I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

- Don't start UPnP if we have a public interface address

Browse Source 
- Fix setting IP to a local interface address
- Work on the configuration help some more
This commit is contained in:
zzz
2009-05-10 15:40:50 +00:00
parent ee7e70b98a
commit 47fc3b0d0b
3 changed files with 43 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHandler.java
View File

@ -42,7 +42,7 @@ public class ConfigNetHandler extends FormHandler {
private String _reseedFrom;
private boolean _enableLoadTesting;
private String _sharePct;
private boolean _ratesOnly; // always false
private static final boolean _ratesOnly = false; // always false - delete me
private static final String PROP_HIDDEN = Router.PROP_HIDDEN_HIDDEN; // see Router for other choice
protected void processForm() {
@ -139,11 +139,12 @@ public class ConfigNetHandler extends FormHandler {
if (_udpHost1 != null && _udpHost1.length() > 0)
uhost = _udpHost1;
else if (_udpHost2 != null && _udpHost2.length() > 0)
uhost = _udpHost1;
uhost = _udpHost2;
else
_udpAutoIP = UDPTransport.DEFAULT_SOURCES;
}
_context.router().setConfigSetting(UDPTransport.PROP_SOURCES, _udpAutoIP);
// Todo: Catch local IPs right here rather than complaining later
_context.router().setConfigSetting(UDPTransport.PROP_EXTERNAL_HOST, uhost);
if ((!oldUdp.equals(_udpAutoIP)) || (!oldUHost.equals(uhost))) {
addFormNotice("Updating IP address");
@ -166,6 +167,7 @@ public class ConfigNetHandler extends FormHandler {
if ("disabled".equals(_ntcpAutoIP)) {
addFormNotice("Disabling TCP completely");
} else if ("false".equals(_ntcpAutoIP) && _ntcpHostname.length() > 0) {
// Todo: Catch local IPs right here rather than complaining later
_context.router().setConfigSetting(ConfigNetHelper.PROP_I2NP_NTCP_HOSTNAME, _ntcpHostname);
addFormNotice("Updating inbound TCP address to " + _ntcpHostname);
} else {

51
apps/routerconsole/jsp/config.jsp
View File

@ -83,7 +83,7 @@
</p><p>
<b>UPnP Configuration:</b><br />
<input type="checkbox" name="upnp" value="true" <jsp:getProperty name="nethelper" property="upnpChecked" /> />
Enable UPnP to open firewall ports <a href="peers.jsp#upnp">UPnP status</a>
Enable UPnP to open firewall ports - <a href="peers.jsp#upnp">UPnP status</a>
</p><p>
<b>IP Configuration:</b><br />
Externally reachable hostname or IP address:<br />
@ -134,11 +134,11 @@
if we are not firewalled<br />
<input type="radio" name="ntcpAutoIP" value="always" <%=nethelper.getTcpAutoIPChecked(3) %> />
Always use auto-detected IP address (Not firewalled)<br />
<input type="radio" name="ntcpAutoIP" value="false" <%=nethelper.getTcpAutoIPChecked(0) %> />
Disable inbound (Firewalled)<br />
<input type="radio" name="ntcpAutoIP" value="false" <%=nethelper.getTcpAutoIPChecked(1) %> />
Specify hostname or IP:
<input name ="ntcphost" type="text" size="16" value="<jsp:getProperty name="nethelper" property="ntcphostname" />" /><br />
<input type="radio" name="ntcpAutoIP" value="false" <%=nethelper.getTcpAutoIPChecked(0) %> />
Disable inbound (Firewalled)<br />
<input type="radio" name="ntcpAutoIP" value="disabled" <%=nethelper.getTcpAutoIPChecked(4) %> />
Completely disable <i>(select only if behind a firewall that throttles or blocks outbound TCP - change requires restart)</i><br />
</p><p>
@ -155,30 +155,45 @@
<input type="submit" name="save" value="Save changes" /> <input type="reset" value="Cancel" /><br />
<hr />
<b><a name="chelp">Configuration Help:</a></b>
<p>If you can, please poke a hole in your NAT or firewall to allow unsolicited UDP packets to reach
you on your external UDP address. If you can't, I2P now includes supports UDP hole punching
with "SSU introductions" - peers who will relay a request from someone you don't know to your
router for your router so that you can make an outbound connection to them. I2P will use these
introductions automatically if it detects that the port is not forwarded (as shown by
the <i>Reachability: Firewalled</i> line).
Users behind symmetric NATs, such as OpenBSD's pf, are not currently supported.</p>
<p>
While I2P will work fine behind most firewalls, your speeds and network integration will generally improve
if the I2P port (generally 8887) is forwarded for both UDP and TCP.
</p><p>
If you can, please poke a hole in your firewall to allow unsolicited UDP and TCP packets to reach
you. If you can't, I2P supports UPnP (Universal Plug and Play) and UDP hole punching
with "SSU introductions" to relay traffic. Most of the options above are for special situations,
for example where UPnP does not work correctly, or a firewall not under your control is doing
harm. Certain firewalls such as symmetric NATs may not work well with I2P.
</p>
<!-- let's keep this simple...
<input type="submit" name="recheckReachability" value="Check network reachability..." />
-->
<p>Hostnames entered here will be published in the network database.
</p><p>
UPnP is used to communicate with Internet Gateway Devices (IGDs) to detect the external IP address
and forward ports.
UPnP support is beta, and may not work for any number of reasons:
<ul>
<li>No UPnP-compatible device present
<li>UPnP disabled on the device
<li>Software firewall interference with UPnP
<li>Bugs in the device's UPnP implementation
<li>Multiple firewall/routers in the internet connection path
<li>UPnP device change, reset, or address change
</ul>
Reviewing the <a href="peers.jsp#upnp">UPnP status</a> may help.
UPnP may be enabled or disabled above, but a change requires a router restart to take effect.
</p><p>Hostnames entered above will be published in the network database.
They are <b>not private</b>.
Also, <b>do not enter a private IP address</b> like 127.0.0.1 or 192.168.1.1.
</p>
<p>You do <i>not</i> need to allow inbound TCP connections - outbound connections work with no
configuration. However, if you want to receive inbound TCP connections, you <b>must</b> poke a hole
in your NAT or firewall for unsolicited TCP connections. If you specify the wrong IP address or
If you specify the wrong IP address or
hostname, or do not properly configure your NAT or firewall, your network performance will degrade
substantially. When in doubt, leave the hostname and port number blank.</p>
substantially. When in doubt, leave the settings at the defaults.</p>
</p>
<hr />
<b><a name="help">Reachability Help:</a></b>
<p>
While I2P will work adequately behind a firewall, your speeds and network integration will generally improve
if you open up your port (generally 8887) to both UDP and TCP, and enable inbound TCP above.
While I2P will work fine behind most firewalls, your speeds and network integration will generally improve
if the I2P port (generally 8887) to both UDP and TCP.
If you think you have opened up your firewall and I2P still thinks you are firewalled, remember
that you may have multiple firewalls, for example both software packages and external hardware routers.
If there is an error, the <a href="logs.jsp">logs</a> may also help diagnose the problem.

7
router/java/src/net/i2p/router/transport/TransportManager.java
View File

@ -131,7 +131,12 @@ public class TransportManager implements TransportEventListener {
}
public void startListening() {
if (_upnpManager != null)
// For now, only start UPnP if we have no publicly-routable addresses
// so we don't open the listener ports to the world.
// Maybe we need a config option to force on? Probably not.
// What firewall supports UPnP and is configured with a public address on the LAN side?
// Unlikely.
if (_upnpManager != null && Addresses.getAnyAddress() == null)
_upnpManager.start();
configTransports();
_log.debug("Starting up the transport manager");