。
Step 6: So computer A should now be listening for new connections on port 3313. again port 3313 is important because router x should forward all packages received from that port to computer A.
计算机A正在等待新的连接。
Computer A is waiting for new connections.
第7步:
所以现在赶快行动吧!我们要建立从计算机B.该连接在现实中服务器的意志传递参数,但由于我只是想使这项工作,我会写程序计算机B.
Step 7: So now quickly! We want to establish that connection from computer B. In reality server S will pass the parameters but since I am just trying to make this work I will write the program really quick on computer B.
TcpClient tcpClient = new TcpClient("192.168.11.108", 3313);
\\192.168.11.108 is the address of router X
最后:
由于某些原因,计算机B不能够连接到计算机A
For some reason, computer B is not able to connect to computer A.
之所以说它是无法连接,因为路由器X不转发包到计算机A(我知道这是因为我在路由器X启用端口转发,端口54540,当我使用该端口它的工作原理)我的意思是我不明白为什么路由器X没有向前来港从3313到计算机A.计算机A的流量已经建立到服务者S的连接和所有的服务者S通过端口3313发送到路由器X的事情就发送到计算机A 。为什么是,如果我通过端口发送3313包路由器X自己不要被电脑接收的!?
The reason why it is not able to connect is because router X did not forwarded the packages to computer A. (I know this because I have enabled port forwarding on port 54540 on router X and when I use that port it works) I mean I don’t understand why router X did not forward traffic coming from port 3313 to computer A. Computer A already established a connection to server S and all the things that server S sent to router X through port 3313 got sent to computer A. why is it that if I send packages to router X through port 3313 they don’t get received by computer A!?
PS:
需要注意的是一切,我发现在这里,我居然有三台路由器X,Y和Z也是我的服务器S,计算机A和计算机B:
Note that everything that I showed here, I actually have the three routers X, Y and Z and also I have server S, computer A and computer B:
推荐答案
您的新作路由器可能得到的UPnP 禁用,因此您的空引用。
Your new work router has probably got UPnP disabled, hence your null reference.
如果没有这个服务器无法进行入站流量可见的路由器不知道从哪里发送的报文。在这种情况下,路由器作为防火墙阻止传入流量到你的服务器。
Without this your server cannot be made visible to inbound traffic as the router doesn't know where to send the inbound packets. In this case the router acts as a firewall blocking the incoming traffic to your server.
解决这个问题的基本方法是:
The basic ways around this are:
1)打开UPnP的的
这使应用程序指示路由器如何转发入站流量回您的服务器。
This enables your application to instruct the router how to forward inbound traffic back to your server.
的 2)设置一个端口转发的
如上通过手动配置路由器。
As above by manually configuring the router.
3)使您的工作服务器的客户端的
路由器允许出站连接启动连接工作。它记住的返回地址,重写外部可见的IP,并提供了一个未使用的端口,用于外部通信交谈回(NAT)。这使得出站请求建立通信与外部和绕过防火墙。如果你家的IP是固定的,你可以安装在工作中的客户端试图给家里打电话的时间表(直到你启动服务器,并可以建立连接)。
Routers work by allowing outbound connections to initiate the connection. It remembers the return address, rewrites the externally visible IP, and provides an unused port for external traffic to talk back on (NAT). This allows outbound requests to establish communication with the outside and bypass the firewall. If your home IP is fixed you could setup a client at work that tries to call home on a schedule (until you start the server and can establish the connection).
的 4)使用P2P(中介服务器)的
我不知道,你将与这个开头,但原理是这样的。它通常工作单个UDP端口上。这不是在NAT后面的服务器用于建立连接。客户发送其IP到服务器在一个UDP包,且该路由器重写与路由器返回地址的UDP报头。服务器接受该数据并将其发送给其他对等体。随着现在每个人都知道对方的回复地址,就可以直接发送TCP流量,彼此闪开服务器的步骤。
I'm not sure where you would begin with this, but the principle is this. It usually works on a single UDP port. A server that is not behind NAT is used for establishing connections. The clients send their IP to the server in a UDP packet, and the router rewrites the UDP header with the router return address. The server takes this data and sends it to other peers. With everyone now knowing each others return address, they can send TCP traffic directly to each other and the server steps out of the way.
有一些非常好的文章这里 NAT方面的基础知识,解释简单来说。而一个好的文章这里这也解释了P2P如何利用NAT来绕过防火墙。
There's some really good article here regarding the basics of NAT, explained in simple terms. And a good article here which explains how P2P leverages NAT to bypass firewalls.
希望这给你一些想法。
这篇关于从口X与C#&QUOT计算机B转发流量; UDP打孔到防火墙"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
