4

I'm currently trying to send UDP messages over the internet and have to set up the firewalls for both endpoints A and B (which are both behind a NAT). To do this, I want to use hole punching using a STUN server.

When A creates a request to the STUN server (say, private: 85.1.1.12:6000 and public: 173.194.78.127:19302) I get 85.1.1.12:6000 as a response. If I were to send a packet from the same origin configuration (same origin ip and port that were used for the STUN-request) to any other destination address (the destination port stays the same) then my NAT would change the public port again (from 6000 to anything else). I found out by using the same address-port configuration for two different STUN server requests (using port 19302 for both requests).

Like this, I have no possibility of knowing what port my NAT does the translation when sending a packet to B (B can't receive anything because its firewall is not set up).

Is this because my NAT type is not compatible for hole punching or did I get the concept wrong?

Thanks!

4

2 回答 2

3

85.1.1.12:6000 不是您的私有 IP 地址。它是您的 NAT 的公共/外部 IP:端口。私有 IP 是您的 PC/设备的接口地址。

从你的场景我猜你有一个对称的 NAT。在对称 NAT 中,每次您将一些数据包发送到不同的目的地时,您的 NAT 的公共端口都会发生变化。如果您的目的地保持不变,那么 NAT 的公共 IP:端口也保持不变。

对于其他类型的 NAT,如果您的私有 IP 没有改变,那么您将数据包发送到哪里都没有关系,您的 NAT 公共 IP:端口(在您的情况下为 85.1.1.12:6000)将保持不变。

如果一侧具有 **Symmetric NAT 而另一侧具有 Symmetric/PRC NAT,则无法打孔。

**对称 NAT 是指提供随机端口分配的对称 NAT。

于 2015-07-30T03:51:27.000 回答
0

如果双方都有对称的 NAT,打孔在技术上并非不可能(尽管遍历过程可能太不可靠,不值得麻烦)。请阅读我的论文:

https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing

或者它引用的一篇论文:

  1. http://tools.ietf.org/id/draft-takeda-symmetric-nat-traversal-00.txt

  2. https://www.goto.info.waseda.ac.jp/~wei/file/wei-apan-v10.pdf

  3. http://journals.sfu.ca/apan/index.php/apan/article/view/75/pdf_31

于 2015-08-14T22:31:39.050 回答