Re: [freenet-support] node on a server, and at home?
Neither client or server has to be ssl aware. Markus >From: "Toad" <[EMAIL PROTECTED]> >Ahh, okay. As long as it doesn't need the clients to be ssl aware. ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
Ahh, okay. As long as it doesn't need the clients to be ssl aware. On Tue, Aug 10, 2004 at 10:48:44PM +0300, Markus wrote: > >Don't use stunnel, use ssh, and forward the ports. Stunnel just creates > >an HTTPS connection, right? > > >From Stunnel's man page > (http://www.stunnel.org/faq/stunnel.html#description): > The stunnel program is designed to work as SSL encryption wrapper between > remote clients and local (inetd-startable) or remote servers. The concept is > that having non-SSL aware daemons running on your system you can easily set > them up to communicate with clients over secure SSL channels. > > Would ssh port forwarding be better method? -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
>Don't use stunnel, use ssh, and forward the ports. Stunnel just creates >an HTTPS connection, right? >From Stunnel's man page (http://www.stunnel.org/faq/stunnel.html#description): The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure SSL channels. Would ssh port forwarding be better method? Markus ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
Don't use stunnel, use ssh, and forward the ports. Stunnel just creates an HTTPS connection, right? On Tue, Aug 10, 2004 at 10:31:01AM +0300, Markus wrote: > Ouch, typo in Fuqids configuration (wrong port). Now it doesn't say that > node is overloaded or down, but I still can't get it to download anything > through stunnel, logs say "Fatal error in download thread: EFCPError: recv > failed: 10054". > > > Markus > > > > Hi > > I'm also running a node on my private serverfarm and accessing it from > home. > > I succesfully created ssl tunnel with stunnel from my Linux router to my > > Linux server for surfing freenet with my browser. My problem is that I'm > > having trouble to create working stunnel between Fuqid (running on WinXP) > > and my nodes fcp-port, Fuqid tells me that my node is overloaded or down > > (which it isn't, I am connected to it with browser right now). I have > triple > > checked my stunnel scripts and everything should be ok. Could it like > > http://www.stunnel.org/faq/troubleshooting.html#ToC17? Any ideas? > > > > Markus > > > > ___ > Support mailing list > [EMAIL PROTECTED] > http://news.gmane.org/gmane.network.freenet.support > Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support > Or mailto:[EMAIL PROTECTED] -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
> > Ouch, typo in Fuqids configuration (wrong port). Now it doesn't say that > > node is overloaded or down, but I still can't get it to download anything > > through stunnel, logs say "Fatal error in download thread: EFCPError: recv > > failed: 10054". > > 10054 is the Winsock error code for "Connection Reset," which is likely > indicative of a bad setup on the remote side. As Mika mentioned, first > ensure that the remote node is allowing your IP address to connect to > whichever service you're looking for - mainport or FCP. (For FUQID, it's > FCP, and note that you lose anonymity making FCP requests to a node you > aren't operating locally.) These are set via freenet.conf options on the > server running the node. Everything works fine without ssl tunnel (yes, I know, someone can sniff unencrypted connections). > If everything checks out, FUQID isn't properly connecting to the remote > node. My guess would be either that stunnel is not properly setup, or > your remote node is so overloaded that it cannot accept your connection. > First off, make sure that your FUQID is set up to use the remote node's > IP address, or your local SSH tunnel to that remote IP. FUQID defaults > to localhost on the default FCP port (8481). > > I am familiar with stunnel, I use it to initiate secured IRC sessions, but > I haven't used it in conjunction with Freenet. What is the stunnel > command you're using on each end? Feel free to XX.XX.XX.XX out IP > addresses. Maybe I or someone else familiar with stunnel can help. > > -s I have following setup: LAN(192.168.1.0/24, client side, Fuqid) --> router (Linux router, firewall, runs stunnel, ip 192.168.1.1) --> INTERNET --> my.server.domainname (Linux server, firewall, runs stunnel, Freenet node, server side) I tried also with firewalls allowing all connections, didn't help. Server side stunnel: # For fproxy connection, this works fine stunnel -O l:TCP_NODELAY=1 -d 8880 -r localhost: # For FPC, does not work stunnel -O l:TCP_NODELAY=1 -d 8841 -r localhost:8481 client side stunnel: # Fproxy, works fine, http://192.168.1.1:8880 and https://my.server.domainname:8880 works stunnel -O r:TCP_NODELAY=1 -c -d 8880 -r my.server.domainname:8880 # FPC, does not work stunnel -O r:TCP_NODELAY=1 -c -d 8481 -r my.server.domainname:8841 Fuqid: unencrypted connections work IP: xxx.xxx.xxx.xxx port: 8481 encrypted connections fail IP: 192.168.1.1 port: 8841 Markus ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
On Tue, 10 Aug 2004 10:31:01 +0300 "Markus" <[EMAIL PROTECTED]> wrote: > Ouch, typo in Fuqids configuration (wrong port). Now it doesn't say that > node is overloaded or down, but I still can't get it to download anything > through stunnel, logs say "Fatal error in download thread: EFCPError: recv > failed: 10054". 10054 is the Winsock error code for "Connection Reset," which is likely indicative of a bad setup on the remote side. As Mika mentioned, first ensure that the remote node is allowing your IP address to connect to whichever service you're looking for - mainport or FCP. (For FUQID, it's FCP, and note that you lose anonymity making FCP requests to a node you aren't operating locally.) These are set via freenet.conf options on the server running the node. If everything checks out, FUQID isn't properly connecting to the remote node. My guess would be either that stunnel is not properly setup, or your remote node is so overloaded that it cannot accept your connection. First off, make sure that your FUQID is set up to use the remote node's IP address, or your local SSH tunnel to that remote IP. FUQID defaults to localhost on the default FCP port (8481). I am familiar with stunnel, I use it to initiate secured IRC sessions, but I haven't used it in conjunction with Freenet. What is the stunnel command you're using on each end? Feel free to XX.XX.XX.XX out IP addresses. Maybe I or someone else familiar with stunnel can help. -s ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
Ouch, typo in Fuqids configuration (wrong port). Now it doesn't say that node is overloaded or down, but I still can't get it to download anything through stunnel, logs say "Fatal error in download thread: EFCPError: recv failed: 10054". Markus > Hi > I'm also running a node on my private serverfarm and accessing it from home. > I succesfully created ssl tunnel with stunnel from my Linux router to my > Linux server for surfing freenet with my browser. My problem is that I'm > having trouble to create working stunnel between Fuqid (running on WinXP) > and my nodes fcp-port, Fuqid tells me that my node is overloaded or down > (which it isn't, I am connected to it with browser right now). I have triple > checked my stunnel scripts and everything should be ok. Could it like > http://www.stunnel.org/faq/troubleshooting.html#ToC17? Any ideas? > > Markus > ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
>> don't worry, your node will automatically tell you when a newer version i= >s available (by noticing new build numbers within the network) > >Usually :). Check the web site from time to time, or read this list or >devl, in case there's a reset. >This is not necessarily so. 99% of the time this works, but the most recent >node update (5090) was a full and clean network reset, meaning 5090 would talk >only to builds 5090 and above. If you had a 5089 node, you'd never get the >notice about seeing a newer build. This doesn't immediately matter to you, >Mike, I'm just commenting on the above statement. true, you're both correct, in fact someone simply *has* to use the new builds first so the other builds can see there's something new around. maybe my answer was shot too fast again ^-^ the comment was meant as an easy small step for node ops when to update; being member of the support, announce and devl mailinglist is of course superior and preferable hand ;) ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
re: [freenet-support] node on a server, and at home?
Hi I'm also running a node on my private serverfarm and accessing it from home. I succesfully created ssl tunnel with stunnel from my Linux router to my Linux server for surfing freenet with my browser. My problem is that I'm having trouble to create working stunnel between Fuqid (running on WinXP) and my nodes fcp-port, Fuqid tells me that my node is overloaded or down (which it isn't, I am connected to it with browser right now). I have triple checked my stunnel scripts and everything should be ok. Could it like http://www.stunnel.org/faq/troubleshooting.html#ToC17? Any ideas? Markus ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
Quoting "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>: > > With the above resources how do I get the most out of it? (configuration). > > My BIGGEST thing is speed. I hate not finding what I am looking for and I > > hate file not founds. > > uhm, transfer speed of a splitfile is great and is able to easily max out > your connection as the split-file is retrieved in parallel from different > sources. overall, freenet has a large latency but usually a nice transfer > speed. Although, the best configuration, I think, would be to run just one node, and access that node from wherever. Having one node do all the work lets that one node do more learning of the network. > don't worry, your node will automatically tell you when a newer version is > available (by noticing new build numbers within the network) This is not necessarily so. 99% of the time this works, but the most recent node update (5090) was a full and clean network reset, meaning 5090 would talk only to builds 5090 and above. If you had a 5089 node, you'd never get the notice about seeing a newer build. This doesn't immediately matter to you, Mike, I'm just commenting on the above statement. -todd ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
On Mon, Aug 09, 2004 at 11:59:00PM +0200, [EMAIL PROTECTED] wrote: > unstable is the testfield but has all the fixes first. > stable is more pleasant and is updated quite regulary, too. > if you choose to run an unstable node you ought to update the node every single day > as the unstable branch progresses very fast Unstable has less reachable content due to being smaller. From his mail I suspect this is an important consideration. > > don't worry, your node will automatically tell you when a newer version is available > (by noticing new build numbers within the network) Usually :). Check the web site from time to time, or read this list or devl, in case there's a reset. -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
On Mon, Aug 09, 2004 at 04:16:46PM -0500, [EMAIL PROTECTED] wrote: > Hello, > > I control a unix (linux enterprise) server for my web sites. Can I run a node on > this and access it from home? Obviously typing http://127.0.0.1: will not pull > it up since it is at a server farm in another state. (USA). Sure. The safest way to do this would be to ssh tunnel to the other machine. Read "man ssh" - the -L or -R option should do this. Then you could forward the port and use 127.0.0.1, and you can't be eavesdropped. > > Also, if I have a router at home and 2 comps (XP machines) can I have each computer > running a node? > > With the above resources how do I get the most out of it? (configuration). My > BIGGEST thing is speed. I hate not finding what I am looking for and I hate file > not founds. > > What would be better, unstable or stable? Stable. > > Thanks. > > Mike -- Matthew J Toseland - [EMAIL PROTECTED] Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. signature.asc Description: Digital signature ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
Re: [freenet-support] node on a server, and at home?
>Hello, > >I control a unix (linux enterprise) server for my web sites. Can I run a node on >this and access it from home? Obviously typing http://127.0.0.1: will not pull >it up since it is at a server farm in another state. (USA). by default the only host which is allowed to connect to the node interface on port is localhost (127.0.0.1) this is to forbid everyone else but the owner of the machine to access the node. in your freenet.cont/.ini there is a line reading: # List of IP addresses (for example "192.168.1.7"), DNS names ("erica" or "www.nsa.gov") or netmasks ("192.168.1.0/24") of hosts (computers) that should be allowed to access the main web interface of your freenet node. Defaults to localhost (127.0.0.0/8) only. %mainport.allowedHosts=127.0.0.0/8 here you can change the array of allowed host for example to: mainport.allowedHosts=127.0.0.0/8,12.34.56.78 where 12.34.56.78 is the ip of your xp computer. please remember to remove the heading % which is a comment character! you should also notice that connecting from your xp to the freenet node is now done over unencrypted http. this means that if you're being sniffed your actions can be seen and every file you retrieve out of freenet will be unencrypted, too, which will utterly destroy the principle of privacy. if you've got nothing to hide that *might* be okay, but ipspoofing/-claiming will allow others to access your freenet node, which might have negative effects on your reputation ;) so the better alternative would be: create a ssh tunnel from the linux box to your xp system (or vice versa). see 'man ssh' and look for the -L and -R options. on your windoze box you can try PuTTY which has a (hidden?) ssh daemon function; or use a different ssh tunnel software. this will protect your traffic and authorize the node access. that's the way you should choose to go >Also, if I have a router at home and 2 comps (XP machines) can I have each computer >running a node? of course, just make sure the FNP ports of each node are different (they're chosen randomly, so they are usually different) and forward the two ports from the router to the according xp box. you can even have more than one node per computer! if so, you should change the ports for the mainport () and the fcp port (8481) for the second node to something else (you could possibly just add +1) so they don't affect each other. >With the above resources how do I get the most out of it? (configuration). My >BIGGEST thing is speed. I hate not finding what I am looking for and I hate file not >founds. uhm, transfer speed of a splitfile is great and is able to easily max out your connection as the split-file is retrieved in parallel from different sources. overall, freenet has a large latency but usually a nice transfer speed. 404's are sadly quite common as the node first has to 'weave' itself into the freenet network before it can archive decent performance and knowledge of the surrounding nodes. after that process it's supposed to run quite okay you just shouldn't be afraid of letting the node run 24/7 for at least a week or so (i'd say, the opinions differ) to let the node become part of the network. also be prepared that a node can use up large amounts of the network bandwidth resulting in massive transfer volumes. several gigs per month are common. >What would be better, unstable or stable? unstable is the testfield but has all the fixes first. stable is more pleasant and is updated quite regulary, too. if you choose to run an unstable node you ought to update the node every single day as the unstable branch progresses very fast don't worry, your node will automatically tell you when a newer version is available (by noticing new build numbers within the network) >Thanks. YW ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
[freenet-support] node on a server, and at home?
Hello, I control a unix (linux enterprise) server for my web sites. Can I run a node on this and access it from home? Obviously typing http://127.0.0.1: will not pull it up since it is at a server farm in another state. (USA). Also, if I have a router at home and 2 comps (XP machines) can I have each computer running a node? With the above resources how do I get the most out of it? (configuration). My BIGGEST thing is speed. I hate not finding what I am looking for and I hate file not founds. What would be better, unstable or stable? Thanks. Mike ___ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]