[tahoe-dev] Tahoe-lafs and nodes behind NAT (behind another NAT)

Jody Harris imhavoc at gmail.com
Sun Dec 20 19:18:31 PST 2009 

Brian,

I think that may have worked. I may have just had the tahoe.cfg pointing at
the wrong IP addresses. I'm hoping to test it this week and see if others in
the grid can see my boxes. (I have set up a separate tunnel for each box.)

It's a less than idea solution, but it might get this grid off the ground.

Thank you.
----
- Think carefully.
- Contra mundum - "Against the world" (St. Athanasius)
- Credo ut intelliga - "I believe that I may know" (St. Augustin of Hippo)


On Sun, Dec 20, 2009 at 1:18 PM, Brian Warner <warner at lothar.com> wrote:

> Jody Harris wrote:
> > For the record, I've tried and failed to use ssh tunneling. Can someone
> > explain to be why this solution won't work? I've searched the tickets
> > and the mailing list and not found an explanation as to why this fails.
> > I think it would be nice to have it documented, if someone can explain
> it.
>
> How exactly were you setting up the tunnel? And was this tunnel for the
> purpose of letting your node connect to the outside world, or for the
> outside world to connect to your node?
>
> If the latter, I'd be using "ssh -R12345:localhost:6789", use the
> tahoe.cfg "tub.location" setting to announce the "targethost:12345"
> public side of your tunnel, and the "tub.port" setting to tell your node
> to listen on localhost:6789 . That ought to cause other nodes to connect
> to the outside of your tunnel. Note that without the tub.location
> setting, your node will announce its real (internal+unreachable) address
> to the other nodes, and they probably won't be able to connect in.
> However, if they have public IP addresses, you might be able to connect
> out, possibly masking or confusing the problem.
>
> If the former (i.e. if you're using ssh like an outbound proxy), then
> the challenge is that tahoe will connect to the introducer, then connect
> to every node announced by the introducer, all using the IP addresses
> contained in the various FURLs. So a single tunnel won't do (you'd need
> to create a tunnel for each node, and you'd have to intercept the
> Introducer messages to trick your node into connecting to the local
> tunnel endpoint instead of the actual remote address). But, ssh can
> behave like a SOCKS5 server, and you can run your tahoe node under
> 'tsocks' or 'runsocks' to force all the network connections to go to
> that socks server. This is how we suggest people get Tahoe running under
> Tor, since the Tor client also behaves like a SOCKS5 server.
>
> does that help?
> cheers,
>  -Brian
>
> _______________________________________________
> tahoe-dev mailing list
> tahoe-dev at allmydata.org
> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://allmydata.org/pipermail/tahoe-dev/attachments/20091220/4a9d5bc5/attachment.htm

More information about the tahoe-dev mailing list