Feature request: limit ports in clients for connecting to server or other clients for xtcp

[yuliu]

It'd be great to see UPnP is implemented as suggested in #1823 for xtcp.

Besides UPnP, there are two other features that are usually left behind in soho routers: port forwarding and port triggering. They're used for exposing certain ports of private hosts to another network separated by a NAT, eg. for FTP, IRC, etc.

If a frp client can use only allowed ports to connect to frp server or other frp clients, then at least these ports can be configured to be exposed to outer networks if we have permissions to set port forwarding or port triggering in our own router.

An example for IRC authentication using port triggering is here https://en.wikipedia.org/wiki/Port_triggering#Example

[fatedier]

Can you write a more detailed design?

[yuliu]

Well, I haven't read frp's code and don't know how frp clients communicate with frp servers or other frp clients. So, my idea would base on my imaginary understanding about xtcp and an understanding about port forwarding & port triggering that might be wrong.

port forwarding

Alright, here comes the idea. If we can configure the router with port forwarding for our frp clients, we may set it as follows:

	router port	frp client port	frp client
Port A	52201	52201	1
Port B	52301-52310	52301-52310	1
Port C	52202	52200	2
Port D	52311-52320	52301-52310	2

Then, if the router's WAN IP is x.x.x.x, then:

• frp client 1's port 52201 and 52301-52310 can be accessed via x.x.x.x:52201 and x.x.x.x:52301-x.x.x.x:52310.
• frp client 1's port 52201 and 52301-52310 can be accessed via x.x.x.x:52202 and x.x.x.x:52311-x.x.x.x:52320.

Here's an example of port forwarding configuration from my router:

port triggering

If we can configure the router with port triggering for our frp clients, we may set it as follows (settings may differ):

	router port	frp client port	frp client
Port A	52201	52201	1	triggering port
Port B	52301-52310	52301-52310	1	triggered by A
Port C	52202	52202	2	triggering port
Port D	52311-52320	52311-52320	2	triggered by C

Then, if the router's WAN IP is x.x.x.x, then:

• When frp client 1 opens an outbound port 52201, it'll trigger the router to open 52301-52310 to this client so that the client's relevant ports can be accessed via x.x.x.x:52301-x.x.x.x:52310 from outer network.
• When frp client 1 opens an outbound port 52202, it'll trigger the router to open 52311-52320 to this client so that the client's relevant ports can be accessed via x.x.x.x:52311-x.x.x.x:52320 from outer network.

Here's an example of port triggering configuration from my router:

Hope I make it right. As long as frp client's opened ports can be restricted and port forwarding/triggering of the router a frp client is behind can be configured to open these ports, this client will hopefully be accessible via the forwarded / triggered port from outside network. Then if at least one client, either the one running a service or the visitor, can be accessed from out of NAT, a P2P link between a service client and a visitor would probably be set up.