Re: Direct connections through NAT/firewall
From: Peter (pzeltins_at_bigfoot.com)
Date: 07/24/03
- Next message: Kyler Laird: "Re: Restricitng SSH for CVS user"
- Previous message: Jason: "Re: q Imcoming packets for multiple uplinks/providers"
- In reply to: James T. Dennis: "Re: Direct connections through NAT/firewall"
- Next in thread: Ken Kauffman: "Re: Direct connections through NAT/firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jul 2003 12:03:45 +0300
> > Wonder how you do it? Smth like sending UDP on pre-agreed port (same on
both
> > sides)?
> I thought of this awhile back. If I send a packet to your router, (as
though
> initiating a connection router, and you send a response to my source port
> (spoofing it as though it was a reply to my SYN/!ACK packet) then the
> NAT box should be tricked into routing your response back to me (even
> though you never got my initial packet.
This could work for TCP provided you get low-level access to TCP stack...
have never done this under Linux, but methinks Winsock wouldn't let you just
send TCP packet with SYN bit set, without ever getting initial incoming TCP
session request.
However this should work for UDP without need for low-level stack access
since UDP is stateless.
Still one needs to pre-agree on time & port, so "handshake server" on public
IP seems like a neccessity...
Peter
- Next message: Kyler Laird: "Re: Restricitng SSH for CVS user"
- Previous message: Jason: "Re: q Imcoming packets for multiple uplinks/providers"
- In reply to: James T. Dennis: "Re: Direct connections through NAT/firewall"
- Next in thread: Ken Kauffman: "Re: Direct connections through NAT/firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
