> Typical NAT routers don't handle self-referencing IPs well. In other > words, if my NAT router's WAN address is 123.45.67.89 and a LAN machine > (say, 10.10.10.1) tries to talk to 123.45.67.89:4321, it will fail. I'm > using a SonicWall SOHO firewall/router, and this is the case with it. I > believe Linksys and the other really common ones behave similarly. It's > annoying, but true.
Sounds broken to me. I'm currently behind a cheaper than cheap Belkin all-in-one 802.11b/DSL/Ethernet Router/NAT box and I can telnet to my freenet node using the internet IP address just fine. A tracert shows that resolution stops at the nat box without going into the outside world. > The bottom line is: A local machine with NAT cannot reliably figure out > what routable IP it has without outside help. Luckily, we have a network > of outside help, and seed nodes are required for anything to work, so we > just need our protocol to handle some form of, "What IP do I look like?" > "You look like IP such-and-such." Eerr, did you forget what I was originally commenting on? I never ever suggested a NATd freenet node could figure out its internet IP address without outside help. I suggested in fact almost exactly what you say in the above paragraph, except with a tweak to prevent believing evil seednodes that could be lying: A asks B, what is my IP B replies with aaa.bbb.ccc.ddd A generates a new, random, public/private key pair A connects to http://aaa.bbb.ccc.ddd:ppppp/servlet/self where ppppp is A's FNP port and 'self' is the new servlet I proposed that generates a printable ASCII page containing a trivial message (e.g. "This Is Me") encrypted using the public key. A then decodes the message using the private key to see if the IP address reported by B was in fact correct. If B told A the wrong IP address (maliciously or otherwise) and A began to advertise that as its contactable address, A would effectively be cut out of the network. Without validation of the IP address, all it would take is a few mailicious nodes to cut out all the reliable nodes from freenet. And that is all I was saying. d _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
