Re: netsync with port forwarding

[Hendrik Boom]

On Sun, Jun 06, 2021 at 10:51:21AM +0200, Michael Raskin wrote:
> >Or is here some other way of achieving the same result -- letting 
> >netsync work when I'm not at home?
> 
> As an «adapt to the modem» approach, I would consider forwarding SSH and
> either port forwarding netsync in SSH connection or directly using SSH
> repository address (which means netsync through standard input/output
> through SSH).

Two approaches here.

(1) persuade modem to do the right thing with port 4691.
I've already done that, but it didn't help.  Presumably because port
forwarding is more complicated that just rewriting packets.  It is also 
necessary to do some kind of connexion tracking so that replies to 
incoming conexions are properly treated.

It's entirely possible that the incomming netsync connection is properly 
routed to usher, but that ushers' reply is not getting out through the 
modem.

Netsync relies on some underlying conventions on the use of TCP for a 
two-way connexion.  Is there some other protocol that shares these 
conventions?  If so I could tell the modem that this other protocol is 
now being used on port 4691.

(2) use ssh.

I guess that would involve the ssh: URI's instead of mtn" URI's

But this is a solution that works for me only.

I'd like these some of these repositories to be readable 
by the public.  Monotone itself has enough safeguards on a netsync 
connexion for this.  But even if I use a separate account for montone 
repositories, someone that can use ssh to access monotone can also 
use ssh directly and attack the repositories (by tricks like rm).

Or is some kind of limiter possible with ssh usage?

-- hendrik