Re: netsync with port forwarding -- SOLVED

[Hendrik Boom]

On Sun, Jun 06, 2021 at 08:21:44PM +0200, Michael Raskin wrote:
> >> >Netsync relies on some underlying conventions on the use of TCP for a 
> >> >two-way connexion.  Is there some other protocol that shares these 
> >> >conventions?  If so I could tell the modem that this other protocol is 
> >> >now being used on port 4691.
> >> 
> >> I would frankly start with tcpdump on both sides while trying to connect
> >> from outside. Routers can break so many things it is not even funny…
> >
> >I know.  A port forwarding NAT is an intense kludge.
> 
> Static port forwarding doesn't need to be, however routers sometimes 
> have a ton of interesting modes that make things complicated, usually 
> not well named.
> 
> Also, it could be that the router port forwards only connections from
> outside, while the ISP by default blocks incoming traffic on unknown 
> ports. In the latter case there are two options: actually believing it
> is good for safety, and letting through the ports explicitly requested
> (if a person can explain what port is needed, this person can probably
> be made to clean up their PC if malware gets too annoying for the 
> network); or trying to make residential connections less attractive 
> compared to business connections (doesn't work well in the world of 
> cheap VPS, but…)
> 
> >There was once a publicly accessible site of monotone repositories 
> >called something like mtn-prjk.net -- a kind of github for monotone.  
> >That would have accomplished my desire.  Alas!  it exists no more.
> 
> mtn-host.prjek.net, yes…
> 
> >Does netsync support IPv6?
> >
> >If so there will still be the question of whether the public and the 
> >coffee ships do.)
> 
> In principle Monotone even has some code conditional on IPv6 being used.
> Among ISPs, both coverage and brokenness vary for IPv6…
> 

I believe I got it to work?  I found one more trick in the cofiguration 
menu.  Theres a firewall, which knows about proper redirection for a 
large number of protocols, but not netsync.
It turns out to have a garbage destination -- where to send all packets 
that it doesn't know what to do with.  This is presumably intended to ba 
a machine that cac collect statistics and check for ossible attacks.

So I just designate my server as my garbage machine.

It will ignore any port that's not open, and I control that by what 
services I choose to provide.

And if netsync uses the familiar trick of initiating a connexion on port 
4691 and than replying to say what port the rest of the comminication 
should take place on,
* it ould formerly get lost because redirection treats it as a attack,
* But now it's sent to the garbage machine, which does know what to do 
with it.

And I went to a coffee shop to check it's working.

-- hendrik