IPv4 需要 NAT 来保护地址。NAT 的防火墙特性也有利于安全。IPv4 NAT 防火墙规则是“阻止传入数据包remote-address:port -> local-address:port,除非local-address:port -> remote-address:port在最后 X 秒内发送传出数据包”。
对于点对点 UDP 应用程序,这需要介绍服务器来进行 NAT 打孔。对于Client连接到Server(包括有防火墙的NAT后面,FW),我们需要进行如下操作的情况发生:
periodic
keep-alive
Introducer <------>
Client FW FW Server
------------------------------------------
request
introduction
-------> Introducer
Client FW FW Server
--------------------->X
request connection
------------------------------------------
notify
introduction
[Client address:port]
Introducer ------->
Client FW FW Server
------------------------------------------
Client FW FW Server
<---------------------------
hello
------------------------------------------
Client FW FW Server
--------------------------->
request connection
------------------------------------------
Client FW FW Server …