Reputation: 1099
How would one connect two clients behind firewalls?
When using an instant messaging application like Live Messenger or the desktop client for Google Talk, computers can transfer files between one another. I can't say for sure, but I'm fairly certain that the data being transferred between computers does not go through Microsoft's or Google's IM servers, rather the two computers with the IM software communicate directly with each other. I'm wondering if or how this direct connection between the clients is established and how I would implement something similar myself.
I have some experience working with personal networks but I only understand a client-server relationship, where the server is always listening (and ports are not blocked by a firewall) and the client makes a request to the server whenever data is needed.
Upvotes: 6
Views: 5527
Answers (5)
Reputation: 2500
Do what most trojans do:
Reverse Connection
EDIT:
with two machines behind firewalls, you would need some kind of third 'Proxy'
Upvotes: -2
Reputation: 15334
If I were implementing this, I'd look at a couple of options.
Have the firewall forward a given port to a PC inside the network. This will let you connect to a server from the outside world.
Have the client(s) behind the firewall connect to a visible server outside of the firewall.
In short, at least one party in the conversation needs to be visible (the server) to the other(s) so they can connect to it. Regardless of how, once a connection is made, the client and server will be able to communicate back and forth without any problems.
Upvotes: 0
Reputation: 13624
There is a method used by many clients called "pin holing":
I send a UDP packet at you, which pokes a hole in my firewall (allowing UDP packets, assumed to be responses by my firewall, to be sent by you and received by me). That packet gets discarded by your firewall.
You send a UDP packet to me, poking a hole in your firewall. That packet should reach me, at which point I can send another one to reach you and we can communicate, through our firewalls, over UDP.
Upvotes: 6
Reputation: 35117
If both clients are behind a firewall that hasn't been pinholed and no VPN software is being employed they are communicating through a 3rd party server. Period.
Upvotes: 0
Reputation: 4274
I've used a program called Hamachi which is a bit like a peer-to-peer vpn (virtual network-to-network). Then I wrote the client server applications as is. It was a quick way to get the functionality of connecting over the Internet without the trickery needed for dealing with NAT routers.
If you need to do it 'properly', one of the common methods is udp hole punching. When you send a web request your firewall knows to expect back data in response. The trick is that both client A and client B contact a server on the Internet. The server passes details of the request client A made to client B and and vice versa. Once the initial connection is established they can continue communicate even if the main server is no longer there.
Upvotes: 6
Related Questions
- connect two clients together by a server without port forwarding
- Data transfer between servers
- Bypassing a Firewall by using a 3rd party to establish the connection
- Best way to send data to a non-browser client behind NAT and firewalls?
- P2P message transfer behind firewalls and NAT
- How would one connect two clients (one of them is browser) behind firewalls
- How can I establish a TCP connection between several computers behind two firewalls?
- Creating a TCP connection between 2 computers without a server
- Making a TCP connection through a restrictive outbound firewall
- Open source library or class that punches through NAT/Firewalls for P2P data transfer