[tahoe-dev] Tahoe-lafs and nodes behind NAT (behind another NAT)

Jody Harris imhavoc at gmail.com
Sat Dec 26 20:42:59 PST 2009


I finally got around to reading this article on firewall punching:
http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html

Very insightful. Even a demo for Linux with existing tools is included at
the end of the article.

Fascinating!

I'm glad I asked the question just for the education....
----
- Think carefully.
- Contra mundum - "Against the world" (St. Athanasius)
- Credo ut intelliga - "I believe that I may know" (St. Augustin of Hippo)


On Sun, Dec 20, 2009 at 8:54 AM, Jody Harris <imhavoc at gmail.com> wrote:

> BitTorrent is another open project that has overcome these kinds of
> problems.
>
> Don't take this personally, I'm just brainstorming, and this thread is the
> best place to do that.
>
> So, running list of technologies that have overcome this problem:
>  - SIP
>  - IM file transfer
>  - BitTorrent
>
> There's an article at The H about "How Skype & Co. Get Round Firewalls."
>
> http://www.h-online.com/security/features/How-Skype-Co-get-round-firewalls-747197.html
>
> It's on my reading list for this week.
>
> I'm fully aware of the blood and gore involved in ripping out a piece of
> code like this and replacing it. It's going to be ugly. I'm just looking
> around for existing solutions. Brilliance does not reside in "original
> solutions," but rather in employing "the wheel" in unexpected ways. Often,
> the best way to solve a difficult problem is not to pop open the hood and
> get elbow-deep in [code] yourself, but rather it is pointing the right
> person at the solution and letting them surprise you.
>
> j
> ----
> - Think carefully.
> - Contra mundum - "Against the world" (St. Athanasius)
> - Credo ut intelliga - "I believe that I may know" (St. Augustin of Hippo)
>
>
> On Sat, Dec 19, 2009 at 3:25 PM, Zooko Wilcox-O'Hearn <zooko at zooko.com>wrote:
>
>> There are currently five tickets about making it easier for people to
>> use Tahoe-LAFS through firewalls and NATs.  You can see them by gong
>> to the ViewTickets page:
>>
>> http://allmydata.org/trac/tahoe/wiki/ViewTickets
>>
>> and scrolling down to the "Keywords" section and look for the keyword
>> "firewall".  They are these:
>>
>> http://allmydata.org/trac/tahoe/ticket/49# UPnP
>> http://allmydata.org/trac/tahoe/ticket/50# STUNT/ICE
>> http://allmydata.org/trac/tahoe/ticket/169# tcp hole-punching!
>> http://allmydata.org/trac/tahoe/ticket/445# implement relay: allow
>> storage servers behind NAT
>> http://allmydata.org/trac/tahoe/ticket/754# merge manually specified
>> tub location with autodetected tub location
>>
>> There are some interesting things in some of these!  In #49 Shawn
>> Willden did a quick experiment (sort of what Extreme Programming
>> calls a "spike") with miniupnp that was promising.  In #169 Greg
>> Hazel offered some Python code to integrate TCP hole-punching magic
>> right into the Python sockets.
>>
>> My personal favorite approach right now is the extend the helper to
>> do immutable download, mutable upload, and mutable download and then
>> treat the helper as the preferred solution for this problem.
>> However, like Shawn, I am not volunteering to work on this right
>> now.  (If you want to know what I'm volunteering to work on right now
>> search for tickets that I've accepted.  I'm mostly trying to finish
>> #778 and other tickets that I consider essential for v1.6, plus fix
>> up buildbots and other testing or quality control issues that I
>> consider essential for v1.6.)
>>
>> Regards,
>>
>> Zooko
>> _______________________________________________
>> tahoe-dev mailing list
>> tahoe-dev at allmydata.org
>> http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://allmydata.org/pipermail/tahoe-dev/attachments/20091226/1dae071d/attachment.htm 


More information about the tahoe-dev mailing list