Hole punch
Hole punching is a technique with which a UDP connection can be established between two computers, even if both are behind restrictive firewalls . It is a special case of tunneling .
This technology is used for applications such as online games , peer-to-peer networks and IP telephony . Both clients establish a connection with an open third computer, which thus knows the IP addresses and port numbers of both clients. The server forwards this information to the other client. Both clients now each send a UDP packet to the other client. It is essential that the sender's own stateful packet inspection firewall generates a rule that allows the recipient to receive 'replies' in the further course of the process. (The content of the packet, on the other hand, is insignificant and is ignored by the target computer - if the packet even passes the firewall of the target computer.) After this initial handshake, both clients can communicate with each other directly via UDP. If a connection-oriented protocol is necessary, no TCP communication can take place, as the firewall monitors this and immediately closes unanswered connection attempts . If the transmission of the packets is to be ensured, the application must implement its own protocol, which uses the UDP stack for communication.
example
Alice wants to send files directly to Bob. To do this, they use a client with a server infrastructure. The server infrastructure has a registration server available at the address 1.2.3.4.
Alice and Bob are both logged on to this server. Alice sends an exchange request with the content of your IP address and desired port (IP 2.2.2.2, port 49000) for Bob to the server 1.2.3.4. Since Bob is also logged on to the server and has a connection to it, the server can reach Bob's client. Bob's client now sends a UDP packet from its IP (1.1.1.1) with the outgoing port 50000 to Alice (2.2.2.2:49000). This means that it waits for a response on its outgoing port. His firewall has to keep the port open for a certain period of time because, due to the properties of the UPD protocol, it cannot know exactly when the connection will end. However, the packet is initially blocked by Alice Firewall. Therefore Bob sends the statement to server 1.2.3.4 that he has opened port 50.000 on himself. Alice Client then receives the message to send a UDP packet from port 49,000 to Bob's IP (1.1.1.1, port 50000). Alice Client takes care of this and now also waits for a response, but here from Bob's IP address 2.2.2.2 from port 50000. This can now come and is no longer rejected by his firewall, thanks to the previously made hole. Bob's replies to Alice on port 49,000 also arrive and Alice can now send your files directly to Bob and Bob can confirm receipt directly.