今天临下班的时候Harry给我看了samy的博客，是关于私网使用UDP通信的，很有意思，我们两个稍微研究了一下原理。作者介绍说：

pwnat, pronounced "poe-nat", is a tool that allows anynumber of clients behind NATs to communicate with a server behind a separate NAT with *no* port forwarding and *no* DMZ setup on any routers in order to directly communicate with each other. The server does not need to know anything about the clients trying to connect.

Simply put, this is a proxy server that works behind a NAT, even when the client is behind a NAT, without any 3rd party.There is no middle man, no proxy, no 3rd party, no UPnP/STUN/ICE required, no spoofing, and no DNS tricks.

BTW，作者似乎是以前XSS蠕虫干掉过space.com那位，博客在http://samy.pl/pwnat/