[freenet-dev] Corporate NATs redux, and should we allow setting more options from the simple darknet page?

[Florent Daignière (NextGen$)]

* toad <toad at amphibian.dyndns.org> [2006-11-30 19:47:22]:

> On Thu, Nov 30, 2006 at 04:23:13PM +0100, Florent Daignière (NextGen$) wrote:
> > * toad <toad at amphibian.dyndns.org> [2006-11-30 02:27:03]:
> > 
> > > We discovered what the problem with my connection to sbc was. It was a
> > > corporate NAT that rewrites the source port, but doesn't then reroute
> > > packets to the new port to the original port. I have introduced a new
> > > peer parameter, ignoreSourcePort, which can be set on a specific peer
> > > from the dropdown box at the bottom of the darknet page. When this is
> > > set, a workaround is instigated, which allows us to connect to such
> > > nodes. Each of sbc's peers must set this flag on sbc. At present this
> > > is purely manual; some time in the distant future auto-detection code
> > > may be introduced. (bug #945).
> > > 
> > > Should we allow users to set this, and allowLocalAddresses, from the
> > > non-advanced darknet page?
> > 
> > I'm against it ... because most users won't know when they ought to
> > enable it ... and if they do whereas it's not needed it will break
> > connectivity with "PATed" peers.
> 
> Only when their peer is behind a corporate firewall.

The problem is it doesn't mean they will need it... Asking the user
whether he is behind a corporate firewall or not is doable ... asking
him to notice the difference between "with source port rewriting" and
without isn't.

-- 
NextGen$. 
"On peut obéïr aux lois en souhaitant qu'elles changent, comme on sert à la guerre en souhaitant la paix."
Merleau Ponty - L'éloge de la philosophie