Am 03.02.2003 10:07:31, schrieb bdonlan <[EMAIL PROTECTED]>: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Monday 03 February 2003 04:01 am, Victor Denisov wrote: >> Hmm, still hadn't received a reply through a mailing list, so I'm answering >> by looking at the archive. >> >> Of course, all outgoing ports are open for an IP address that Freenet is >> bound to. The problem is that Freenet seems to listen for _incoming_ >> connections on absolutely random ports. I recall reading somewhere that > >The port is selected randomly when you configure freenet for the first time >and can be found in freenet.conf or freenet.ini. IIRC, it's 'listenPort', but >I'm not sure.
Yes, there's a line in the config file: # The port to listen for incoming FNP (Freenet Node Protocol) connections on. listenPort=XYZ It's a randomly chosen port by the setup or by the generation of the config file. This port is usually between 1024 and 65535, the node announce itself ONLY with the current IP address and the chosen FNP port. (that's a node reference, look in the seednodes.ref-file) Other nodes only tries to connect on the FNP-port. I see also a lot of listening ports between 1025 and 4500, but I don't know the reason. (see the attached text file) Client programs uses only 8481 for the Freenet Client Protocol (FCP), 8888 for the browser (->mainport) and 8891 for the distribution node (if not deactivated). > >> this is a feature -Fred contacts another Freenet node with request for data >> then drops TCP connection and waits for incoming one from that node, so as >> to conserve TCP connections during long data searches and limit amount of >> traffic and resources required for maintenance of "idle" connections. >> >> This seems wise, but only in case if a single port (or a known range of >> ports) is used to handle such incoming connections. Basic security dictates >> that _all_ ports which aren't in definite use should be closed, and if this >> rule can't be followed with current Freenet operation, I'm afraid it could >> be a real security problem for all more or less secure environments. This situation IS a security problem. But read Freenet's port usage in my answer above. You only need to forward the FNP port to the Freenet node. >> >> That's why I've asked if a knows range of ports exists for Freenet. I know >> Java a little bit, but I don't think I'll brave the code myself to find out >> exact port ranges (or if they're defined at all). If they aren't defined, >> maybe it would be possible to consider to make such an option? >> >> With best regards, >> Victor Denisov. >> >> >> _______________________________________________ >> support mailing list >> [EMAIL PROTECTED] >> http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.1 (GNU/Linux) > >iD8DBQE+PjFTx533NjVSos4RAqTnAJ4p7S3NcNBpneusAIf6EQzSCagfbACdEIx6 >aZjzfykIpZMNlTdVuGDuUUY= >=dTtp >-----END PGP SIGNATURE----- > > >_______________________________________________ >support mailing list >[EMAIL PROTECTED] >http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support >
Description: ABH™REN means listening, acer is the computer name. This file is the output of "netstat -a" Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status TCP acer:epmap acer:0 ABH™REN TCP acer:microsoft-ds acer:0 ABH™REN TCP acer:1025 acer:0 ABH™REN TCP acer:1030 acer:0 ABH™REN TCP acer:1385 acer:0 ABH™REN TCP acer:2234 acer:0 ABH™REN TCP acer:2984 acer:0 ABH™REN TCP acer:3135 acer:0 ABH™REN TCP acer:3143 acer:0 ABH™REN TCP acer:3147 acer:0 ABH™REN TCP acer:3191 acer:0 ABH™REN TCP acer:3227 acer:0 ABH™REN TCP acer:3305 acer:0 ABH™REN TCP acer:3314 acer:0 ABH™REN TCP acer:3350 acer:0 ABH™REN TCP acer:3351 acer:0 ABH™REN TCP acer:3356 acer:0 ABH™REN TCP acer:3358 acer:0 ABH™REN TCP acer:3363 acer:0 ABH™REN TCP acer:3369 acer:0 ABH™REN TCP acer:3374 acer:0 ABH™REN TCP acer:3382 acer:0 ABH™REN TCP acer:3385 acer:0 ABH™REN TCP acer:3390 acer:0 ABH™REN TCP acer:3393 acer:0 ABH™REN TCP acer:3406 acer:0 ABH™REN TCP acer:3417 acer:0 ABH™REN TCP acer:3420 acer:0 ABH™REN TCP acer:3421 acer:0 ABH™REN TCP acer:3423 acer:0 ABH™REN TCP acer:3425 acer:0 ABH™REN TCP acer:3426 acer:0 ABH™REN TCP acer:3427 acer:0 ABH™REN TCP acer:3429 acer:0 ABH™REN TCP acer:3609 acer:0 ABH™REN TCP acer:4533 acer:0 ABH™REN TCP acer:4806 acer:0 ABH™REN [This is the mainport:] TCP acer:8888 acer:0 ABH™REN [FNP-port:] TCP acer:16634 acer:0 ABH™REN TCP acer:1032 acer:0 ABH™REN [snipped: closed and close waiting FCP and mainport connections] [snipped: established FNP connections] [some Win2k services:] UDP acer:epmap *:* UDP acer:microsoft-ds *:* UDP acer:1031 *:* UDP acer:netbios-ns *:* UDP acer:netbios-dgm *:* UDP acer:isakmp *:*