
The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.

GPL-3.0 License




Author: Daniel Meekins Contact: dmeekins - gmail

Copyright (C) 2009 Daniel Meekins


This project tunnels TCP data through a UDP tunnel. The executable can act as the server or client. The server acts as a proxy for the client, listening on a specified UDP port and creating a connection to a TCP server that the client specifies. The client listens on a TCP port, acting as the server that some TCP client connects to. The client recevies any TCP data on that port and sends the data to the udpserver, which sends it to the TCP connection it made with the desired TCP server.

1.) Building

On *nix systems in Makefile, make sure that the correct value is set for the "OS" variable. Then just run 'make'.

On Windows, if using GCC in Cygwin, make sure the "OS" variable is set to CYGWIN in Makefile and run 'make'.

If using the VC++ compiler (cl.exe), make sure to be in the "Visual Studio Command Prompt", or at least have all the environment variables set correctly, then run 'nmake.exe /f Makefile.Win32'. Also make sure the location of WS2_32.Lib is specified correctly fo the LIBS variable.

2.) Running

usage: ./udptunnel -<s|c> [-6] -c client mode (default) : [local host] -s server mode : [host] port [[host]:[port] ...] -6 use IPv6 -h show this junks and exit

To run the server: udptunnel -s [-6] [host] port where the port is a UDP port to listen for messages from the udpclient and host is the address to listen on. Use the -6 option to listen on IPv6 addresses. Examples: udpserver -s 4444 udpserver -s -6 2001::10:3 4444

To run the client: udptunnel -c [-6] [local host] local host/port - Host and port for the TCP server to listen on. If the host isn't supplied, it will listen on all available addresses. proxy host/port - Host and port that udpserver is listening on. remote host/port - Host and port to forward the received TCP data to. The host is relative to the proxy machine (e.g. specifiying is the proxy machine itself). Use the -6 option to listen and connect using IPv6 addresses.

Example for tunneling ssh data through the tunnel between two computers with IP addresses (client) and (server):

server# ./udptunnel -s 4444
client# ./udptunnel -c 3333 4444 22
client# ssh -p 3333 [email protected]

Specified destination list: After the args in server mode, a list of hosts and ports can be included to control who the client tries to connect to. Current this doesn't work with IPv6 and no names are translated yet, so the destination host used in the client must be the same string as that used in the list.

This code has been tested and works on Linux, Solaris 10 x86, and Cygwin (but requires the IPv6 extension - Please send any bugs or issues to the contact listed above.