Sign in to follow this  
ben11587

Programming a connection to a user on a private network

Recommended Posts

ben11587    122
Hi, how does one program a connection to a computer if it's on its own network that you are not on? That is, a computer with a local address of 192.168.0.2 but an IP address of 68.3.128.4. How do you connect to that computer? I'm using Winsock, not Berkely, but i don't think that matters.

Share this post


Link to post
Share on other sites
hplus0603    11347
You either do port forwarding from the firewall that does NAT for the private network, or you use a third, "introducer" server to do NAT punch-through. See the Forum FAQ for more details.

Of course, if the private network isn't actually routable to the public internet, then you can't actually get to it -- there needs to be a working connection for the bits to travel through :-)

Share this post


Link to post
Share on other sites
ben11587    122
That's the very best Forum FAQ i've ever seen. Very informative.
However, it did not solve my problem: i am trying to code a program that connects one person's home computer (in a network) to someone else's home computer (in a different network). I don't have the luxury of an external intermediary/introducer server to connect the two computers together-- both computers are behind NAT. Is there any hope?

Share this post


Link to post
Share on other sites
A dam    130
I don't know a lot about it, but windows comes with "remote assistance"
I've never used it before but I'm assuming it allows people behind routers to use it with out setting it up for port forwarding. If that's the case then there must be another way of doing this?
please someone correct me if I'm wrong on this.

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by A dam
I don't know a lot about it, but windows comes with "remote assistance"
I've never used it before but I'm assuming it allows people behind routers to use it with out setting it up for port forwarding. If that's the case then there must be another way of doing this?
please someone correct me if I'm wrong on this.

You're wrong on this. Remote Assistance can use uPNP to setup port forwarding, and can connect in either direction, but it's not magic. If both parties have NAT gateways and neither one supports uPNP, you're hosed.

Share this post


Link to post
Share on other sites
A dam    130
Quote:
Original post by Sneftel
You're wrong on this. Remote Assistance can use uPNP to setup port forwarding, and can connect in either direction, but it's not magic. If both parties have NAT gateways and neither one supports uPNP, you're hosed.


well there i go, assuming Microsoft can do magic tricks again... but with all the horrible and unexplainable things my vista box does, it's hard not to imagine that they hire obscene wizards to write their code.

Share this post


Link to post
Share on other sites
Antheus    2409
Quote:
Original post by A dam
Quote:
Original post by Sneftel
You're wrong on this. Remote Assistance can use uPNP to setup port forwarding, and can connect in either direction, but it's not magic. If both parties have NAT gateways and neither one supports uPNP, you're hosed.


well there i go, assuming Microsoft can do magic tricks again... but with all the horrible and unexplainable things my vista box does, it's hard not to imagine that they hire obscene wizards to write their code.


Joel did an intern project last year that was aimed at solving the randevous problem. They host the server to make that happen.

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by A dam
well there i go, assuming Microsoft can do magic tricks again... but with all the horrible and unexplainable things my vista box does, it's hard not to imagine that they hire obscene wizards to write their code.
Now, to be fair, they DO do the UPNP trick, which is almost magic. More and more routers are shipping with it defaulting to enabled, so any software which would like to do port forwarding should probably be trying UPNP.

Share this post


Link to post
Share on other sites
hplus0603    11347
uPNP is a terrible solution.

First, it will allow any worm-like program that goes into your network to actually create a whole for itself in your firewall. It's almost like you don't have one!

Second, it only supports a single host forwarding a single port. What if the same program lives on two separate machines? Both can't do it. Meanwhile, an introducer server solves that problem, because it doesn't rely on fixed port numbers.

Share this post


Link to post
Share on other sites
A dam    130
Quote:
Original post by hplus0603
uPNP is a terrible solution.

First, it will allow any worm-like program that goes into your network to actually create a whole for itself in your firewall. It's almost like you don't have one!

Second, it only supports a single host forwarding a single port. What if the same program lives on two separate machines? Both can't do it. Meanwhile, an introducer server solves that problem, because it doesn't rely on fixed port numbers.


but generally (and unfortunately) for the average home user, convenience > security.

Share this post


Link to post
Share on other sites
ben11587    122
Soooo... i know it's terrible of Windows to implement such a horrible, no-good, very bad thing as uPNP... but that shouldn't stop me from taking full advantage of it, should it?

Share this post


Link to post
Share on other sites
A dam    130
Quote:
Original post by ben11587
Soooo... i know it's terrible of Windows to implement such a horrible, no-good, very bad thing as uPNP... but that shouldn't stop me from taking full advantage of it, should it?


as was earlier made clear, I'm not exactly an expert on uPNP, but I would assume (damn my assuming) that using uPNP will only be effective if
A) the router supports it,
and B) It's enabled on the router.

after what the knowledgeable hplus has written, it is no longer enabled on my router.

Share this post


Link to post
Share on other sites
Sneftel    1788
Quote:
Original post by hplus0603
First, it will allow any worm-like program that goes into your network to actually create a whole for itself in your firewall. It's almost like you don't have one!

The whole idea of a firewall is to keep threats out. If your computer is compromised, you're already hosed, regardless of whether you can create a listening port. Besides which, relatively few things that hackers use zombie machines for involve the need to create a listening port.

Share this post


Link to post
Share on other sites
hplus0603    11347
Quote:
The whole idea of a firewall is to keep threats out.


Actually, firewalls can be instrumental in keeping compromises to small levels. I know of several production sites that only allow very specific ports in and out, and where this has helped reduce impact in the case of compromise. If you can't put up a torrent server, for example, your home is less likely to be raided by the FBI :-)

Even the word "firewall" comes from construction: if there are fire-resistant walls between apartment buildings, then a fire in one building will not spread to the next building. Using firewalls only to prevent a first-order attack means not taking advantage of all the protection you can get, IMO.

Then again, most home users probably only use a firewall to allow them to connect multiple hosts to a single internet connection, and don't really know anything about security :-(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this