Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
457 views
in Technique[技术] by (71.8m points)

ip - How to connect to an open tcp port on client machine from an unknown server?

I have been reading a lot about different NAT traversal techniques, but I am still a little unclear about how it works.

If I open a TCP port on a client machine and send a request to some arbitrary nonexistent server (which won't respond), my client NAT will now have an open channel, correct? Can I then use another (unknown) computer at a different IP address to access that client port if I know both the public and private IP of the client as well as the port number?

Or will my NAT check where my server packet is coming from and block it since it is not from the same IP address as the original request from the client machine?

Thanks in advance!

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

To answer your question, you need to know a little about NAT's mapping and filtering behavior. First let me state an information about NAT's mapping behavior,

If you send a packet from your internal IP:port through your NAT's IP:port to any address then your NAT creates a MAP between your internal and its IP:port. Other wise no one from outside of your NAT can send you anything.

There are 4 types of NAT,

Full-cone NAT: If you previously sent a packet from your internal IP:port through your NAT's IP:port then any out side host can send packet to your internal IP:port by sending a packet to your NAT's IP:port.

Address restricted cone NAT: An outside host can send packets to your internal IP:port by sending packets to your NAT's IP:port only if from your internal IP:port at least a packet has been previously sent to that outside host's IP address through your NAT's IP:port. Here that outside host's port doesn't matter. Only IP address has to be same.

Port restricted cone NAT: Same as address restricted just this time out side host's port matters. At least a packet previously sent from your internal IP:Port to that outside host's IP:Port through your NAT's IP:Port will allow that out side host to send you packets from its IP:port through your NAT's that IP:port.

Symmetric NAT: Its mapping behavior is a little different than others. For the previous 3 types of NATs, from your internal IP:port no matter where you send your data it will go through the NAT's same IP:Port. But for symmetric NAT for different destination your data will go through NAT's same IP but different Port. And like port restricted cone, incoming packet will be allowed through NAT if a data previously sent to that outside host's IP:port.

So for your scenario only if your NAT is Full cone NAT than some one unknown who knows your NAT's that public IP:port from which you sent a packet to unknown server, can send you data through UDP transport. For other NAT it will be blocked as you did not send any data to that outside host. But for your TCP connection no one can send you any data even if they know your private and public IP:Port as they are behind different NAT. Read details form this answer.

Read details on wiki.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...