Menu
The client can connect the server via proxy but also I need to connect client TCP/UDP ports from server to client:
[vm ---> proxy ---> router or firewall ---> client:3000]
I don't want to open the client's port to the internet via NAT rule. I'm looking a way to do that. Is it possible?
Edit: I guess I have to add more information about my goal.
I have an app on the Linux Client (diagram) and it's have 2 job:
1- Create websocket beetween Client and VM for communication
2- USB/IP : I use the Usb/ip protocol to redirect local USB devices. Thats Why I need this solution.
Let me tell you how USB/IP works:
Architecture
The USB/IP protocol follows a server/client architecture. The server exports the USB devices and the clients import them. The device driver for the exported USB device runs on the client machine.
First the client opens a TCP/IP connection to the server and sends an OP_REQ_IMPORT packet. (I) The server replies with OP_REP_IMPORT. If the import was successful the TCP/IP connection remains open and will be used to transfer the URB traffic between the client and the server. The client may send two types of packets: the USBIP_CMD_SUBMIT to submit an URB, and USBIP_CMD_UNLINK to unlink a previously submitted URB. The answers of the server may be USBIP_RET_SUBMIT and USBIP_RET_UNLINK respectively.
virtual host controller usb host
"client" "server"
(imports USB devices) (exports USB devices)
| |
| OP_REQ_IMPORT |
| ----------------------------------------------> |
| |
| OP_REP_IMPORT |
| <---------------------------------------------- |
| |
| |
| USBIP_CMD_SUBMIT(seqnum = n) |
| ----------------------------------------------> |
| |
| USBIP_RET_SUBMIT(seqnum = n) |
| <---------------------------------------------- |
| . |
| : |
| |
| USBIP_CMD_SUBMIT(seqnum = m) |
| ----------------------------------------------> |
| |
| USBIP_CMD_SUBMIT(seqnum = m+1) |
| ----------------------------------------------> |
| |
| USBIP_CMD_SUBMIT(seqnum = m+2) |
| ----------------------------------------------> |
| |
| USBIP_RET_SUBMIT(seqnum = m) |
| <---------------------------------------------- |
| |
| USBIP_CMD_SUBMIT(seqnum = m+3) |
| ----------------------------------------------> |
| |
| USBIP_RET_SUBMIT(seqnum = m+1) |
| <---------------------------------------------- |
| |
| USBIP_CMD_SUBMIT(seqnum = m+4) |
| ----------------------------------------------> |
| |
| USBIP_RET_SUBMIT(seqnum = m+2) |
| <---------------------------------------------- |
| . |
| : |
508
asked Sep 05 '25 03:09
What you're looking for is NAT traversal. But usually the client has to do something to help establish this connection.
From the techniques section:
The following NAT traversal techniques are available:
- Socket Secure (SOCKS) is a technology created in the early 1990s that uses proxy servers to relay traffic between networks or systems.
- Traversal Using Relays around NAT (TURN) is a relay protocol designed specifically for NAT traversal.
- NAT hole punching is a general technique that exploits how NATs handle some protocols (for example, UDP, TCP, or ICMP) to allow previously blocked packets through the NAT.
- UDP hole punching
- TCP hole punching
- ICMP hole punching
- Session Traversal Utilities for NAT (STUN) is a standardized set of methods and a network protocol for NAT hole punching. It was designed for UDP but was also extended to TCP.
- Interactive Connectivity Establishment (ICE) is a complete protocol for using STUN and/or TURN to do NAT traversal while picking the best network route available. It fills in some of the missing pieces and deficiencies that were not mentioned by STUN specification.
- UPnP Internet Gateway Device Protocol (IGDP) is supported by many small NAT gateways in home or small office settings. It allows a device on a network to ask the router to open a port.
- NAT-PMP is a protocol introduced by Apple as an alternative to IGDP.
- PCP is a successor of NAT-PMP.
- Application-level gateway (ALG) is a component of a firewall or NAT that allows for configuring NAT traversal filters. It is claimed by numerous people that this technique creates more problems than it solves.
Among these techniques, I've seen use of STUN servers most commonly, particularly in web/online technologies. For example, see the use of STUN servers (and other techniques) applied in WebRTC for peer-to-peer connections.
ngrok is another tool commonly used to tunnel connections through the internet to traverse through the NAT. Often used for development purposes. May not be suitable depending on exactly the nature/volume of traffic you have.
67
The only way I think to do it, is with ngrok (package of Node.js) and it's temporary, the url changes over the time.
Is possible to make a callback from there, to change the endpoint, reflecting the new address.
32
answered Sep 07 '25 20:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
