20070708 - Breaking Firewalls


If the world ran only on static IPs with no firewalls, doing P2P connections would be easy. Now when was anything worthwhile easy? Connecting the rest of the world requires breaking through firewalls and dealing with dynamic IP addresses.

  1. End point = 6 bytes.
  2. Public end point is what server sees as ip:port for client.
  3. Private end point is what client sees as ip:port for self.
  4. All clients connect to server and server responds with public end point.
  5. So all clients know their public end point.
  6. Clients also give private end point to server.
  7. NATs might mangle private end point in UDP packet so encript it.

Here is how S (server or peer) can connect A (peer) to B (peer). This works both on local LAN and across the wide open internet with NAT and firewalls.

  1. A is connected with S.
  2. B is connected with S.
  3. S sends private and public end points of A to B.
  4. S sends private and public end points of B to A.
  5. A sends packets to private and public end points of B.
  6. B sends packets to private and public end points of A.
  7. A locks in ip:port it sees from B.
  8. B locks in ip:port it sees from A.

Keep in mind that NAT (network address translation) might result in a different public end point on each connection attempt, so during steps 5 and 6, they might have to IP/port scan by attempting multiple public end points seeded from the public end point sent in steps 3 and 4.