From owner-freebsd-net@FreeBSD.ORG Sun Nov 27 22:21:05 2005 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8956416A41F for ; Sun, 27 Nov 2005 22:21:05 +0000 (GMT) (envelope-from julian@elischer.org) Received: from delight.idiom.com (outbound.idiom.com [216.240.47.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5B36A43D5C for ; Sun, 27 Nov 2005 22:21:04 +0000 (GMT) (envelope-from julian@elischer.org) Received: from idiom.com (idiom.com [216.240.32.1]) by delight.idiom.com (Postfix) with ESMTP id 40517223C86; Sun, 27 Nov 2005 14:21:04 -0800 (PST) Received: from [192.168.2.5] (home.elischer.org [216.240.48.38]) by idiom.com (8.12.11/8.12.11) with ESMTP id jARML3nH066017; Sun, 27 Nov 2005 14:21:04 -0800 (PST) (envelope-from julian@elischer.org) Message-ID: <438A314E.2090403@elischer.org> Date: Sun, 27 Nov 2005 14:21:02 -0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.11) Gecko/20050727 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Brian Candler References: <43894FC9.6040205@elischer.org> <20051127211014.GA31851@uk.tiscali.com> In-Reply-To: <20051127211014.GA31851@uk.tiscali.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: net@freebsd.org Subject: Re: proposal: TCP rendevous X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 22:21:05 -0000 Brian Candler wrote: >On Sat, Nov 26, 2005 at 10:18:49PM -0800, Julian Elischer wrote: > > >>In this world of P2P apps it would be neat to have a way that two P2P apps >>could attach to each other even though each is through a firewall. Most >>firewalls only allow >>"outgoing" connections. >> >>It would of course be possible via a 3rd party relaying but that is >>inneffieient and the throughput >>would be limited by throughput limits on the 3rd party link. >> >>It must be possible, with the connivance of a 3rd party both parties >>could be able >>to make suitable 'OUTGOING' connections. >>The 3rd party would spoof needed packets using information supplied >>by the two parties. >> >> > >See this: http://samy.pl/chownat/ > >(Haven't tried it myself, but came across it on Freshmeat a while ago. I >imagine it must rely on the NAT firewalls not changing the source UDP port >unless they have to) > > yes, which means it might unexpectedly fail.