forward traffic from port X to computer B with c# “UDP punch hole into firewall”

Question

I need to establish a tcp connection from my house computer to my office computer.

on the office there is a router where several computers are connected to. that rou

Answer 1

TCP hole punching frequently doesn't work. You're best bet is to stick to UDP hole punching. If you need TCP-like behavior, you can use RDP or a similar protocol that gives you TCP behavior but can use UDP as its transport.

The other approach is to relay all traffic through the server. Each host can connect to the server and the server can copy traffic from one connection to the other.

The best solution would be if you can get some support from the routers such as port forwarding or UPnP.

Answer 2

Your new work router has probably got UPnP disabled, hence your null reference.

Without this your server cannot be made visible to inbound traffic as the router doesn't know where to send the inbound packets. In this case the router acts as a firewall blocking the incoming traffic to your server.

The basic ways around this are:

1) open up UPnP

This enables your application to instruct the router how to forward inbound traffic back to your server.

2) set up a port forwarding

As above by manually configuring the router.

3) make your work server the client

Routers work by allowing outbound connections to initiate the connection. It remembers the return address, rewrites the externally visible IP, and provides an unused port for external traffic to talk back on (NAT). This allows outbound requests to establish communication with the outside and bypass the firewall. If your home IP is fixed you could setup a client at work that tries to call home on a schedule (until you start the server and can establish the connection).

4) use P2P (mediation server)

I'm not sure where you would begin with this, but the principle is this. It usually works on a single UDP port. A server that is not behind NAT is used for establishing connections. The clients send their IP to the server in a UDP packet, and the router rewrites the UDP header with the router return address. The server takes this data and sends it to other peers. With everyone now knowing each others return address, they can send TCP traffic directly to each other and the server steps out of the way.

There's some really good article here regarding the basics of NAT, explained in simple terms. And a good article here which explains how P2P leverages NAT to bypass firewalls.

Hope this gives you some ideas.

Answer 3

You could write your own proxy:

Server: Listen on 1300 for connection from A, and on 1301 for connection from B. Keep a list of both connections, when you have at least one of each, create a proxy object. At this time you signal your connection from B that you have a connection, which could be a signal byte or a port and even address to connect to. After that when you get data from A, send it to B. When you get data from B, send it to A.

Computer B: Program maintains a connection to port 1301 on Server. If the connection ever drops, re-establish it. When you receive a signal (could have address and port or just be an "I have a connection" byte), create a connection to the desired port and store the two connections in a proxy object. When you receive data from one, send it to the other. Since you're using that connection, establish a new connection to port 1301 on the Server to handle more.

You'll have to handle dropped connections of course, sending a keep-alive signal between the always-open pending connection between B and the Server will help.

Here's a sample class I wrote a long time ago to do the proxying. I don't have time to clean it up, but if you see TcpProxy that is a parent class that accepts a connection, the Client is the accepted connection and RemoteEndPoint is the end point to connect to. It also writes the data to a file and does some other stuff you can ignore.

Answer 4

There is an excellent article about UDP and TCP hole punching techniques.

http://www.brynosaurus.com/pub/net/p2pnat/

However, you need a well-known rendezvous server for this hole punching technique and I don't think you want to set it up.

By the way, you will want to double-check your company's policy about having your own server in the office. For security, I don't think a company allows an employee to set his or her own server inside.