[ Full bottom quote below ]
> The sad part of this is that there is a standard solution to all of
> this, the same one that works for Skype and BitTorrent.
BitTorrent comes from an anti-authoritarian background and does its best
to defeat network security measures. I think Skype was originally
written by the same people. To a large extent they only work on
corporate networks if that network is not properly locked down.
> The next time the station checks in (about half the update interval on
> average) the server tells the station "connect to the operator's IP
> using these port numbers."
Which in the Starbucks example quoted will either not be open or will be
open to the laptop of a completely different customer at the coffee shop.
To accept incoming traffic through a NAT router, the router must either
be hard configured with the ports (port forwarding) or must know enough
about the protocol being used to infer the need to map the ports. In
the latter case, there will normally be a port number translation, so
the router will not only have to set up the incoming port, but also
translate the port number in the communication to the central server,
which is another reason it has to be aware of the protocol.
In that sort of public environment, which is not particularly worried
about network security, the most likely way to succeed would either
involve a permanent TCP connection to the central server, or frequent
polling of that server for incoming calls. The actual call can either
be relayed through the central server, or if one side has full control
of their connectivity, the more restricted side can call them.
The original Skype also borrowed the better connected, signed in, client
systems as relays for the traffic. That reduced the central servers
costs, which have to be paid for some way (e.g. Skypout).
For a home system that has to use NAT, but does have enough control of
its router to configure port forwarding rules, dynamic DNS, as mentioned
in other replies, is by far the simplest solution.
Incidentally, private addresses are a work round for limited number of
IP addresses, although they have also been used as a security measure.
Routers don't have to use them on the internal network. IPv6 should get
round the limit to the number of addresses, although another reason for
using dynamic addresses is to prevent low end product customers running
servers, so mass market ISPs may not offer their full benefits.
--
David Woolley
Registered owner K2 06123
On 20/12/13 17:46, Lynn W. Taylor, WB6UUT wrote:
I ran an internet service provider for a couple of decades.
The sad part of this is that there is a standard solution to all of
this, the same one that works for Skype and BitTorrent.
The radio end needs to send a message to some central server (run by
RemoteRig) that says "I'm on, my 'name' is N1AL" or whatever identifier
seems reasonable.
The server sees the message, gets the apparent public IP from the
header, and records it. The updates have to be every minute or two, but
they can be UDP to minimize bandwidth and connections.
The client (at Starbucks) sends a message to the central server saying
"I want to operate N1AL" and the server says "connect to this IP using
these port numbers."
The next time the station checks in (about half the update interval on
average) the server tells the station "connect to the operator's IP
using these port numbers."
Because the typical firewall opens up circuits for outgoing connections,
the NAT firewall at Starbucks and the NAT firewall at the station both
open the correct ports, thinking that they're connecting out, and not
realizing they're being tricked into allowing a connection in -- it's
okay because it has been coordinated through the central server.
No static IP addresses, no messing with port forwarding, no trying to
get your IT department to let you operate during your lunch break.
There are a few missing details, but that's how most everything else works.
-- Lynn
On 12/20/2013 5:15 AM, [email protected] wrote:
What was so bizarre in all this --- i should be able to take the K3/0
plus RemoteRig control box (RRC) to a local Starbucks and get on the
air using wifi.
______________________________________________________________
Elecraft mailing list
Home: http://mailman.qth.net/mailman/listinfo/elecraft
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[email protected]
This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html
