From owner-freebsd-net@FreeBSD.ORG Sun Nov 27 21:10:32 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A2EF316A41F for ; Sun, 27 Nov 2005 21:10:32 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn.pobox.com (thorn.pobox.com [208.210.124.75]) by mx1.FreeBSD.org (Postfix) with ESMTP id 81F9A43D76 for ; Sun, 27 Nov 2005 21:10:30 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from thorn (localhost [127.0.0.1]) by thorn.pobox.com (Postfix) with ESMTP id E288A108; Sun, 27 Nov 2005 16:10:39 -0500 (EST) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by thorn.sasl.smtp.pobox.com (Postfix) with ESMTP id 9902C836; Sun, 27 Nov 2005 16:10:38 -0500 (EST) Received: from lists by mappit.local.linnet.org with local (Exim 4.54 (FreeBSD)) id 1EgTmo-0008I7-Nd; Sun, 27 Nov 2005 21:10:14 +0000 Date: Sun, 27 Nov 2005 21:10:14 +0000 From: Brian Candler To: Julian Elischer Message-ID: <20051127211014.GA31851@uk.tiscali.com> References: <43894FC9.6040205@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <43894FC9.6040205@elischer.org> User-Agent: Mutt/1.4.2.1i Cc: net@freebsd.org Subject: Re: proposal: TCP rendevous X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 21:10:32 -0000 On Sat, Nov 26, 2005 at 10:18:49PM -0800, Julian Elischer wrote: > In this world of P2P apps it would be neat to have a way that two P2P apps > could attach to each other even though each is through a firewall. Most > firewalls only allow > "outgoing" connections. > > It would of course be possible via a 3rd party relaying but that is > inneffieient and the throughput > would be limited by throughput limits on the 3rd party link. > > It must be possible, with the connivance of a 3rd party both parties > could be able > to make suitable 'OUTGOING' connections. > The 3rd party would spoof needed packets using information supplied > by the two parties. See this: http://samy.pl/chownat/ (Haven't tried it myself, but came across it on Freshmeat a while ago. I imagine it must rely on the NAT firewalls not changing the source UDP port unless they have to)