Eventmachine talk - Nov 2007 - P2P: Avoiding manual port-forwarding (am

From: "Francis Cianfrocca" <garbagecat10 at
gmail.com>
>
> I''m amazed that this works under UDP, much less TCP. Are we
talking
> about arbitrary UDP ports just getting forwarded through NATting
> routers, without needing to set up firewall rules? Do you have any
> references on this technique?
Yeah, I deduced that it should tend to work with UDP after
thinking about how quake2 clients initiate contact with a
quake2 server.

My quake2 client is on a network behind a NAT router, and
yet, my quake2 client can fire off a UDP packet to a remote
server, and expect to receive a UDP packet back in
reponse.  Therefore my NAT router must be observing the
outgoing UDP packet, and anticipating a response from the
remote server/port being contacted, and setting up an
automatic port forward to route the response back to my
local machine.


From: Tony Arcieri
>
> Yes, have a look at ICE / STUN
>
> ICE is the IETF standard encompassing STUN
>
> You''re out of luck with TCP, unless you use uPnP
>
>
> On Nov 19, 2007 11:43 PM, Roger Pack < rogerpack2005 at gmail.com>
wrote:
> >
> > stunt does this.
> > You could do it, for sure.  Just create your own headers and the like.
Ah, thanks guys.  I should have known better than to think I
was doing something new.  <grin>

Found an open source (GPL) ICE / STUN / TURN library:

http://www.pjsip.org/pjnath/docs/html/index.htm



Regards,

Bill

On Nov 20, 2007 10:07 AM, Bill Kelly <billk at cts.com>
wrote:
>
> From: "Francis Cianfrocca" <garbagecat10 at gmail.com>
> >
> > I''m amazed that this works under UDP, much less TCP. Are we
talking
> > about arbitrary UDP ports just getting forwarded through NATting
> > routers, without needing to set up firewall rules? Do you have any
> > references on this technique?
>
> Yeah, I deduced that it should tend to work with UDP after
> thinking about how quake2 clients initiate contact with a
> quake2 server.
>
> My quake2 client is on a network behind a NAT router, and
> yet, my quake2 client can fire off a UDP packet to a remote
> server, and expect to receive a UDP packet back in
> reponse.  Therefore my NAT router must be observing the
> outgoing UDP packet, and anticipating a response from the
> remote server/port being contacted, and setting up an
> automatic port forward to route the response back to my
> local machine.
>
>
> From: Tony Arcieri
> >
> > Yes, have a look at ICE / STUN
> >
> > ICE is the IETF standard encompassing STUN
> >
> > You''re out of luck with TCP, unless you use uPnP
> >
> >
> > On Nov 19, 2007 11:43 PM, Roger Pack < rogerpack2005 at
gmail.com> wrote:
> > >
> > > stunt does this.
> > > You could do it, for sure.  Just create your own headers and the
like.
>
> Ah, thanks guys.  I should have known better than to think I
> was doing something new.  <grin>
>
> Found an open source (GPL) ICE / STUN / TURN library:
>
> http://www.pjsip.org/pjnath/docs/html/index.htm
>

Fascinating stuff, especially as it relates to SIP and collaboration
apps. Thanks, guys. Is there any scope to add support for this
directly into EM?

On Nov 20, 2007 7:09 AM, Francis Cianfrocca <garbagecat10 at gmail.com>
wrote:
>
> Fascinating stuff, especially as it relates to SIP and collaboration
> apps. Thanks, guys. Is there any scope to add support for this
> directly into EM?

Would be cool although I don''t know how you would go about it. The
technique
requires some sort of server which will give the two peers each other''s
IP
addresses so they can initiate the UDP transmission. Maybe a default STUN
request could be built assuming that whoever uses it has a STUN server
somewhere?

Note that TCP hole punching also exists but it''s not as effective as it
depends much more on the NAT implementation. See the chapter 4 of this [1]
paper for more details.

Cheers,
Matthieu

[1] http://www.brynosaurus.com/pub/net/p2pnat/

>
> _______________________________________________
> Eventmachine-talk mailing list
> Eventmachine-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/eventmachine-talk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/eventmachine-talk/attachments/20071120/38120dcf/attachment-0001.html

I agree.  It would be nice if you could just create things like
EM::connect_using_reliable_udp_and_stun host, port, proxy # or hole
punching, etc.
or something along those derivatives.  That would be intense.
> > > Yes, have a look at ICE / STUN
> > >
> > > ICE is the IETF standard encompassing STUN
> > >
> > > You''re out of luck with TCP, unless you use uPnP

A STUN implementation will be an important part of DistribuStream in terms
of firewall traversal.  However, first I need to move the whole protocol to
UDP, and before I do that I''m trying to make it work better in general.

I''m also unsure what to use for a UDP data transfer protocol.  I need
something to work in conjunction with segmented downloads verified by a
hash, and RTP doesn''t exactly seem well suited to that task.

I''d certainly be willing to help with an implementation on top of
EventMachine.

On Nov 20, 2007 8:09 AM, Francis Cianfrocca <garbagecat10 at gmail.com>
wrote:
> On Nov 20, 2007 10:07 AM, Bill Kelly <billk at cts.com> wrote:
> >
> > From: "Francis Cianfrocca" <garbagecat10 at gmail.com>
> > >
> > > I''m amazed that this works under UDP, much less TCP. Are
we talking
> > > about arbitrary UDP ports just getting forwarded through NATting
> > > routers, without needing to set up firewall rules? Do you have
any
> > > references on this technique?
> >
> > Yeah, I deduced that it should tend to work with UDP after
> > thinking about how quake2 clients initiate contact with a
> > quake2 server.
> >
> > My quake2 client is on a network behind a NAT router, and
> > yet, my quake2 client can fire off a UDP packet to a remote
> > server, and expect to receive a UDP packet back in
> > reponse.  Therefore my NAT router must be observing the
> > outgoing UDP packet, and anticipating a response from the
> > remote server/port being contacted, and setting up an
> > automatic port forward to route the response back to my
> > local machine.
> >
> >
> > From: Tony Arcieri
> > >
> > > Yes, have a look at ICE / STUN
> > >
> > > ICE is the IETF standard encompassing STUN
> > >
> > > You''re out of luck with TCP, unless you use uPnP
> > >
> > >
> > > On Nov 19, 2007 11:43 PM, Roger Pack < rogerpack2005 at
gmail.com> wrote:
> > > >
> > > > stunt does this.
> > > > You could do it, for sure.  Just create your own headers and
the
> like.
> >
> > Ah, thanks guys.  I should have known better than to think I
> > was doing something new.  <grin>
> >
> > Found an open source (GPL) ICE / STUN / TURN library:
> >
> > http://www.pjsip.org/pjnath/docs/html/index.htm
> >
>
>
> Fascinating stuff, especially as it relates to SIP and collaboration
> apps. Thanks, guys. Is there any scope to add support for this
> directly into EM?
> _______________________________________________
> Eventmachine-talk mailing list
> Eventmachine-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/eventmachine-talk
>


--
Tony Arcieri
ClickCaster, Inc.
tony at clickcaster.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/eventmachine-talk/attachments/20071120/7fd824e2/attachment.html

> Note that TCP hole punching also exists but it''s not as effective
as it
> depends much more on the NAT implementation. See the chapter 4 of this [1]
> paper for more details.
>
> Cheers,
> Matthieu
>
> [1] http://www.brynosaurus.com/pub/net/p2pnat/
http://www.rubyinside.com/skype-style-firewall-busting-with-ruby-and-udp-399.html
mentions ruby+punching in a few code lines, if interested :)
-Roger

That''s nice, but it''d really be better if it were a proper
STUN
implementation...

On Dec 29, 2007 6:37 PM, Roger Pack <rogerpack2005 at gmail.com> wrote:
> > Note that TCP hole punching also exists but it''s not as
effective as it
> > depends much more on the NAT implementation. See the chapter 4 of this
> [1]
> > paper for more details.
> >
> > Cheers,
> > Matthieu
> >
> > [1] http://www.brynosaurus.com/pub/net/p2pnat/
>
>
>
http://www.rubyinside.com/skype-style-firewall-busting-with-ruby-and-udp-399.html
> mentions ruby+punching in a few code lines, if interested :)
> -Roger
> _______________________________________________
> Eventmachine-talk mailing list
> Eventmachine-talk at rubyforge.org
> http://rubyforge.org/mailman/listinfo/eventmachine-talk
>


--
Tony Arcieri
ClickCaster, Inc.
tony at clickcaster.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://rubyforge.org/pipermail/eventmachine-talk/attachments/20071231/d3ea33e6/attachment.html