>On Sun, Jun 06, 2021 at 10:51:21AM +0200, Michael Raskin wrote: >> >Or is here some other way of achieving the same result -- letting >> >netsync work when I'm not at home? >> >> As an «adapt to the modem» approach, I would consider forwarding SSH and >> either port forwarding netsync in SSH connection or directly using SSH >> repository address (which means netsync through standard input/output >> through SSH). > >Two approaches here. > >(1) persuade modem to do the right thing with port 4691. >I've already done that, but it didn't help. Presumably because port >forwarding is more complicated that just rewriting packets. It is also >necessary to do some kind of connexion tracking so that replies to >incoming conexions are properly treated. > >It's entirely possible that the incomming netsync connection is properly >routed to usher, but that ushers' reply is not getting out through the >modem. > >Netsync relies on some underlying conventions on the use of TCP for a >two-way connexion. Is there some other protocol that shares these >conventions? If so I could tell the modem that this other protocol is >now being used on port 4691.
I would frankly start with tcpdump on both sides while trying to connect from outside. Routers can break so many things it is not even funny… >(2) use ssh. > >I guess that would involve the ssh: URI's instead of mtn" URI's > >But this is a solution that works for me only. > >I'd like these some of these repositories to be readable >by the public. Monotone itself has enough safeguards on a netsync >connexion for this. But even if I use a separate account for montone >repositories, someone that can use ssh to access monotone can also >use ssh directly and attack the repositories (by tricks like rm). > >Or is some kind of limiter possible with ssh usage? On the one hand it is, on the other one needs to be quite careful setting it up to not leave a hole.
