2
If you send a packet to someone's router, it will most likely be rejected by either the router firewall or the router's NAT (if no port is forwarded). However, for a short time, your router will accept all incoming packets from the address of the router you just sent a packet towards.
In other words, your router's firewall is "hole-punched", regardless of whether your router utilizes NAT or has its firewall set to block all incoming connections.
Can Windows Firewall also be hole punched using the same method, since Windows Firewall may not allow incoming connections towards some programs?
Background reading
- P. Srisuresh, B. Ford, and D. Kegel (March 2008). "Techniques Used by P2P Applications to Traverse NATs". State of Peer-to-Peer (P2P) Communication across Network Address Translators (NATs). RFC 5128. IETF.
- hole punching. Wikipedia.
Raffat
Posted 2015-03-10T23:23:17.490
Reputation: 41
do you have any link on that. where you wrote " for a short time, your router will accept all incoming packets from the address of the router you just sent a packet towards." <-- any link on that? 'cos if it stops at the router and isn't forwarded to any computer then what's the difference? – barlop – 2015-03-10T23:51:26.193
@barlop I meant that the port from which the packet was going towards was forwarded. My bad. – Raffat – 2015-03-11T01:49:51.197
Do you have any link on that concept? (it'd be clearer to see what you are talking about) – barlop – 2015-03-11T10:38:16.423
@barlop: For the remote computer to respond to a connection request, its responses must be routed back to the connecting computer. This moment can be utilized (by predicting ports) to establish a connection. That’s what the OP meant. – Daniel B – 2015-03-11T22:03:01.443
@DanielB sounds interesting, does that procedure have a name so I can look it up? By the way, NAT aside, and with no router in the way, I think I once tried port scanning a >1024 port that a client opened, and it didn't come up as open. – barlop – 2015-03-11T23:02:15.103