control without port forwarding

[arjena]

OK, I've done some testing. I've set up my linux box to have Apache also listen to a non standard port. Next I wrote a sketch combining client and server sending and receiving on that same port. So when the client on the Arduino connects to my Linux box, it requests a php script that stores the ip address the Arduino is behind and then a second script attempts to connect on that address. I was hoping that since a connection is made on a specific port the "return call" would be forwarded by my router to the Arduino, but no luck. Apparently this ultra simple TCP-hole punching does not fool my router. It works if I forward the port on my router to the Arduino, so my sketch and php script(s) work, but without the port forwarded the router simply ignores the attempts to connect to the Arduino.
I have looked at the examples from ksduino and bitlash but those are a bit beyond my comprehension. I sort of get the Arduino side of those, but the server side is not clear to me.
Next step is trying to do implement UDP hole punching on the Arduino.
Keep you posted,

A

[SurferTim]

With server code and without port forwarding, you are hitting a brick wall.

You could try moving the Arduino to the public side of your router, but then you would need to use some type of firewall/password code on the Arduino, or every hacker in the world will be turning your lights on and off, or opening and closing you garage door, or whatever the Arduino is supposed to be doing.

[arjena]

What do you mean by 'the public side of the router'?
The security is of course a problem and one of the reasons I'd like to communicate with the arduino without port forwarding. Because if I open a port on my router the arduino is also accessible by hackers. I can use a non-standard port and use 'complicated' POST commands so the arduino only responds to a command with some kind of password build in, but if a hacker wants access he/she will get it in the end...

[SurferTim]

The public side of the router is the WAN interface (connects to the internet). You could put a switch or hub between your DSL or cable modem and the router, and connect the Arduino to it. You could access it from the localnet of the router, and the internet using the public ip. Some ISPs are kinda fussy about issuing multiple public ips on one modem tho.

[arjena]

Extra difficult if the (cable-)modem and router are combined in one box, as they usually are here on most home-connections.
I'm not giving up on UDP hole punching yet, if only because I learn a lot in the process.

Tnx,

Arjen

[SurferTim]

I'm not giving up on UDP hole punching yet, if only because I learn a lot in the process.

Did I mention "brick wall"? And you will learn a lot.  

edit: You can try to fool the router if it has connection tracking enabled. That will allow the port to be forwarded automatically to an internal ip for a few seconds to permit UDP packets like dns and ntp to work, but that is temporary, like 10 seconds or so.

[juliopaveif]

I've hit the exaact same problem, I was going to try hole punching here too. Any luck there?

My ip on the web is actually my ISP ip, which is making me unable to connect the arduino. I tried ksduino but it didn't work with me.

Any news on the subject?

Thanks!!

[mdendzik]

You can use websocket connection. Pusher app is a nice service which enables to do a lot of cool stuff without the need of port forwarding.
Recently, I've made a project using Pusher:
http://www.maciekdendzik.comeze.com/wifly.html