* toad <toad at amphibian.dyndns.org> [2006-11-30 19:47:22]: > On Thu, Nov 30, 2006 at 04:23:13PM +0100, Florent Daigni?re (NextGen$) wrote: > > * toad <toad at amphibian.dyndns.org> [2006-11-30 02:27:03]: > > > > > We discovered what the problem with my connection to sbc was. It was a > > > corporate NAT that rewrites the source port, but doesn't then reroute > > > packets to the new port to the original port. I have introduced a new > > > peer parameter, ignoreSourcePort, which can be set on a specific peer > > > from the dropdown box at the bottom of the darknet page. When this is > > > set, a workaround is instigated, which allows us to connect to such > > > nodes. Each of sbc's peers must set this flag on sbc. At present this > > > is purely manual; some time in the distant future auto-detection code > > > may be introduced. (bug #945). > > > > > > Should we allow users to set this, and allowLocalAddresses, from the > > > non-advanced darknet page? > > > > I'm against it ... because most users won't know when they ought to > > enable it ... and if they do whereas it's not needed it will break > > connectivity with "PATed" peers. > > Only when their peer is behind a corporate firewall.
The problem is it doesn't mean they will need it... Asking the user whether he is behind a corporate firewall or not is doable ... asking him to notice the difference between "with source port rewriting" and without isn't. -- NextGen$. "On peut ob??r aux lois en souhaitant qu'elles changent, comme on sert ? la guerre en souhaitant la paix." Merleau Ponty - L'?loge de la philosophie
