在微軟的 NAT 技術文檔"How NAT Works"中可以發現:
http://technet2.microsoft.com/WindowsServer/en/library/0f4bad59-5237-4452-a693-708ac61fe1671033.mspx 如果無法打開, 你自己到微軟的網站搜索得到鏈結.
If a client on the private network makes a TCP connection to two different computers on the public network from the same source port, the NAT driver will choose different source ports for those mappings.
If a client on the private network sends UDP packets to two different computers on the public network from the same source port, the NAT driver will use the same source port for both mappings.
所以必須使用 UDP 穿透. TCP 穿透據說已經實現, 但是太依賴技巧性, 而且不成熟.
How NAT determines whether an inbound packet matches an existing dynamic or static mapping.
For UDP, however, an inbound packet must match only the protocol, destination address, and destination port of a mapping — the source address and source port of the packet are effectively ignored. This “loose matching behavior” applies only if the private port is greater than 1024. Allowing this behavior for ports below 1024 would introduce a security risk...
NAT 對內網同一個 IP:PORT 使用同一條映射, 所以任何機器都可以根據這條映射, 往內網 IP:PORT 對應的 公網 IP:PORT 發送 UDP 資料報(會被 NAT 轉發給內網 IP:PORT).
要讓其他人能知道這條映射, 內網 IP:PORT 只需要在 NAT 的 UDP idle-time 時間內往固定的外網伺服器發送報告, 外網伺服器就可以從 UDP 包中提取 公網 IP:PORT.
另外, 一篇 rfc 提出在P2P 如何穿過NAT: http://midcom-p2p.sourceforge.net/draft-ford-midcom-p2p-01.txt
沒有留言:
張貼留言