{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《Hole punching using STUN》','https://www.manongdao.com/q-652195.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm currently trying to send UDP messages over the internet and have to set up the firewalls for both endpoints A and B (which are both behind a NAT). To do this, I want to use hole punching using a STUN server.
When A creates a request to the STUN server (say, private: 85.1.1.12:6000 and public: 173.194.78.127:19302) I get 85.1.1.12:6000 as a response. If I were to send a packet from the same origin configuration (same origin ip and port that were used for the STUN-request) to any other destination address (the destination port stays the same) then my NAT would change the public port again (from 6000 to anything else). I found out by using the same address-port configuration for two different STUN server requests (using port 19302 for both requests).
Like this, I have no possibility of knowing what port my NAT does the translation when sending a packet to B (B can't receive anything because its firewall is not set up).
Is this because my NAT type is not compatible for hole punching or did I get the concept wrong?
Thanks!
Hole punching is technically not impossible if both sides have symmetric NAT (although the traversal process may be too unreliable to be worth the hassle). Please read my paper:
https://drive.google.com/file/d/0B1IimJ20gG0SY2NvaE4wRVVMbG8/view?usp=sharing
Or one of the papers that it references:
http://tools.ietf.org/id/draft-takeda-symmetric-nat-traversal-00.txt
https://www.goto.info.waseda.ac.jp/~wei/file/wei-apan-v10.pdf
http://journals.sfu.ca/apan/index.php/apan/article/view/75/pdf_31
85.1.1.12:6000 is not your private IP address. Its your NAT's public/external IP:Port. Private IP is your PC/Device's interface address.
From your scenario I am guessing you have a symmetric NAT. In Symmetric NAT, your NAT's public port changes every time you send some packets to a different destination. If your destination remains same then the NAT's public IP:Port also remains same.
For other types of NAT if your private IP doesn't change then it doesn't matter where you send your packets, your NATs public IP:port (in your case 85.1.1.12:6000) will remain same.
Hole punching is not possible if one side has **Symmetric NAT and other side has Symmetric/PRC NAT.
**By Symmetric NAT I mean Symmetric NAT which gives random port allocation.