On Thu, Dec 13, 2012 at 06:38:03PM +0000, adrelanos wrote:
Have you considered Hole punching techniques? [1] TCP, UDP, ICMP hole punching... There are many techniques. I don't know if the WebSocket protocol would prevent it.
STUN [2] like techniques where a third non-firewalled server helps to traversal the NAT. (Only NAT, not used a proxy.)
pwnat [3] also looks interesting. It doesn't need a third server and lets connect two nat'ed machines with each other.
Better nat punching is on the 'future research' list.
The main challenge is that if you're trying to provide a circumvention system, then relying on a "reliably reachable third party" is exactly what you can't do.
Whether these various "look, no hands" punching tools and tricks can be done using only websockets on the remote side is a great question for somebody to answer.
See also Jake's NAT investigation tech report at http://research.torproject.org/techreports.html
(I'm cc'ing Christian Grothoff, as our resident nat punching expert.)
--Roger