[Ndn-interest] reaching NDN testbed from behind a firewall
Davide Pesavento
davide.pesavento at lip6.fr
Wed Dec 16 16:05:45 PST 2015
On Thu, Dec 17, 2015 at 12:16 AM, Alex Afanasyev <aa at cs.ucla.edu> wrote:
> Hi Craig,
>
> ssh tunnels TCP port, so it is understandable why you have failed.
>
> You can try workarounds discussed here:
> http://superuser.com/questions/53103/udp-traffic-through-ssh-tunnel or use
The first answer in that thread is simply wrong in my opinion. There's
no guarantee that the TCP tunnel and the FIFO will preserve UDP
datagram boundaries, thus breaking any higher-layer protocols that
rely on them.
The second answer (using the -w option of openssh) should work, but
requires superuser privileges at both ends of the tunnel.
> tcp-based face when using the tunnel (tcp://localhost:5000)
This is probably the easiest workaround.
Also, it may be worth pointing out that, since version 6.7, openssh
supports forwarding of Unix domain sockets over the ssh tunnel, just
like TCP sockets. I've never tried this technique with NFD but it
should work fine. Unfortunately it's not a solution for the testbed
nodes (yet), since they don't have a recent enough version of openssh
installed.
Best,
Davide
> ---
> Alex
>
> On Dec 16, 2015, at 3:09 PM, Murray, Craig <cmurray at verisign.com> wrote:
>
> Hi all,
>
> I am trying to use NdnCom to connect with others on the testbed, but I am
> behind a firewall and port 6363 is not open. I thought I might be able to
> tunnel using ssh, but this does not work (below is more detail on what I
> tried). Does anyone have experience and/or suggestions that would help me?
> My guess is this is obvious to someone who knows more than I. My apologies
> if so.
>
> Thanks in advance for any help,
> Craig
>
> ---------------------------------
> Detail:
> I have three machines running NFD inside the firewall.
> First I tested that ndnping works between machines inside:
> On machine B I do the following:
> ndnpingserver /ndn/internal/B
> On machine A I do the following:
> nfdc register /ndn/internal udp://<address.of.B>
> ndnping /ndn/internal/B
> Of course this works. Next I remove entries from NFD tables
> On machine A I do the following:
> nfdc unregister /ndn/internal <face-id-of-B>
> Next I ssh from machine A to machine B, forwarding a port
> On machine A I do the following:
> ssh <address.of.B> -L 4000:localhost:6363
> nfdc register /ndn/internal udp://localhost:4000
> ndnping /ndn/internal/B
> This does not work. Packets time out.
>
> I have also tried the following:
> On machine C I do:
> nfdc register /ndn/internal udp://<address.of.B>
> ndnping /ndn/internal/B
> This works so then I try tunneling form A to C:
> First I end the ssh running between A and B.
> Then on machine A:
> ssh <address.of.C> -L 5000:<address.of.B>:6363
> nfdc unregister /ndn/internal <face-id-of-localhost:4000>
> nfdc register /ndn/internal udp://localhost:5000
> ndnping /ndn/internal/B
> Of course, this does not work either. I have not tried the same thing with
> ssh from a machine inside the firewall to a machine outside the firewall
> (also running NFD) but if it does not work without a firewall in between
> machines, it certainly won’t work with the firewall added. Thanks for any
> help.
>
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
>
>
> _______________________________________________
> Ndn-interest mailing list
> Ndn-interest at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>
More information about the Ndn-interest
mailing list