-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 24 February 2003 01:23 pm, Dave Hooper wrote: > > Typical NAT routers don't handle self-referencing IPs well. In other > > words, if my NAT router's WAN address is 123.45.67.89 and a LAN machine > > (say, 10.10.10.1) tries to talk to 123.45.67.89:4321, it will fail. I'm > > using a SonicWall SOHO firewall/router, and this is the case with it. I > > believe Linksys and the other really common ones behave similarly. It's > > annoying, but true. > > Sounds broken to me. I'm currently behind a cheaper than cheap Belkin > all-in-one 802.11b/DSL/Ethernet Router/NAT box and I can telnet to my > freenet node using the internet IP address just fine. A tracert shows that > resolution stops at the nat box without going into the outside world.
Not all routers work like that. > > The bottom line is: A local machine with NAT cannot reliably figure out > > what routable IP it has without outside help. Luckily, we have a network > > of outside help, and seed nodes are required for anything to work, so we > > just need our protocol to handle some form of, "What IP do I look like?" > > "You look like IP such-and-such." > > Eerr, did you forget what I was originally commenting on? I never ever > suggested a NATd freenet node could figure out its internet IP address > without outside help. I suggested in fact almost exactly what you say in > the above paragraph, except with a tweak to prevent believing evil > seednodes that could be lying: > > A asks B, what is my IP > B replies with aaa.bbb.ccc.ddd > A generates a new, random, public/private key pair > A connects to http://aaa.bbb.ccc.ddd:ppppp/servlet/self where ppppp is A's > FNP port and 'self' is the new servlet I proposed that generates a > printable ASCII page containing a trivial message (e.g. "This Is Me") > encrypted using the public key. Servlets don't run on FNP. You mean a FNP packet. > A then decodes the message using the private key to see if the IP address > reported by B was in fact correct. > > If B told A the wrong IP address (maliciously or otherwise) and A began to > advertise that as its contactable address, A would effectively be cut out > of the network. Without validation of the IP address, all it would take is > a few mailicious nodes to cut out all the reliable nodes from freenet. And > that is all I was saying. And A needs to ask another node to do the verifying. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Wp+Jx533NjVSos4RAvGbAKCqTkRvWJSEKUZ7mqPGEVDD7UaEOQCeJLzv I8pygnaupcGUKcW+D66Tz40= =kRXm -----END PGP SIGNATURE----- _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
