All geek questions in one place

HTTP server for NAT

I am trying to make a server (apache) behind multilevel NAT accessible from the Internet.

Limitations:

  • Avoid the relay. There is a public server (we call it OldMan) for login / stun, but its throughput is too low for relay data transfer.
  • I do not have the right to configure NAT manually. 3. The user does not need to change his browser or device (ie. Works on android, ios and on any PC).

I tried UPnP , but only works on 1-layer NAT .

I tried to look for NAT bypass solutions for several months, but in vain.

I am studying STUN/TURN/ICE and trying to use pjsip (icedemo.exe + numb), however its stunning cannot penetrate 2-layer NAT.

I tried Mist, Pwnat, but no luck. And libjingle sounds like an API for creating a Gtalk extension, as I know ... (?)

I also tried to make VPN / N2N to solve this problem, but it will be a serious overload for a shared server. Any VPN client requires the server (OldMan server) to forward all packets to others, right?

Are there any solutions to solve this problem? HTTP server behind layered NAT.

By the way, if STUN / TURN / ICE works, my idea is this: is this possible?

  • The user has installed the application (for example: stun_browser_agent.exe)
  • enter user type in Chrome: 127.0.0.1:9999
  • Chrome is connected to the stun_browser_agent.exe daemon
  • connect to HTTP server with Stun protocol
  • The daemon on the Http server (for example: stun_apache_agent.exe) receives the entire message and passes it to the Apache daemon.
  • Apache will answer all http information -> stun_apache_agent.exe -> stun_browser_agent.exe -> chrome

Then we do not have to change the browser and Apache.

Any available resource that I can use to implement this?

Thank you for your patience.

+6
source share
2 answers

Do you have control over all NAT devices between this server and the "outside world"?

One approach is to configure an SSH tunnel between the Internet gateway router and your server.

The SSH tunnel will be initiated from your server and connected to sshd running on your internet gateway router. Use the SSH port forwarding features to redirect port 80 to the Internet gateway back to any Apache port running on your server.

Another approach would be to install sshd (or any other tunneling product) on any other server available on the public Internet. Start your connection to it from your server and use this connection to forward traffic from port 80 on this public server to your server.

The approach is basically the same: you need to initiate the configuration of the tunnel from your server and use this connection to forward traffic from the public server back to yours.

0
source

Configure each NAT device, starting with your Internet connection, to move to the next NAT device with the most internal NAT forwarding to the server.

Update : "2. I do not have the right to configure NAT manually." I don’t understand how you can have the right to start the server behind these NAT devices, but you do not have the right to configure port forwarding in them. Of course, the right to start the server includes the right to do what is necessary to start the server.

-1
source

Source: https://habr.com/ru/post/921376/

More articles:


All Articles