[Ndn-interest] reaching NDN testbed from behind a firewall

Murray, Craig cmurray at verisign.com
Thu Dec 17 06:19:57 PST 2015


Thanks all! I have it working through ssh tunnel with using tcp.  I will
pursue better options also.  Many thanks for the advice.
‹ Craig

On 12/16/15, 7:05 PM, "Davide Pesavento" <davide.pesavento at lip6.fr> wrote:

>On Thu, Dec 17, 2015 at 12:16 AM, Alex Afanasyev <aa at cs.ucla.edu> wrote:
>> Hi Craig,
>>
>> ssh tunnels TCP port, so it is understandable why you have failed.
>>
>> You can try workarounds discussed here:
>> http://superuser.com/questions/53103/udp-traffic-through-ssh-tunnel or
>>use
>
>The first answer in that thread is simply wrong in my opinion. There's
>no guarantee that the TCP tunnel and the FIFO will preserve UDP
>datagram boundaries, thus breaking any higher-layer protocols that
>rely on them.
>
>The second answer (using the -w option of openssh) should work, but
>requires superuser privileges at both ends of the tunnel.
>
>> tcp-based face when using the tunnel (tcp://localhost:5000)
>
>This is probably the easiest workaround.
>
>Also, it may be worth pointing out that, since version 6.7, openssh
>supports forwarding of Unix domain sockets over the ssh tunnel, just
>like TCP sockets. I've never tried this technique with NFD but it
>should work fine. Unfortunately it's not a solution for the testbed
>nodes (yet), since they don't have a recent enough version of openssh
>installed.
>
>Best,
>Davide
>
>> ---
>> Alex
>>
>> On Dec 16, 2015, at 3:09 PM, Murray, Craig <cmurray at verisign.com> wrote:
>>
>> Hi all,
>>
>> I am trying to use NdnCom to connect with others on the testbed, but I
>>am
>> behind a firewall and port 6363 is not open.  I thought I might be able
>>to
>> tunnel using ssh, but this does not work (below is more detail on what I
>> tried).  Does anyone have experience and/or suggestions that would help
>>me?
>> My guess is this is obvious to someone who knows more than I.  My
>>apologies
>> if so.
>>
>> Thanks in advance for any help,
>> Craig
>>
>> ---------------------------------
>> Detail:
>> I have three machines running NFD inside the firewall.
>> First I tested that ndnping works between machines inside:
>> On machine B I do the following:
>> ndnpingserver /ndn/internal/B
>> On machine A I do the following:
>> nfdc register /ndn/internal udp://<address.of.B>
>> ndnping /ndn/internal/B
>> Of course this works.  Next I remove entries from NFD tables
>> On machine A I do the following:
>> nfdc unregister /ndn/internal <face-id-of-B>
>> Next I ssh from machine A to machine B, forwarding a port
>> On machine A I do the following:
>> ssh <address.of.B> -L 4000:localhost:6363
>> nfdc register /ndn/internal udp://localhost:4000
>> ndnping /ndn/internal/B
>> This does not work.  Packets time out.
>>
>> I have also tried the following:
>> On machine C I do:
>> nfdc register /ndn/internal udp://<address.of.B>
>> ndnping /ndn/internal/B
>> This works so then I try tunneling form A to C:
>> First I end the ssh running between A and B.
>> Then on machine A:
>> ssh <address.of.C> -L 5000:<address.of.B>:6363
>> nfdc unregister /ndn/internal <face-id-of-localhost:4000>
>> nfdc register /ndn/internal udp://localhost:5000
>> ndnping /ndn/internal/B
>> Of course, this does not work either.  I have not tried the same thing
>>with
>> ssh from a machine inside the firewall to a machine outside the firewall
>> (also running NFD) but if it does not work without a firewall in between
>> machines, it certainly won¹t work with the firewall added.  Thanks for
>>any
>> help.
>>
>>
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>>
>>
>>
>> _______________________________________________
>> Ndn-interest mailing list
>> Ndn-interest at lists.cs.ucla.edu
>> http://www.lists.cs.ucla.edu/mailman/listinfo/ndn-interest
>>





More information about the Ndn-interest mailing list