Re: [freenet-support] connect to my home node, through internet
Matthew Toseland <[EMAIL PROTECTED]> writes: > > FWIW, I've recently rewritten the handling of allowedHosts parameters > > for both FCP and generic servlets, so that one can now use x.x.x.x/y > > notation for specifying subnets. This has the effect of making the > > allowedHosts code even more IPv4 dependent, but increases its > Yeah, well, IPv6 should be a completely separate transport. Any IPv6 > zealots here, feel free to code it, all the code is in Transport*.java > and transport/. This is true, but in a perfect world, the code for allowing hosts shouldn't exactly be transport dependent. As well, this dependency is not essential to the structure of the code; meaning that there's no way for a compiler to find this dependency and fix it. At the moment, if IPv6 were implemented completely as a transport, any incoming IPv6 connections would fail the allowedHosts checks in a horrible way as the code tries to cast the connection address to a tcpAddress. Just a little thing for someone better at java to code around. Thelema -- E-mail: [EMAIL PROTECTED] Raabu and Piisu GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] connect to my home node, through internet
On Mon, Dec 16, 2002 at 10:23:55PM -0600, Edgar Friendly wrote: > Greg Wooledge <[EMAIL PROTECTED]> writes: > > > mainport.port= > > mainport.bindAddress=* > > mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 > > > > $ netstat -ant | grep > > tcp0 0 0.0.0.0:0.0.0.0:* LISTEN > > tcp0 0 192.168.2.4:192.168.2.2:2524ESTABLISHED >[...] > > > > If you're using a firewall (iptables) then make sure you aren't blocking > > incoming packets on the mainport port. > > > > FWIW, I've recently rewritten the handling of allowedHosts parameters > for both FCP and generic servlets, so that one can now use x.x.x.x/y > notation for specifying subnets. This has the effect of making the > allowedHosts code even more IPv4 dependent, but increases its Yeah, well, IPv6 should be a completely separate transport. Any IPv6 zealots here, feel free to code it, all the code is in Transport*.java and transport/. > usefulness by a decent amount. > > quick review of what bindAddress and allowedHosts do: > > allowedHosts: when a connection hits the node, the incoming address is > checked against the values in allowedHosts, and if it's not listed, > then the connection is refused. A blank allowedHosts or a value of > "*" results in all connections being allowed (this is internally > converted to 0.0.0.0/0) > > bindAddress: for the node to listen on a TCP socket, that socket has > to be bound to an interface. (i.e. loopback, eth0, eth1, etc.) Each > interface has a address associated with it (its IP address), so that > address is used to represent the interface when the socket is created. > It's also possible to listen on all interfaces by specifying a null > address to bind to. > > So if you want fred to only listen to local requests, you can > > 1) set allowedHosts to filter out requests coming from non-local >addresses, so that requests coming from other places are rejected >by fred > > OR > > 2) set bindAddress to 127.0.0.1 (the loopback interface's address), >which results in only local connections being able to find the >socket in the first place. > > Hope that clears things up for at least one person, > Thelema > -- > E-mail: [EMAIL PROTECTED] Raabu and Piisu > GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB > > ___ > support mailing list > [EMAIL PROTECTED] > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support > -- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/ msg02378/pgp0.pgp Description: PGP signature
Re: [freenet-support] connect to my home node, through internet
Hi. Thanks for all the input, i have got, regarding this issue. I think, the problem is because i'm behind a firewall, when i'm not at home. Because when i'm at home, i can access my node through my local network, vith my public ip. Så, what i did, was set up at ssh tunnel, and now i can access my node, from anywere (I hope) Sincerley Heine Laursen Edgar Friendly wrote: Greg Wooledge <[EMAIL PROTECTED]> writes: mainport.port= mainport.bindAddress=* mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 $ netstat -ant | grep tcp0 0 0.0.0.0:0.0.0.0:* LISTEN tcp0 0 192.168.2.4:192.168.2.2:2524ESTABLISHED [...] If you're using a firewall (iptables) then make sure you aren't blocking incoming packets on the mainport port. FWIW, I've recently rewritten the handling of allowedHosts parameters for both FCP and generic servlets, so that one can now use x.x.x.x/y notation for specifying subnets. This has the effect of making the allowedHosts code even more IPv4 dependent, but increases its usefulness by a decent amount. quick review of what bindAddress and allowedHosts do: allowedHosts: when a connection hits the node, the incoming address is checked against the values in allowedHosts, and if it's not listed, then the connection is refused. A blank allowedHosts or a value of "*" results in all connections being allowed (this is internally converted to 0.0.0.0/0) bindAddress: for the node to listen on a TCP socket, that socket has to be bound to an interface. (i.e. loopback, eth0, eth1, etc.) Each interface has a address associated with it (its IP address), so that address is used to represent the interface when the socket is created. It's also possible to listen on all interfaces by specifying a null address to bind to. So if you want fred to only listen to local requests, you can 1) set allowedHosts to filter out requests coming from non-local addresses, so that requests coming from other places are rejected by fred OR 2) set bindAddress to 127.0.0.1 (the loopback interface's address), which results in only local connections being able to find the socket in the first place. Hope that clears things up for at least one person, Thelema ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] connect to my home node, through internet
Greg Wooledge <[EMAIL PROTECTED]> writes: > mainport.port= > mainport.bindAddress=* > mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 > > $ netstat -ant | grep > tcp0 0 0.0.0.0:0.0.0.0:* LISTEN > tcp0 0 192.168.2.4:192.168.2.2:2524ESTABLISHED [...] > > If you're using a firewall (iptables) then make sure you aren't blocking > incoming packets on the mainport port. > FWIW, I've recently rewritten the handling of allowedHosts parameters for both FCP and generic servlets, so that one can now use x.x.x.x/y notation for specifying subnets. This has the effect of making the allowedHosts code even more IPv4 dependent, but increases its usefulness by a decent amount. quick review of what bindAddress and allowedHosts do: allowedHosts: when a connection hits the node, the incoming address is checked against the values in allowedHosts, and if it's not listed, then the connection is refused. A blank allowedHosts or a value of "*" results in all connections being allowed (this is internally converted to 0.0.0.0/0) bindAddress: for the node to listen on a TCP socket, that socket has to be bound to an interface. (i.e. loopback, eth0, eth1, etc.) Each interface has a address associated with it (its IP address), so that address is used to represent the interface when the socket is created. It's also possible to listen on all interfaces by specifying a null address to bind to. So if you want fred to only listen to local requests, you can 1) set allowedHosts to filter out requests coming from non-local addresses, so that requests coming from other places are rejected by fred OR 2) set bindAddress to 127.0.0.1 (the loopback interface's address), which results in only local connections being able to find the socket in the first place. Hope that clears things up for at least one person, Thelema -- E-mail: [EMAIL PROTECTED] Raabu and Piisu GPG 1024D/36352AAB fpr:756D F615 B4F3 BFFC 02C7 84B7 D8D7 6ECE 3635 2AAB ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
Re: [freenet-support] connect to my home node, through internet
Heine Laursen ([EMAIL PROTECTED]) wrote: > Hi. I want to connect to my node (With my browser) > mainport.allowedHosts=* #Have also tryed, with ip's > mainport.bindAddress=xxx.xxx.xxx.xxx #(Public ip) have also tryed with * These two are reversed. Here is what I use (on a Debian woody node, kernel 2.4.18): mainport.port= mainport.bindAddress=* mainport.allowedHosts=127.0.0.1,192.168.2.1,192.168.2.2,192.168.2.4,192.168.2.20 $ netstat -ant | grep tcp0 0 0.0.0.0:0.0.0.0:* LISTEN tcp0 0 192.168.2.4:192.168.2.2:2524ESTABLISHED [...] If you're using a firewall (iptables) then make sure you aren't blocking incoming packets on the mainport port. -- Greg Wooledge | "Truth belongs to everybody." [EMAIL PROTECTED] |- The Red Hot Chili Peppers http://wooledge.org/~greg/ | msg02364/pgp0.pgp Description: PGP signature
Re: [freenet-support] connect to my home node, through internet
I think, you have to add the following two lines to your freenet config file: mainport.params.servlet.1.params.bindAddress=* mainport.params.servlet.1.params.allowedHosts=* I have added this two lines, and i can connect to my node via the internet from other computers. These two lines are also not moved to the "unknown parameter", like the options you have used. ( "mainport.allowedHosts=*" have not worked for me either, so i have figured out the lines above.) But i use windows, so i do not know, if there are differneces between the freenet version for windows and the one for Linux. But you can give it a try. :) > Hi. I want to connect to my node (With my browser) > > Så, i have read some, of the former posts, about the problem, > but i simpley can't connect to my home node, and browse the freenet. > > The home computer is a debian woody running kernel 2.4.19 > > My freenet.conf looks like this: (Ip's removed) > ipAddress=xxx.xxx.xxx.xxx #(public ip) > listenPort=10137 > seedNodes=seednodes.ref > storeSize=10485760 > mainport.allowedHosts=* #Have also tryed, with ip's > mainport.bindAddress=xxx.xxx.xxx.xxx #(Public ip) have also tryed with * > > When i try to connect, from the local host, i have to enter the public > ip, to browse freenet. But, when i try to connect to it, from the > internet i just get "connection refused" error messages, from mozilla. > > Tkanks for your help. > > Sincerley > Heine Laursen > > > ___ > support mailing list > [EMAIL PROTECTED] > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support > -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
[freenet-support] connect to my home node, through internet
Hi. I want to connect to my node (With my browser) Så, i have read some, of the former posts, about the problem, but i simpley can't connect to my home node, and browse the freenet. The home computer is a debian woody running kernel 2.4.19 My freenet.conf looks like this: (Ip's removed) ipAddress=xxx.xxx.xxx.xxx #(public ip) listenPort=10137 seedNodes=seednodes.ref storeSize=10485760 mainport.allowedHosts=* #Have also tryed, with ip's mainport.bindAddress=xxx.xxx.xxx.xxx #(Public ip) have also tryed with * When i try to connect, from the local host, i have to enter the public ip, to browse freenet. But, when i try to connect to it, from the internet i just get "connection refused" error messages, from mozilla. Tkanks for your help. Sincerley Heine Laursen ___ support mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
