UDP hole punching

Discussion in 'LnS English Forum' started by nuser, Jun 11, 2007.

Thread Status:
Not open for further replies.
  1. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Hi, All,
    This is a 'general' question on LnS and UDP hole punching.
    Info about UDP hole punching can be found here:
    http://en.wikipedia.org/wiki/UDP_hole_punching

    General speaking,
    It allows an effective P2P connection for 2 clients both behind NAT.
    An example is Skype.:-*

    So, to make it work, client A (behind Nat A) should connects to a port of Nat B (say, 50000) and vice verse for client B.

    The question is:
    the port on Nat B (50000) is actually a random number and by default LnS blocks all other UDP connections except the allowed ones.

    So, to let these kinds of cnnections (Skype, etc ) fully work, seems LnS has to allow ALL UDP connections.

    Any comments, corrections would be greatly appreciated.:thumb:
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi nuser :)

    No Sir, no Sir, no Sir!

    Allowing all UDP connections ? Why ?

    The UDP connections specific to ANY programs must be controlled by YOU (with the help of your FW)....

    Some programs like Skype and eMule makes attempts to start connections (in TCP or UDP) from a random local port to a random remote port. This is unaccceptable, easy to forbid and this have no effect on the performances of these programs...

    The implementation is quite simple:

    1- Your rules set must used specific rules for applications

    2- The local and remote ports are controlled via these specific rules (TCP and UDP)

    3- A "garbage collector" rule is placed after the list of the specific rule to block all other connection for this specific application...

    Remember this ? :eek:

    {R.80443,02}; [TCP] { Http/Https Skype }
    followed by this garbage collector:
    {R..9999999}; [TCP] < Skype: forbidden ports ! >>

    and this

    {T. 4672,11}; [UDP] { eDONKEY - KAD }
    {T. 4672,10}; [UDP] { eDONKEY - list srvr }
    followed by this garbage collector:
    {T..9999999}; [UDP] < eMule Random Connections ! >>

    and both programs fully works... :D

    Have a nice day !
    :)
     
  3. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi Thomas M :)

    May be...

    I read (fast :rolleyes: ) the article you give in your post... looks good...

    On my side I guess I founded a way to have a better control over Skype:

    In UDP and TCP... (no more connections from random ports...) For the IP addresses this is an other story: Skype is a P2P program...

    I read the article in depth later...

    Take care.

    :)
     
  5. nuser

    nuser Registered Member

    Joined:
    May 31, 2007
    Posts:
    105
    Location:
    Singapore
    Thanks, Climenole, Thomas,:thumb:
    There would be a nightmare for LnS's UDP rule if:
    (1) Alice and Bob both behind NATs;
    (2) They want a P2P connection (Not thought relay of skype server)
    o_O
    Anyway, if LnS block ALL other UDP connections (by default), Alice and Bob can still speak to each other (in this case, the audio data are relayed by skype server).
     
Thread Status:
Not open for further replies.