• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Direct comms between network clients

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Direct comms between network clients

    Imagine you have two network clients behind NAT firewalls; both clients are restricted to outbound HTTP requests via network address translation, and you want to stream data directly between clients without relaying that data via an Internet server

    An Internet server may be used to initiate the exchange so both clients initially have an open socket to the Internet server

    Is there any way to subsequently 'untether' the clients from the server and tether the end of one client socket to the end of the other client socket so they can communicate directly ?

    #2
    woo - you just invented P2P. well done.
    World's Best Martini

    Comment


      #3
      Not necessarily - P2P seems to require a relay server for clients behind NAT firewalls:

      "A Relay peer allows the peers which are behind firewalls or NAT systems to take part in the JXTA network. This is performed by using a protocol which can traverse the firewall, like HTTP, for example." - JXTA - Wikipedia, the free encyclopedia

      Comment


        #4
        Wondering if there is a way to do it with Tor ?

        Or some kind of TCP spoofing ?

        Comment


          #5
          Originally posted by Supply and Command View Post
          Or some kind of TCP spoofing ?
          The NAT would prevent spoofing the source addresses.
          While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

          Comment


            #6
            Basically you're asking how to defeat a firewall. And if it was that easy, there'd be no point having firewalls.
            Will work inside IR35. Or for food.

            Comment


              #7
              Actually punching holes through firewalls is fairly easy and P2P does it extensively.

              Client A uses RFC1918 private addressing (eg, 192.168.0.x) behind a NAT firewall.
              Client B also uses RFC1918 private addressing behind a NAT firewall.
              The broker is addressed with an Internet registered IP address.

              How do they talk? There are easy ways to do it if the NAT gateways allow uPNP (many consumer DSL routers will) but even if they don't then most firewalls will pass UDP so you can punch right through them and with a broker you can create a connection to another host behind a NAT firewall/gateway.

              Here's how:

              Client A communicates with the broker.
              Client B communicates with the broker.

              The broker can see the Internet registered outside NAT address from both A and B. Let's say A is on IP address 24.0.0.1 and B is on IP address 54.0.0.1. So the broker tells client A to send a stream of UDP packets to client B's IP address using (say) UDP/123 for the destination address and UDP/555 for the source address. Of course this is just dropped by the firewall at client B.

              Now the broker tells client B to send data to client A's IP address using UDP/555 as a source address and UDP/123 as a destination address (the opposite to client A). When this packet is sent out through client B's firewall and interesting thing happens - the firewall sets up a reverse rule to allow a UDP response on the same IP/port pair and the data sent from client A can now come through the firewall to client B.

              The broker now stands back and client A and B talk to each other over the UDP stream that the broker arranged for them.


              There are also ways to do it with TCP though it's a bit more convoluted and relies on the broker being able to spoof packets to client A and B and this is much more difficult because many firewall rule sets will reject packets which originate from external networks if they have an internal address.


              There is probably an RFC for NAT traversal by now. There was a good white paper describing how Skype does it. It's shocking reading if you've never seen it done before, definitely not comfortable reading for security people. Also remember that ANY firewall that allows ANY outgoing connection is sufficient to setup an SSH tunnel or VPN so you can do whatever you like really.
              Free advice and opinions - refunds are available if you are not 100% satisfied.

              Comment


                #8
                Good old UDP - thanks Wanderer - I will create a prototype of this in Java..

                Comment


                  #9
                  Am I missing something, why not just get each client's firewall to allow connections from the other's public facing IP address
                  Originally posted by Stevie Wonder Boy
                  I can't see any way to do it can you please advise?

                  I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

                  Comment


                    #10
                    Peer-to-Peer Communication Across Network Address Translators might be worth a read
                    While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named 'Manual.'

                    Comment

                    Working...
                    X