[freenet-support] Re: Freenet port usage
Hmm, still hadn't received a reply through a mailing list, so I'm answering by looking at the archive. Of course, all outgoing ports are open for an IP address that Freenet is bound to. The problem is that Freenet seems to listen for _incoming_ connections on absolutely random ports. I recall reading somewhere that this is a feature -Fred contacts another Freenet node with request for data then drops TCP connection and waits for incoming one from that node, so as to conserve TCP connections during long data searches and limit amount of traffic and resources required for maintenance of idle connections. This seems wise, but only in case if a single port (or a known range of ports) is used to handle such incoming connections. Basic security dictates that _all_ ports which aren't in definite use should be closed, and if this rule can't be followed with current Freenet operation, I'm afraid it could be a real security problem for all more or less secure environments. That's why I've asked if a knows range of ports exists for Freenet. I know Java a little bit, but I don't think I'll brave the code myself to find out exact port ranges (or if they're defined at all). If they aren't defined, maybe it would be possible to consider to make such an option? With best regards, Victor Denisov. ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] Re: Freenet port usage
Am 03.02.2003 10:07:31, schrieb bdonlan [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 03 February 2003 04:01 am, Victor Denisov wrote: Hmm, still hadn't received a reply through a mailing list, so I'm answering by looking at the archive. Of course, all outgoing ports are open for an IP address that Freenet is bound to. The problem is that Freenet seems to listen for _incoming_ connections on absolutely random ports. I recall reading somewhere that The port is selected randomly when you configure freenet for the first time and can be found in freenet.conf or freenet.ini. IIRC, it's 'listenPort', but I'm not sure. Yes, there's a line in the config file: # The port to listen for incoming FNP (Freenet Node Protocol) connections on. listenPort=XYZ It's a randomly chosen port by the setup or by the generation of the config file. This port is usually between 1024 and 65535, the node announce itself ONLY with the current IP address and the chosen FNP port. (that's a node reference, look in the seednodes.ref-file) Other nodes only tries to connect on the FNP-port. I see also a lot of listening ports between 1025 and 4500, but I don't know the reason. (see the attached text file) Client programs uses only 8481 for the Freenet Client Protocol (FCP), for the browser (-mainport) and 8891 for the distribution node (if not deactivated). this is a feature -Fred contacts another Freenet node with request for data then drops TCP connection and waits for incoming one from that node, so as to conserve TCP connections during long data searches and limit amount of traffic and resources required for maintenance of idle connections. This seems wise, but only in case if a single port (or a known range of ports) is used to handle such incoming connections. Basic security dictates that _all_ ports which aren't in definite use should be closed, and if this rule can't be followed with current Freenet operation, I'm afraid it could be a real security problem for all more or less secure environments. This situation IS a security problem. But read Freenet's port usage in my answer above. You only need to forward the FNP port to the Freenet node. That's why I've asked if a knows range of ports exists for Freenet. I know Java a little bit, but I don't think I'll brave the code myself to find out exact port ranges (or if they're defined at all). If they aren't defined, maybe it would be possible to consider to make such an option? With best regards, Victor Denisov. ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+PjFTx533NjVSos4RAqTnAJ4p7S3NcNBpneusAIf6EQzSCagfbACdEIx6 aZjzfykIpZMNlTdVuGDuUUY= =dTtp -END PGP SIGNATURE- ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support Description: ABHREN means listening, acer is the computer name. This file is the output of netstat -a Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status TCPacer:epmap acer:0 ABHREN TCPacer:microsoft-ds acer:0 ABHREN TCPacer:1025 acer:0 ABHREN TCPacer:1030 acer:0 ABHREN TCPacer:1385 acer:0 ABHREN TCPacer:2234 acer:0 ABHREN TCPacer:2984 acer:0 ABHREN TCPacer:3135 acer:0 ABHREN TCPacer:3143 acer:0 ABHREN TCPacer:3147 acer:0 ABHREN TCPacer:3191 acer:0 ABHREN TCPacer:3227 acer:0 ABHREN TCPacer:3305 acer:0 ABHREN TCPacer:3314 acer:0 ABHREN TCPacer:3350 acer:0 ABHREN TCPacer:3351 acer:0 ABHREN TCPacer:3356 acer:0 ABHREN TCPacer:3358 acer:0 ABHREN TCPacer:3363 acer:0 ABHREN TCPacer:3369 acer:0 ABHREN TCPacer:3374 acer:0 ABHREN TCPacer:3382 acer:0 ABHREN TCPacer:3385 acer:0 ABHREN TCPacer:3390 acer:0 ABHREN TCPacer:3393 acer:0 ABHREN TCPacer:3406 acer:0 ABHREN TCPacer:3417 acer:0 ABHREN TCPacer:3420 acer:0 ABHREN
Re: [freenet-support] freesite for Frost FEC
At 00.57 03/02/03 +, you wrote: Re [freenet-support] freesite .emsfile://D:\Mail\Attach\Re [freenet-support] freesite .ems 0880.0002 Personally I have never used Frost mainly because it uses Swing, which I'm using FIW, a swing application, with Kaffe 1.0.7, with only some warning messages in console will probably never be supported under Kaffe, but as freenet on kaffe is broken at the moment https://freenet.firenze.linux.it:1443 is happy to run on build 552; it is slow because run on a slow system; the memory profile and resource use of kaffe is far better respect sun jre. Take care of this compatibility; IMHO is more important then what the mean Freenet developer think. Ciao. Marco -- + il Progetto Freenet - segui il coniglio bianco+ * the Freenet Project - follow the white rabbit* * Marco A. Calamari[EMAIL PROTECTED] www.marcoc.it* * PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 * + DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B + ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] Fred on Mac OS9?
Hello Freenet people Is anyone running Fred or any of the java-based Freenet tools on Mac OS9? If so, please can you tell me how you managed it, or why it's impossible. (OS9 is limited to Java 1 it seems). If not, I'll keep tinkering and try to get it working myself. cheers Chris ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] Re: Freenet port usage
I'm sorry, I'm still to receive a single message from support mailing list... To continue discussion: --- Of course, all outgoing ports are open for an IP address that Freenet is bound to. The problem is that Freenet seems to listen for _incoming_ connections on absolutely random ports. I recall reading somewhere that The port is selected randomly when you configure freenet for the first time and can be found in freenet.conf or freenet.ini. IIRC, it's 'listenPort', but I'm not sure. --- [VD] That wasn't what I was trying to convey. Of course, FNP port, as defined by listenPort in freenet.ini, is open for incoming connections, and I see it as LISTENING as well. I also periodically see connections established at this port, so things are working as expected. In my case, Freenet creates a bunch of listening ports _in addition_ to FNP, Fproxy and other listed ports. Yes, there's a line in the config file: # The port to listen for incoming FNP (Freenet Node Protocol) connections on. listenPort=XYZ It's a randomly chosen port by the setup or by the generation of the config file. This port is usually between 1024 and 65535, the node announce itself ONLY with the current IP address and the chosen FNP port. (that's a node reference, look in the seednodes.ref-file) --- [VD] Yes, of course, this port is open for incoming connections. That's what the Freenet docs (however sparse) imply. Other nodes only tries to connect on the FNP-port. I see also a lot of listening ports between 1025 and 4500, but I don't know the reason. (see the attached text file) - [VD] I reckon these are ports opened by your node to wait when nodes it contacted will call it back with response to the query it sent into the network. - Client programs uses only 8481 for the Freenet Client Protocol (FCP), for the browser (-mainport) and 8891 for the distribution node (if not deactivated). - [VD] Absolutely correct. - this is a feature -Fred contacts another Freenet node with request for data then drops TCP connection and waits for incoming one from that node, so as to conserve TCP connections during long data searches and limit amount of traffic and resources required for maintenance of idle connections. This seems wise, but only in case if a single port (or a known range of ports) is used to handle such incoming connections. Basic security dictates that _all_ ports which aren't in definite use should be closed, and if this rule can't be followed with current Freenet operation, I'm afraid it could be a real security problem for all more or less secure environments. This situation IS a security problem. But read Freenet's port usage in my answer above. You only need to forward the FNP port to the Freenet node. - [VD] Hmm, my experimental evidence seems to contradict your point. First, strange ports you've listed (as well as those on my machine) are owned by javaw.exe, and Freenet happens to be the only java app on this machine. And second, when I block all ports, except defined ones, my Freenet performance degrades rapidly, with node coming to a halt with RNFs 95% of the time - this is an indication that there's a problem with request propagation in such configuration. Things get back to normal as soon as I allow all incoming connections again. So, allowing (or forwarding) only FNP port isn't enough :-(. I know how real developers despise support lists, but I hope that someone with code knowledge will be able to prove or disprove my point, or at least will point to a correct place to look in the source. I don't want to barge into devl, since I don't think this beleives there. If, indeed, Freenet opens one listening socket for each node it contacts (or, God forbid, for each request it makes - but this isn't likely, judging by the number of open sockets I see when loading TFE), I'd like to hear if this is under consideration for modification in future versions. Regards, Victor Denisov. ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] Re: freesite for Frost FEC
[EMAIL PROTECTED] schrieb: I'm using FIW, a swing application, with Kaffe 1.0.7, with only some warning messages in console JFTR: FIW 0.04b is not (yet) Swing, it's still AWT. thx, mihi, not subscribed to support@, but hoping that it'll get through ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] better than I thought :)
Wow, build 546 is so good it can make connections to nodes without even trying! Contact Failure ConnectionSuccessful Address Probability Interval Attempts Connections -- --- ----- ... tcp/128.227.130.197:42 0.983296930 1820 (111%) By the way, there haven't been any CVS updates in the rel-0-5-1 branch since I reported the build failure (URLEncoder vs. HTMLEncoder stuff) on the other list. So I can't update past build 546 (unless I want to download precompiled .jar files -- and since the stable branch doesn't actually *build* I have no idea how those .jar files were produced or what's in them). -- Greg Wooledge | Truth belongs to everybody. [EMAIL PROTECTED] |- The Red Hot Chili Peppers http://wooledge.org/~greg/ | msg02792/pgp0.pgp Description: PGP signature
[freenet-support] FW: message regarding virus infection
Nicholas Sturm [EMAIL PROTECTED] Sturm History Center -- To Search and Distribute the History of Families Contributing to the Settlement and Development of Barbour County [Original Message] From: Norton AntiVirus Email Protection Date: 2/4/2003 12:07:09 AM Subject: Norton AntiVirus deleted the following email message because it was infected with a virus: From: guillaume.pauchet [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [freenet-support] Fw: Nouveau Document texte ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support