On Sat, Jan 05, 2002 at 02:38:17PM +0100, Maarten Geurts wrote: > -Does any node expect to be connectable to any node, or just a n number > of nodes it found during the discovery of other nodes.
Any node if poosible.
> The problem with (NAT) firewalls or http proxy�s the outside is not
> allowed to connect to the inside. This is easely worked around by
> letting the inside connect to the outside. This is only possible for a
> limited number of nodes.The node behind the firewall//proxy could not
> set up a link to all nodes behind the firewall, just a couple he
> detected.
If the node is just for outgoing it does not matter
other then you node-adress is spread a bit and could get
added to other nodes seed cache. It will timeout eventually.
To be a full member you need some kind of forwarding from a
host with a public IP.
* set the public IP in your freenet.conf
* put an IP relay in you firewall/gateway, same port number
on private and public interface.
If you do not have access to the GW but has an account on a
server with public IP you can use tunneling, using ssh or other:
* set the public IP in your freenet.conf
* sshd_conf on server must have "GatewayPorts" set to "yes"
* login with
# ssh -R <node port number>:localhost:<node port number>
This is unix-only of course!
>
> Also is there a thing in freenet to find near nodes? nodes behind a NAT
> firewall could connect freely, but to the outside it would look like
> they have the same ip on a different port. The only thing i could find
> was a reference to radio networks. wireless networks have the same
> problem that they can only connect to near nodes, or they have to use
> some kind of internetwork router (/proxy). but in the code i could only
> find tcp/ip transport, where ssl is a special verion of tcp/ip.
The problem is:
if I set my IP to a public IP other nodes onthe same NATed network
try to connect to that IP and has no way of knowing it is on the
same LAN.
Using the internal IP is no good since perhaps 50% of all NAT networks
is 192.168.0.0/24. Chances are that if receive such a node-address it
is NOT on your LAN at all.
It is therefore no use distributing IP that are not unique.
This is one way to go:
* IPv6 addresses for NATed LANs
* IPv6 support in freenet
* IPv6 to IPv4 gateway
mucho work but doable.
Another way is to build a translating proxy function,
either in fred or as a seperate service
combined with a smart tunneling connectionmanager in fred.
happy hacking
--
G�ran
msg00503/pgp00000.pgp
Description: PGP signature
