通过防火墙进行点对点网络连接 [英] Point to point network connection through firewalls
问题描述
我想在不同位置的两台计算机之间建立网络连接(RTP或UDP),每台计算机都位于NAT调制解调器/防火墙之后。我不希望对防火墙进行任何修改。
I would like to setup a network connection (RTP or UDP) between two computers at different locations, each of which is behind a NAT modem/firewall. I do not want any modification of the firewalls.
我的工作假设是我需要两台计算机都可以到达的机器人(例如互联网服务器上的shell帐户) 。每台计算机连接到机器人,机器人允许两台计算机更新和查询状态并交换数据。
My working assumption is that I need a bot somewhere that both computers can reach (eg a shell account on an internet server). Each computer connects out to the bot and the bot allows the two computers to update and query status and to exchange data.
这是可以的,只要它去,但它表示所有数据都通过机器人传输。有没有办法可以在没有机器人的情况下连接两台计算机,或者如果没有这样做,一旦建立连接,允许机器人退出数据交换?我的感觉是没有办法做到这一点,但我的TCP / IP有点生疏...
This is ok as far as it goes, but it means that all data travels via the bot. Is there a way I can connect the two computers without the bot, or failing that, allow the bot to drop out of the data exchange once a connection has been setup? My feeling is that there is no way to do this, but my TCP/IP is a bit rusty...
推荐答案
如果你假设NAT /防火墙上没有任何东西是正确的。
If you assume nothing on the NAT/Firewall your are correct.
据我所知,例如,孔打孔不适用于重载NAT(PAT),因为源码端口由NAT设备随机化,它映射/匹配目标公共地址和选择的拾取源端口。
Hole-Punching for example will not work with overloaded NAT (PAT) as far as I know, because the source port is randomized by the NAT device, and it maps/match both the destination public address and the picked up source port elected.
UPnP可能有效,但你需要再次假设它在NAT设备上存在并启用。
UPnP may work, but again you need to assume it exist and enabled on the NAT device.
正如我所看到的,如果你想要通用,你只有两个选项:
1.配置NAT。
2.使用代理(您提到的机器人)。
Skype例如使用第二个,但是以分布式方式使用每个Skype客户端作为潜在代理(可能仅当它检测到它不在NAT后面或不受其限制时)。
As I see it, you got only two options if you want to be generic: 1. Configure the NAT. 2. Use a proxy (the bot you mentioned). Skype for example uses the second, but does it in a distributed manner by using every Skype client as a potential proxy (probably only if it detects it is not behind a NAT or not limited by it).
这篇关于通过防火墙进行点对点网络连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
