Matthew Toseland wrote: > On Tuesday 05 June 2007 10:24, Luke771 wrote: >> As for the NAT thing, I'm behind a NAT where I can't do port forwarding >> (evil ISP) and my 0.7 node works perfectly... well, almost perfectly: I >> can't peer to nodes that are also behind a NAT and with no forwarded >> ports, but that's not much of a limitation, I can connect to almost all >> nodes, as not many of them are NAT'ed and with no forwarded ports, > > Really? My assumption has always been that nobody forwards ports. You should > be able to connect anyway though, unless your ISP's NAT is really nasty. >
I often helper noobs on #freenet-refs with port forwarding, so I guess someone does port forwarding after all. (how well they do that is a different story) The ISP's NAT is like this: There's an integrated router/switch/hub that includes VoIP software and does DHCP, the ISP calls this kind of router "HAG" (home access gateway), they run cisco OS (that's what nMap says) and don't answer to http or telnet, the only open port appears to be the VoIP one (sorry, I forgot the number and what the protocol is called, the protocola commonly associated to that port is something like h.300(something)/h.(other number) and someone told me that it's VoIP. When they come to hook you up they bring theis integrated router that has three rj45 and two rj11 sockets, only one of the rj11 works, you connect your telephone there, but if you use the wrong one, you'll always hear the 'busy' tone. The ISP controls the router remotely (I hate that), and as if that wasn't bad enough, there's a whole lot of actions that will trigger a "safety" thingy that will disconnect you, for instance, the home users' standard contract limits the number of machines to three (yes, I could use a 2-NIC machine, a hub, and connect 12 pc's, but that's not the point), the router reads the mac of each box that connects to it, and I've heard of people who got disconnected for changing a network adapter: the software doesn't count how many boxes are actually connected, it simply disconnects you when it sees the fourth mac. A phonecall to the customer service (works 24/7) usually fixes that right away, but it's annoying anyway. I could go on with more reasons why I call them a "evil" ISP but this mail is getting too long, besides being 99% off-topics, so I won't; I'll tell some of the things that happens with this kind of connection, and why I don't switch ISP: I can't run stuff like eMule (legal files only, of course), I'd get "low ID" only, Bittorrent does work, but only on outbound connections, the "check your port forwarding" icon is always up. And when I tried to set up a 0.5 node, I could only painfully crawl to a couple of index sites, nothing more. I did have problems with nodes that wouldn't connect as peers even on 0.7, that heppended only two times so far, and I don't get any "NAT detected" error message; looks like Freenet works pretty well even from behind a NAT (with exclusion of some expecially nasty NAT's, but that doesn't seem to be my case) One fun thing about the evil ISP is that their network topology is insane: it's made out of many MAN that connect to each other in a mega WAN, so if you know as little as I do about networking that would be enough to explore what from your box's point of view appears to be a huge LAN. Now, as long as people like myself explore the network out of curiosity, there's no problem; the problems begin when someone less honest than myself realizes that he's on the same LAN as a lot of unaware and computer-illiterate windows users, who don't have any administrator password, always log in as administrator, have lots of open ports including 139 without even knowing what an 'open port' is, and save sensitive data in 'my documents' labelled as important.doc bank.doc visa.doc and so forth, and the ISP only think about making more money off their customes (you want to be accessible from the internet? 4 euros a day!!!) and disconnects people for changing nework adapter, instead of setting up a network where committing crimes would be at least a bit less easy. Oh, and the reason I don't switch ISP is that in this country there's no other ISP that can provide that kind of speed, expecially on upload (10/10Mbit), if I dump the evil one, the best I can get is a 6Mbit doen/ 1Mbit up adsl connection. Some would say what the heck you need a ten mbit connection for, if you can't really use it... and that's not even completely wrong, the point is that I'm used with this speed now, and getting used to lowes speeds would be a real pain in the ...head. Expecially the first times. I was gonna add another couple of paragraphs about how bad the contract conditions are, but now it's really growing *too* big, so I'll cut it here. Sorry for the long, offtopics mail (no that's not gonna become a habit) Luke