Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

forward traffic from port X to computer B with c# "UDP punch hole into firewall"

I need to establish a tcp connection from my house computer to my office computer.

on the office there is a router where several computers are connected to. that router has internet therefore all the computers connected to that router have internet as well. on my house I have a computer with internet access. I need my office computer to act as the server and my home computer to connect to it. Before, I used to be able to connect by port forwarding traffic on the server as:

    NATUPNPLib.UPnPNATClass upnpnat;
    NATUPNPLib.IStaticPortMappingCollection mappings;

    public ServerExample()
    {
        InitializeComponent();

        upnpnat = new NATUPNPLib.UPnPNATClass();
        mappings = upnpnat.StaticPortMappingCollection;

        //                           server local IP address
        mappings.Add(1300, "TCP", 1300, "192.168.150.146", true, "plsease work");
        // this code tels the router to forward all tcp traffic comming from port
        // 1300 to the server computer (it's lan ip address happens to be 192.168.150.146)
        //...

and I was able to connect from my house. (I know that the simple way will be to open the ports on the office router and forward them to my computer the problem is that I do not have access to the office router)

now they replaced the router on my office with a newer one and I am not able to use my code.Now, with the new router, when I execute the privious code I get:

enter image description here

note that mappings returns null; therefore, I am not able to add a mapping.

I am sure there should be a way to establish a connection because some people in the office use limewire for example or bit torrent. I think my problem has to do with permissions maybe? How can I resolve this?


Edit

So from researching I found that what I am trying to do is "UDP punch hole into firewall". I actually want to do it over a tcp connection. I don't know what is will be the difference between tcp and upd puch holing.... I mean the purpose of that is for a client to be able to find a pear without having to do configurations on the router.

.

.

.

.

.

.

UPDATE

OK so I believe I have tried doing what you guys posted on this question with c#: ok let me show you what I did:

note you may need to refer to this diagram in order to understand what I will be explain: enter image description here

As you know I want to establish a tcp connection between computer A and computer B. The way I manage to do this is by doing what is called tcp punch holing.

Step 1: The first thing that I do is to start listening for new connections on the server S.

                   TcpListener server = new TcpListener(System.Net.IPAddress.Parse(“192.168.11.109”), 55550);
                   Server.Start();

                   var client = server.AcceptSocket();  \\ wait here until someone connects

Step 2: Now connect to the server with computer A as:

          TcpClient tcpClient = new TcpClient("192.168.11.109", 55550);

Step 3: After executing step 2 code on computer A the server S debug should look like:

enter image description here

Step 4: Now our goal is to connect from computer B to computer A. Server S has the information that B needs in order to establish the connection. In reality I will have to establish a connection between computer B and server S so that server S can give B the appropriate parameters in order for B to connect to A.

Step 5: since I am debuging I am able to see the parameters so I will make computer A a server now by listening on port 3313. I want computer A to be listening now on that port (3313) because all the packages sent to router X with port 3313 should be sent to computer A.

       \\ COMPUTER A 
       TcpListener server = new TcpListener(System.Net.IPAddress.Parse("192.168.0.120"), 3313);
        server.Start();

        var newClient = server.AcceptSocket();  \\ wait here until a client gets connected

Step 6: So computer A should now be listening for new connections on port 3313. again port 3313 is important because router x should forward all packages received from that port to computer A.

Computer A is waiting for new connections. enter image description here

Step 7: So now quickly! We want to establish that connection from computer B. In reality server S will pass the parameters but since I am just trying to make this work I will write the program really quick on computer B.

          TcpClient tcpClient = new TcpClient(“192.168.11.108”, 3313);
           \\192.168.11.108  is the address of router X

Finally:

For some reason, computer B is not able to connect to computer A.

enter image description here

The reason why it is not able to connect is because router X did not forwarded the packages to computer A. (I know this because I have enabled port forwarding on port 54540 on router X and when I use that port it works) I mean I don’t understand why router X did not forward traffic coming from port 3313 to computer A. Computer A already established a connection to server S and all the things that server S sent to router X through port 3313 got sent to computer A. why is it that if I send packages to router X through port 3313 they don’t get received by computer A!?

PS:

Note that everything that I showed here, I actually have the three routers X, Y and Z and also I have server S, computer A and computer B:

enter image description here

like image 567
Tono Nam Avatar asked Aug 29 '11 01:08

Tono Nam


2 Answers

Your new work router has probably got UPnP disabled, hence your null reference.

Without this your server cannot be made visible to inbound traffic as the router doesn't know where to send the inbound packets. In this case the router acts as a firewall blocking the incoming traffic to your server.

The basic ways around this are:

1) open up UPnP

This enables your application to instruct the router how to forward inbound traffic back to your server.

2) set up a port forwarding

As above by manually configuring the router.

3) make your work server the client

Routers work by allowing outbound connections to initiate the connection. It remembers the return address, rewrites the externally visible IP, and provides an unused port for external traffic to talk back on (NAT). This allows outbound requests to establish communication with the outside and bypass the firewall. If your home IP is fixed you could setup a client at work that tries to call home on a schedule (until you start the server and can establish the connection).

4) use P2P (mediation server)

I'm not sure where you would begin with this, but the principle is this. It usually works on a single UDP port. A server that is not behind NAT is used for establishing connections. The clients send their IP to the server in a UDP packet, and the router rewrites the UDP header with the router return address. The server takes this data and sends it to other peers. With everyone now knowing each others return address, they can send TCP traffic directly to each other and the server steps out of the way.

There's some really good article here regarding the basics of NAT, explained in simple terms. And a good article here which explains how P2P leverages NAT to bypass firewalls.

Hope this gives you some ideas.

like image 123
TheCodeKing Avatar answered Oct 13 '22 02:10

TheCodeKing


TCP hole punching frequently doesn't work. You're best bet is to stick to UDP hole punching. If you need TCP-like behavior, you can use RDP or a similar protocol that gives you TCP behavior but can use UDP as its transport.

The other approach is to relay all traffic through the server. Each host can connect to the server and the server can copy traffic from one connection to the other.

The best solution would be if you can get some support from the routers such as port forwarding or UPnP.

like image 30
David Schwartz Avatar answered Oct 13 '22 02:10

David Schwartz