civilian/user of ptp, and nat to internal machine

3 views
Skip to first unread message

jon

unread,
Nov 18, 2009, 12:41:28 AM11/18/09
to ptp-general
hi, i am a regular user of the mississippi ptp network, and on most
days can connect from my home a couple blocks away. i am wondering
what ptp policy is for setting up nat or port forwarding (etc) for us
normal users to be able to get to our ptp-connected machines from the
outside world?

obviously there are matters of security to contend with and so forth,
but i am thinking of an unused outside port mapping to port 80 of my
linux box (presumably on a mac-assigned static internal ip address),
so that i can demo some of my web development to outsiders. as a
bonus, another port going to 22 wouldnt hurt either! heh

this is not at all an urgent or critical inquiry, more just one of
curiosity. i tend to push things through svn to outside hosts when i
*really* need to show some development, but it would just be so
convenient to have somewhere to point to that has the active
development.

thanks much, especially for keeping the network going over here!
-jon

p.s. i have offered before, but will state again -- i am available for
any light net admin kinda maintenance on the mgp network as needed. i
even helped climb up on the ballroom roof once to get some new
equipment in. lemme know.

Tyler Booth

unread,
Nov 18, 2009, 12:15:02 PM11/18/09
to ptp-g...@googlegroups.com
Jon,

The trouble with port forwarding on this particular network is that everyone on it shares a single IP address. Port 80 and 22 are already forwarded to Personal Telco routers/servers that manage this network.
As for your offer of assistance, we're always looking for eager volunteers. Please come to a weekly or monthly meeting and introduce yourself. 

stephouse networksTyler Booth // President
ph. 503.548.2000 | fx. 503.548.2002
921 SW Washington St, Suite 224
Portland OR 97205


--
The Personal Telco Project - http://www.personaltelco.net/
Donate to PTP: http://www.personaltelco.net/donate
Archives:  http://news.gmane.org/gmane.network.wireless.portland.general/                                               
Etiquette: http://www.personaltelco.net/index.cgi/MailingListEtiquette
List information: http://lists.personaltelco.net
To post to this group, send email to ptp-g...@googlegroups.com
To unsubscribe from this group, send email to
ptp-general...@googlegroups.com


Irving Popovetsky

unread,
Dec 2, 2009, 12:35:09 PM12/2/09
to ptp-g...@googlegroups.com
Team,  here's an opportunity to discuss a "user friendliness" issue with free wifi systems.

UPnP and NAT-PMP were designed to gracefully handle dynamic port forwarding for ports > 1024.    It's included with most open source router/firewall distros.   I find it pretty useful at home and well supported on all platforms. 

Pros:  Used by many voice/video chat clients  (iChat,  Skype, probably others) to get around NAT issues and provide a better voice/video experience.

Cons:  Also used to easily enable Bittorrent seeding.  Probably not desirable on the typical overworked PTP node,  but that isn't my call.    Also a potential security risk, as users may be unknowingly exposing themselves to the Internet boogeyman even more than usual.

The percentage of users who will want to forward SSH to themselves (via a high port) is probably very small.  The major use cases are stated above.  But if those users are people who assist PTP, shouldn't they deserve a perk or two?   Perhaps it would help retain volunteers.

-Irving

Tyler Booth

unread,
Dec 2, 2009, 1:16:53 PM12/2/09
to ptp-g...@googlegroups.com
Unfortunately the current firmware version on the installed CPE does not support UPnP. I don't know where the rest of the members stand on it. Personally I'm indifferent, but 90% of the time it only facilitates high-bandwidth applications such as bittorrent, ichat/skype ptp file transfers and video chats (regular iChat/Skype use works fine without it). I'm not saying it's not useful, however as you pointed out, it can cause problems on heavily used networks such as the miss-net.

stephouse networksTyler Booth // President
ph. 503.548.2000 | fx. 503.548.2002
921 SW Washington St, Suite 224
Portland OR 97205


Russell Senior

unread,
Dec 2, 2009, 1:50:18 PM12/2/09
to jon, ptp-g...@googlegroups.com
>>>>> "jon" == jon <sito...@gmail.com> writes:

jon> hi, i am a regular user of the mississippi ptp network, and on
jon> most days can connect from my home a couple blocks away. i am
jon> wondering what ptp policy is for setting up nat or port
jon> forwarding (etc) for us normal users to be able to get to our
jon> ptp-connected machines from the outside world?

jon> obviously there are matters of security to contend with and so
jon> forth, but i am thinking of an unused outside port mapping to
jon> port 80 of my linux box (presumably on a mac-assigned static
jon> internal ip address), so that i can demo some of my web
jon> development to outsiders. as a bonus, another port going to 22
jon> wouldnt hurt either! heh

jon> this is not at all an urgent or critical inquiry, more just one
jon> of curiosity. i tend to push things through svn to outside hosts
jon> when i *really* need to show some development, but it would just
jon> be so convenient to have somewhere to point to that has the
jon> active development.

jon> thanks much, especially for keeping the network going over here!
jon> -jon

jon> p.s. i have offered before, but will state again -- i am
jon> available for any light net admin kinda maintenance on the mgp
jon> network as needed. i even helped climb up on the ballroom roof
jon> once to get some new equipment in. lemme know.

Jon,

Even though this is coming from a PTP officer, this is not a policy
the board has discussed extensively, so you can take it as an
unofficial opinion.

Probably the best way to get some kind of "special accomodation" would
be to become a volunteer and demonstrate that you are a "giver" and
not just a "taker". Becoming a visible volunteer probably means
showing up at meetings, coming to work parties, helping out on
networks that don't necessarily directly benefit yourself, etc.

Right now, as Tyler mentioned, there are not a lot of incoming ports
configured, so we have no simple way immediately at hand to solve your
problem. Also, it sounds like you could solve most of your problem by
just pushing your svn stuff out more frequently.

If you want to discuss it some more, we can continue this thread more,
or feel free to come to one of our meetings. We are having a weekly
meeting tonight at NodeKentonStation at 6:30pm.


--
Russell Senior, President
rus...@personaltelco.net

Michael Weinberg

unread,
Dec 2, 2009, 2:13:24 PM12/2/09
to ptp-g...@googlegroups.com
> Probably the best way to get some kind of "special accomodation" would
> be to become a volunteer and demonstrate that you are a "giver" and
> not just a "taker".  Becoming a visible volunteer probably means
> showing up at meetings, coming to work parties, helping out on
> networks that don't necessarily directly benefit yourself, etc.

I generally think that those who are involved in maintenance and other
PTP extending work should be allowed to have special perks, provided
they do the footwork and maintain those special things they've setup
for themselves. That's kind of the idea behind community networks; by
building them for ourselves, we can make them work the way we want.

--
Michael Weinberg
Volunteer
Personal Telco Project, Inc.
A 501(c)(3) Non-Profit

Gary

unread,
Dec 2, 2009, 3:50:36 PM12/2/09
to ptp-g...@googlegroups.com
BitTorrent or apps that use P2P technologies (e.g. Skype) do not need
an inbound open port in order to work as they were designed with NAT
in mind. That kind of traffic not easily blockable on SOHO networking
gear unless something like DD-WRT has been installed on them which has
an option to block P2P traffic.

-Gary

Tyler Booth

unread,
Dec 2, 2009, 4:40:20 PM12/2/09
to ptp-g...@googlegroups.com
Two "peers" behind a NAT router are unable to communicate (it's impossible by design) unless you have the router configured with a static forwarded port (configured in the P2P application and your router), or if the router (and your P2P application) supports dynamic port forwarding (UPnP).

If the remote peer is on a public IP, it's not an issue. This is mostly handled behind the scenes however by UPnP as it's supported by most routers and applications requiring it these days.

stephouse networksTyler Booth // President
ph. 503.548.2000 | fx. 503.548.2002
921 SW Washington St, Suite 224
Portland OR 97205


Michael Weinberg

unread,
Dec 2, 2009, 7:03:15 PM12/2/09
to ptp-g...@googlegroups.com
BitTorrent can download from seeds or peers that are not behind NAT
(or port forwarded) but cannot find a BitTorrent peer that is blocked
by NAT. If your BitTorrent client is behind NAT, once you begin to
download from someone who is not behind NAT, they will be aware of
you, and can download from you, but others who you aren't connected to
yet won't be able to find you.

So NAT will limit BitTorrent seeding and downloading, but not stop it.

Don Park

unread,
Dec 2, 2009, 7:06:51 PM12/2/09
to ptp-g...@googlegroups.com
On Wed, Dec 2, 2009 at 1:40 PM, Tyler Booth <ty...@stephouse.net> wrote:
Two "peers" behind a NAT router are unable to communicate (it's impossible by design) unless you have the router configured with a static forwarded port (configured in the P2P application and your router), or if the router (and your P2P application) supports dynamic port forwarding (UPnP).


This reminds me of one of the great quotes of the Internet:

"NAT turns the internet into TV." -- RobFlickenger (Aug 2001)
 http://wiki.personaltelco.net/QuotableQuotes

Don

Jon V

unread,
Dec 2, 2009, 10:39:49 PM12/2/09
to Russell Senior, ptp-g...@googlegroups.com
openvpn ended up working just fine, as also did using ssh as a tunnel.  i guess i am learning new stuff all the time.

i completely understand the unofficial stance and give/take scenario, even if it has turned out i didnt really need special consideration after all.  i have tried to help out around here when i can -- i was up on the roof of the ballroom helping getting that new hardware up there.  but since my schedule is pretty packed, i figured i would just let you guys know that i can kinda poke around the network over here pretty easily if you need a "man on the ground"... i live only 2 blocks from fresh pot.

again, thanks for your time/help so much.  i am glad i ended up not having to need anything extra.  (for the record, i just dont have a box up "outside" that has recent enough software to run what i am developing at my home.   hence, svn not really being helpful for me right now -- i have nowhere to send things!)

i think, despite its long history, ptp is still fairly underappreciated in portland ... i only wish i could help more.  thanks for all the hard work!

thanks,
-jon

On Wed, Dec 2, 2009 at 10:50 AM, Russell Senior <rus...@personaltelco.net> wrote:
Reply all
Reply to author
Forward
0 new messages