Have you considered Hole punching techniques? [1] TCP, UDP, ICMP hole punching... There are many techniques. I don't know if the WebSocket protocol would prevent it.
STUN [2] like techniques where a third non-firewalled server helps to traversal the NAT. (Only NAT, not used a proxy.)
pwnat [3] also looks interesting. It doesn't need a third server and lets connect two nat'ed machines with each other.
There are probable more things to consider. For example if the pwnat method (or any other nat traversal method) could later be easily used to fingerprint and censor the connection.
[1] https://en.wikipedia.org/wiki/Hole_punching [2] https://en.wikipedia.org/wiki/STUN [3] http://samy.pl/pwnat/
Alexandre:
It's unfortunately a limitation of the technology we are using. The proxies run as javascript code in peoples' web browsers, and use the WebSocket protocol to relay traffic from the client to the relay.
This protocol is designed to allow bidirectional communication from a browser to a web server using a single connection, as a replacement for the current method, which is to constantly make new http requests to the server. In this scenario it doesn't really make sense for web browsers to accept connections, so browser implementations don't let you do it. So the user has to be able to accept connections on his end.
You can get the full details on flash proxies here:
https://crypto.stanford.edu/flashproxy/
Alex
On 2012-12-13, at 12:10 PM, adrelanos adrelanos@riseup.net wrote:
Alexandre:
- Is configuring port forwarding insurmountable for you?
It was always too much to ask the user to set up a port forwarding. Try asking your non-technical friends or family. You'll see. Alternatively search for RetroShare, emule, filesharing port forwarding and see how many people having trouble.
There are also cases, where it is impossible to set up a port forwarding. Such cases include for example 3G networks, WiFi hotspots or all other networks where the admin won't do it for you.
I think dropping the requirement for a port forwarding is crucial to let any non-geek users profit from it. Or wait for IPv6 and such problems will vanish? _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev