Am 03.02.2003 10:07:31, schrieb bdonlan <[EMAIL PROTECTED]>:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Monday 03 February 2003 04:01 am, Victor Denisov wrote:
>> Hmm, still hadn't received a reply through a mailing list, so I'm answering
>> by looking at the archive.
>>
>> Of course, all outgoing ports are open for an IP address that Freenet is
>> bound to. The problem is that Freenet seems to listen for _incoming_
>> connections on absolutely random ports. I recall reading somewhere that
>
>The port is selected randomly when you configure freenet for the first time 
>and can be found in freenet.conf or freenet.ini. IIRC, it's 'listenPort', but 
>I'm not sure.

Yes, there's a line in the config file:
# The port to listen for incoming FNP (Freenet Node Protocol) connections on.
listenPort=XYZ

It's a randomly chosen port by the setup or by the generation of the config file.
This port is usually between 1024 and 65535, the node announce itself ONLY
with the current IP address and the chosen FNP port. (that's a node reference,
look in the seednodes.ref-file)

Other nodes only tries to connect on the FNP-port.
I see also a lot of listening ports between 1025 and 4500, but I don't know the
reason. (see the attached text file)
Client programs uses only 8481 for the Freenet Client Protocol (FCP),
8888 for the browser (->mainport) and 8891 for the distribution node (if 
not deactivated).

>
>> this is a feature -Fred contacts another Freenet node with request for data
>> then drops TCP connection and waits for incoming one from that node, so as
>> to conserve TCP connections during long data searches and limit amount of
>> traffic and resources required for maintenance of "idle" connections.
>>
>> This seems wise, but only in case if a single port (or a known range of
>> ports) is used to handle such incoming connections. Basic security dictates
>> that _all_ ports which aren't in definite use should be closed, and if this
>> rule can't be followed with current Freenet operation, I'm afraid it could
>> be a real security problem for all more or less secure environments.

This situation IS a security problem. But read Freenet's port usage in my
answer above. You only need to forward the FNP port to the Freenet node.

>>
>> That's why I've asked if a knows range of ports exists for Freenet. I know
>> Java a little bit, but I don't think I'll brave the code myself to find out
>> exact port ranges (or if they're defined at all). If they aren't defined,
>> maybe it would be possible to consider to make such an option?
>>
>> With best regards,
>> Victor Denisov.
>>
>>
>> _______________________________________________
>> support mailing list
>> [EMAIL PROTECTED]
>> http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.1 (GNU/Linux)
>
>iD8DBQE+PjFTx533NjVSos4RAqTnAJ4p7S3NcNBpneusAIf6EQzSCagfbACdEIx6
>aZjzfykIpZMNlTdVuGDuUUY=
>=dTtp
>-----END PGP SIGNATURE-----
>
>
>_______________________________________________
>support mailing list
>[EMAIL PROTECTED]
>http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/support
>

Description: ABH™REN means listening, acer is the computer name.
This file is the output of "netstat -a"

Aktive Verbindungen

  Proto  Lokale Adresse         Remoteadresse          Status
  TCP    acer:epmap             acer:0                 ABH™REN
  TCP    acer:microsoft-ds      acer:0                 ABH™REN
  TCP    acer:1025              acer:0                 ABH™REN
  TCP    acer:1030              acer:0                 ABH™REN
  TCP    acer:1385              acer:0                 ABH™REN
  TCP    acer:2234              acer:0                 ABH™REN
  TCP    acer:2984              acer:0                 ABH™REN
  TCP    acer:3135              acer:0                 ABH™REN
  TCP    acer:3143              acer:0                 ABH™REN
  TCP    acer:3147              acer:0                 ABH™REN
  TCP    acer:3191              acer:0                 ABH™REN
  TCP    acer:3227              acer:0                 ABH™REN
  TCP    acer:3305              acer:0                 ABH™REN
  TCP    acer:3314              acer:0                 ABH™REN
  TCP    acer:3350              acer:0                 ABH™REN
  TCP    acer:3351              acer:0                 ABH™REN
  TCP    acer:3356              acer:0                 ABH™REN
  TCP    acer:3358              acer:0                 ABH™REN
  TCP    acer:3363              acer:0                 ABH™REN
  TCP    acer:3369              acer:0                 ABH™REN
  TCP    acer:3374              acer:0                 ABH™REN
  TCP    acer:3382              acer:0                 ABH™REN
  TCP    acer:3385              acer:0                 ABH™REN
  TCP    acer:3390              acer:0                 ABH™REN
  TCP    acer:3393              acer:0                 ABH™REN
  TCP    acer:3406              acer:0                 ABH™REN
  TCP    acer:3417              acer:0                 ABH™REN
  TCP    acer:3420              acer:0                 ABH™REN
  TCP    acer:3421              acer:0                 ABH™REN
  TCP    acer:3423              acer:0                 ABH™REN
  TCP    acer:3425              acer:0                 ABH™REN
  TCP    acer:3426              acer:0                 ABH™REN
  TCP    acer:3427              acer:0                 ABH™REN
  TCP    acer:3429              acer:0                 ABH™REN
  TCP    acer:3609              acer:0                 ABH™REN
  TCP    acer:4533              acer:0                 ABH™REN
  TCP    acer:4806              acer:0                 ABH™REN
[This is the mainport:]
  TCP    acer:8888              acer:0                 ABH™REN
[FNP-port:]
  TCP    acer:16634             acer:0                 ABH™REN
  TCP    acer:1032              acer:0                 ABH™REN
[snipped: closed and close waiting FCP and mainport connections]
[snipped: established FNP connections] 
[some Win2k services:]
  UDP    acer:epmap             *:*
  UDP    acer:microsoft-ds      *:*                    
  UDP    acer:1031              *:*                    
  UDP    acer:netbios-ns        *:*                    
  UDP    acer:netbios-dgm       *:*                    
  UDP    acer:isakmp            *:*                    

Reply via email to