On Mon, Jul 29, 2002 at 11:50:54PM +0300, Mika Hirvonen wrote: > On Mon, 29 Jul 2002, Oskar Sandberg wrote: > > > Freenet DOES NOT WORK behind a NAT "firewall" if you do not tunnel (by > > port forwarding.) It does not work, period, transient or not. > > Masquerading NATs do allow transient nodes to work normally, though.
NO! Don't tell me how it works - I wrote the code in question and the protcol specification. A Freenet node, transient or not, needs to be able to accept new TCP connections from the Internet to work. A host behind a Masquerading NAT cannot do this (unless it has a port foward), so it will not work. Since connections are cached for some time after they are created, it may appear that it works, since some of the time reponses to requests will be sent over the connection that the masqueraded host established to send the request - but this is not always the case. Any time the established connection is busy (sending data for another request for example) when the peer attempts to respond to the masqueraded node it will attempt to make a new connection and fail. Any time the connection has already been closed (busy nodes do not keep idle connections open long - usually no more than 5-10 seconds), the peer will attempt to make a new connection and fail. These are not unusual or esoteric situations, they will occur more often than not. To the user, they manifest themselves simply as a lot timeouts and retries - and in the end they might get lucky, or they might not. A quick look through a public nodes contact attempts shows tons of entries like this: 356 0 0 tcp/192.168.20.12 Showing it has failed to connect to that node 356 times. This is not a non-transient node that it is trying to route to - the node is not dumb enough to try a broken route 356 times - this is a transient node that didn't received the response it was due 356 times. The myth that transient nodes work behind firewalls is hurtful to users whose time is wasted through frustrating performance (as if it isn't bad enough as it is) and hurtful to the network since the public nodes resources are wasted on failed connection attempts and pointless requests. Please stop perpetuating it. <> -- Oskar Sandberg [EMAIL PROTECTED] _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl