MikeWang000000
通过-b指定端口肯定不能成功打洞
å®è£ natterççµèå·²ç»å ³éé²ç«å¢ï¼è®¾ç½®ä¸ºdmz主æºï¼ä¸æå®ç«¯å£è¯å®å¯ä»¥ææ´ï¼éè¿-bæå®ç«¯å£è¯å®ä¸è½æåï¼æ±è§£
python3 natter.py
2025-05-07 17:38:58 [I] Natter v2.1.1
2025-05-07 17:38:58 [I] Tips: Use --help to see help messages
2025-05-07 17:39:02 [I]
2025-05-07 17:39:02 [I] tcp://192.168.1.20:37665 <--Natter--> tcp://117.181.245.187:63754
2025-05-07 17:39:02 [I]
2025-05-07 17:39:02 [I] Test mode in on.
2025-05-07 17:39:02 [I] Please check [ http://117.181.245.187:63754 ]
2025-05-07 17:39:02 [I]
2025-05-07 17:39:02 [I] LAN > 192.168.1.20:37665 [ OPEN ]
2025-05-07 17:39:02 [I] LAN > 192.168.1.20:37665 [ OPEN ]
2025-05-07 17:39:02 [I] LAN > 117.181.245.187:63754 [ OPEN ]
2025-05-07 17:39:03 [I] WAN > 117.181.245.187:63754 [ OPEN ]
2025-05-07 17:39:03 [I]
python3 natter.py -b 42333 -v 2025-05-07 17:40:32 [I] Natter v2.1.1 2025-05-07 17:40:32 [D] stun: Got address tcp://117.181.245.187:63776 from tcp://fwa.lifesizecloud.com:3478, source tcp://192.168.1.20:42333 2025-05-07 17:40:32 [D] keep-alive: Connected to host tcp://www.baidu.com:80 2025-05-07 17:40:35 [D] keep-alive: OK 2025-05-07 17:40:35 [D] stun: Got address tcp://117.181.245.187:63776 from tcp://fwa.lifesizecloud.com:3478, source tcp://192.168.1.20:42333 2025-05-07 17:40:35 [I] 2025-05-07 17:40:35 [I] tcp://192.168.1.20:42333 <--Natter--> tcp://117.181.245.187:63776 2025-05-07 17:40:35 [I] 2025-05-07 17:40:35 [I] LAN > 192.168.1.20:42333 [ CLOSED ] 2025-05-07 17:40:35 [I] LAN > 192.168.1.20:42333 [ CLOSED ] 2025-05-07 17:40:36 [I] LAN > 117.181.245.187:63776 [ CLOSED ] 2025-05-07 17:40:39 [D] port-test: ifconfig.co: b'HTTP/1.1 200 OK\r\nDate: Wed, 07 May 2025 17:40:39 GMT\r\nContent-Type: application/json\r\nContent-Length: 68\r\nConnection: close\r\ncf-cache-status: DYNAMIC\r\nReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bb8ON1H0sFKeZobuxHowuEYt2KuxM6JSXzs9jRnSC9NqApIbZ4ubwP5Ur8JFB7kAAQmqHD1qwVjVne8L9VnADNb5c8NIJb%2FzdJJVLjJPwovZI%2FuRT76g5t%2B9eqkUTg%3D%3D"}],"group":"cf-nel","max_age":604800}\r\nNEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}\r\nServer: cloudflare\r\nCF-RAY: 93c280e3ae0bcba4-LAX\r\nalt-svc: h3=":443"; ma=86400\r\nserver-timing: cfL4;desc="?proto=TCP&rtt=174352&min_rtt=174352&rtt_var=87176&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=112&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"\r\n\r\n{\n "ip": "117.181.245.187",\n "port": 63776,\n "reachable": false\n}' 2025-05-07 17:40:44 [D] port-test: portcheck.transmissionbt.com: b'HTTP/1.1 200 OK\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Wed, 07 May 2025 17:40:44 GMT\r\nContent-Type: text/html; charset=ISO-8859-1\r\nConnection: close\r\n\r\n0' 2025-05-07 17:40:44 [I] WAN > 117.181.245.187:63776 [ CLOSED ] 2025-05-07 17:40:44 [W] !! Target port is closed !! 2025-05-07 17:40:44 [I] 2025-05-07 17:40:47 [D] keep-alive: OK 2025-05-07 17:41:02 [D] keep-alive: OK 2025-05-07 17:41:17 [D] keep-alive: OK 2025-05-07 17:41:32 [D] keep-alive: OK
只有什么参数都不指定的时候,才会自动开启测试模式 ;) 不然 Natter 就和你的应用抢端口了。
指定 -b 42333 实际上是直接对本地 42333 端口打洞,但是这个端口没有运行任何服务,所以报 [W] !! Target port is closed !!。
如果还是只想测试一下,指定测试模式(-m test)就行,来试试这个:
python3 natter.py -m test -b 42333 -v
感谢大佬,使用python3 natter.py -m test -b 42333 -v成功了,但是42333端口没有服务,28456端口有服务,会报错,使用python natter.py -m none -b 28456也不行 python3 natter.py -m test -b 28456 -v
2025-05-08 03:47:58 [I] Natter v2.1.1
Traceback (most recent call last):
File "natter.py", line 1849, in
这种情况也是存在的,因为应用端口 28456 是独占的,除非应用代码设置了 SO_REUSEADDR ,允许其他程序使用相同端口。
独占的情况下。其他程序使用就会报错。这也是 Natter / NATmap 需要加一层转发的原因。
所以一般情况就是:-p 的端口转发到 -b 的端口上,然后再由 Natter 打洞出去:
python3 natter.py -b 42333 -p 28456 -v
最近我在开发一个工具,用于注入目标应用,强行让他不去独占端口,这样我们就可以直接 -b 打洞而不加一层转发。
https://github.com/mikewang000000/bindhook
目前处于初期阶段~ 还没有发布。
感谢,我关闭路由的DMZ,upnp,虚拟机防火墙打开6006,42333,在路由添加端口转发规则 192.168.1.86 42333 42333 TCP,
运行python3 natter.py -b 42333 -p 6006,可以正常穿透访问6006端口的服务