[Twisted-Python] Punching a firewall with (or without) Twisted - the plot thickens

Stefan Reich wertiges.produkt at googlemail.com
Thu Jun 17 12:53:00 MDT 2010


lasizoillo wrote:
> I don't know if this is Deluge's method, but sounds interesting:
> http://samy.pl/natpin/?port=80
>   
Hm. That's another kind of hack, and it didn't work for me.
> If you don't want see deluge code, maybe you want use a sniffer.
> Wireshark is great for these things ;-)
> http://www.wireshark.org/
>   
Wireshark! What a nice tool that wasn't on my radar before. Thanks for 
this, it really helped.

Using Wireshark, I found out that both Bittorrent and Deluge talk to the 
gateway via UPNP for opening the port. It all works over HTTP, so it's 
really easy to see what's going on.

These are the steps:

1. Find out the gateway IP (192.168.0.1 or some such)

2. GET http://{gateway}/desc.xml. This makes the gateway print some 
information about itself (make & model and so on). Not sure why this is 
needed. Maybe the protocol is different for different gateways. Or to 
make sure that there is a gateway at all. Or maybe there is some detail 
information in there that is needed for the next steps.

3. Also sent to the gateway: POST /upnp/control3 with some XML/SOAP data 
containing a command called AddPortMapping.

It looks really easy, like you could reprogram this in a few lines, with 
a SOAP library, or even just manual XML. There's also a command called 
DeletePortMapping for proper cleanup.

And it seems like Twisted may actually not even be involved in Deluge's 
port opening code.

Ah. I'm really quite satisfied. I heard that there are tricks to open 
firewalls (Skype's been doing this for ages), but I didn't know that 
there is such an elegant solution.

Cheers and thanks for the hints,
Stefan




More information about the Twisted-Python mailing list