| 摘要 |
A system and method for establishing and maintaining two-way peer-to-peer network communication between clients who are behind symmetric firewalls/NATs is presented (FIG. 7 ). In one exemplary embodiment, the inventive system discovery servers to ascertain the nature and port-mapping metrics of a given client's firewall/NAT. A systematic, multiple UDP Hole Punch method is employed for ports within a predicted range, and the source port of the first successful forwarding of an inbound packet is used by the client for subsequent outgoing traffic. Preferably, the method occurs symmetrically, thus ensuring that both clients' firewalls receive packets for which the source/destination ports and source/destination addresses fully-tuple-match with a previous client request originating from within the protected network, and therefore forwards packets to the respective clients successfully (peer-to-peer). In additional, the system and method allows monitoring, management, and prevention of connections by firewall/NAT administrators.
|
