有没有办法测试计算机的连接是否受防火墙保护?
我正在编写一个P2P软件,它需要直接连接到互联网。它是分散的,因此没有永远在线的服务器可以与服务器的请求联系以尝试连接回它以观察连接尝试是否到达。
有没有办法测试连接的防火墙状态?
我在想,在我的梦想之地,愿望是马,会有某种第三方的、公共的、已经存在的服务器,我可以向它们发送某种简单的命令,它们会发送一个特殊的 ping 回来。然后我可以简单地监听是否到达并知道我是否位于防火墙后面。
即使这样的事情不存在,是否还有其他可行的路线?
I'm writing a piece of P2P software, which requires a direct connection to the Internet. It is decentralized, so there is no always-on server that it can contact with a request for the server to attempt to connect back to it in order to observe if the connection attempt arrives.
Is there a way to test the connection for firewall status?
I'm thinking in my dream land where wishes were horses, there would be some sort of 3rd-party, public, already existent servers to whom I could send some sort of simple command, and they would send a special ping back. Then I could simply listen to see if that arrives and know whether I'm behind a firewall.
Even if such a thing does not exist, are there any alternative routes available?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Nantucket - 你们的服务监听 UDP 还是 TCP?
对于 UDP - 您所描述的是 STUN 协议 的设计目的。它符合您的定义“某种简单的命令,它们会发送一个特殊的 ping 回来”
STUN 是一个非常“类似 ping”(UDP)的协议,服务器可以将其回显给客户端它将客户端视为的 IP 和端口。然后,客户端可以使用服务器的响应,并将结果与其认为的本地枚举 IP 地址进行比较。如果服务器的响应与本地枚举的 IP 地址匹配,则客户端主机可以自行确定它直接连接到 Internet。否则,客户端必须假设它位于 NAT 之后 - 但对于大多数路由器来说,您刚刚创建了一个可用于其他 P2P 连接场景的端口映射。
此外,您可以在 STUN 中使用 RESPONSE-PORT 属性绑定服务器的请求以响应回不同的端口。这将有效地让您检测是否有防火墙。
TCP——这有点棘手。 STUN 可以部分用于确定您是否位于 NAT 之后。或者只是向whatismyip.com 发出http 请求并解析结果以查看是否存在NAT。但这变得很棘手,因为据我所知,互联网上没有任何服务可以测试与您的 TCP 连接。
考虑到上述所有情况,绝大多数宽带用户可能都位于同时充当防火墙的 NAT 后面。由他们的 ISP 或他们自己的无线路由器设备提供。即使不是,大多数操作系统都有某种最小的防火墙来阻止未经请求的流量。因此,P2P 客户端的局限性非常大,只能在直接连接上工作。
话虽如此,在 Windows(以及可能的其他操作系统)上,您可以对应用程序的安装包进行编程,使其可以向 Windows 防火墙注册,这样您的应用程序就不会被阻止。但如果您的目标不是 Windows,则可能需要要求用户手动修复其防火墙软件。
无耻插件哦。您可以使用这个开源 STUN 服务器和客户端库,它支持上述所有语义。如果您需要使用眩晕服务,请离线关注我。
Nantucket - does your service listen on UDP or TCP?
For UDP - what you are sort of describing is something the STUN protocol was designed for. It matches your definition of "some sort of simple command, and they would send a special ping back"
STUN is a very "ping like" (UDP) protocol for a server to echo back to a client what IP and port it sees the client as. The client can then use the response from the server and compare the result with what it thinks its locally enumerated IP address is. If the server's response matches the locally enumerated IP address, the client host can self determinte that it is directly connected to the Internet. Otherwise, the client must assume it is behind a NAT - but for the majority of routers, you have just created a port mapping that can be used for other P2P connection scenarios.
Further, you can you use the RESPONSE-PORT attribute in the STUN binding request for the server to respond back to a different port. This will effectively allow you to detect if you are firewalled or not.
TCP - this gets a little tricky. STUN can partially be used to determine if you are behind a NAT. Or simply making an http request to whatismyip.com and parsing the result to see if there's a NAT. But it gets tricky, as there's no service on the internet that I know of that will test a TCP connection back to you.
With all the above in mind, the vast majority of broadband users are likely behind a NAT that also acts as a firewall. Either given by their ISP or their own wireless router device. And even if they are not, most operating systems have some sort of minimal firewall to block unsolicited traffic. So it's very limiting to have a P2P client out there than can only work on direct connections.
With that said, on Windows (and likely others), you can program your app's install package can register with the Windows firewall so your it is not blocked. But if you aren't targeting Windows, you may have to ask the user to manually fix his firewall software.
Oh shameless plug. You can use this open source STUN server and client library which supports all of the semantics described above. Follow up with me offline if you need access to a stun service.
您可能会发现本文很有用
http://msdn .microsoft.com/en-us/library/aa364726%28v=VS.85%29.aspx
我会从每个操作系统开始,询问防火墙服务是否已打开 在。其次,我将尝试套接字连接并根据错误代码确定连接是否正在重置或超时。我只熟悉winsock 编码,所以对于Linux 或mac os 我不能说太多。
You might find this article useful
http://msdn.microsoft.com/en-us/library/aa364726%28v=VS.85%29.aspx
I would start with each os and ask if firewall services are turned on. Secondly, I would attempt the socket connections and determine from the error codes if connections are being reset or timeout. I'm only familiar with winsock coding, so I can't really say much for Linux or mac os.