Hi,
The message you see is not indicating a bug. It's is just a left over from a debugging session.
Did you fix the Nat Traversal problem (or better the problem that GIST was complaining about a NAT without any NAT being present)? How?
From your mails I can't really tell to which extend your test is working and where it breaks.
What is happening, what do you expect to happen? With more debug output (start ./nsis with -debug 3 or -debug 2) I might be able to help.
Thank you for your interest and I am confident that we will make this work for you.
Regards, Christian Dickmann
-----Original Message----- From: nsis_imp-bounces@informatik.uni-goettingen.de [mailto:nsis_imp- bounces@informatik.uni-goettingen.de] On Behalf Of Mikael Henriksson Sent: Wednesday, July 04, 2007 2:42 PM To: Niklas Steinleitner Cc: nsis_imp@informatik.uni-goettingen.de Subject: [Nsis_imp] Configuring natfwd )
I looked up that GistMAEntry again. It's in GistMAEntry.cpp in this method:
void GistMAEntry::setSock(Socket * sock) { DebugLogger::print(5, "void GistMAEntry::setSock(Socket * sock)\n"); theSock = sock; if (dynamic_cast<TCPTLSSocket*>(sock) != 0) { profileLength = 2; profile[0] = GIST_STACK_PROTO_TLS; profile[1] = GIST_STACK_PROTO_TCP; } else if (dynamic_cast<TCPSocket*>(sock) != 0) { profileLength = 1; profile[0] = GIST_STACK_PROTO_TCP; } #ifdef SCTP_SUPPORT_FOUND else if (dynamic_cast<SCTPSocket*>(sock) != 0) { profileLength = 1; profile[0] = GIST_STACK_PROTO_SCTP; } #endif // SCTP_SUPPORT_FOUND }
It seems only to be a debug printout, but I wonder what the purpose is of that printout is. I bet it is for debugging, but is the bug fixed? Simply put, is there some bug that prevents me from using NSIS to configure the NATFW box?
As stated, what I want is to be able to create a NAT-mapping in a NATFW virtual machine using NSIS, so that the other NSIS-enabled box can accept incoming connection attempts. Basically dynamically mapping opening ports.
Mikael
On Wed, 4 Jul 2007, Niklas Steinleitner wrote:
Please try with a real public address, not with a private one as 10.0.0.0/8 as public. I belief the NAT part does not work with
private addresses.
Do you still have the "Legacy NAT detected" problem?
Niklas
Mikael Henriksson schrieb:
Got past that problem, now on to the next one. I keep getting odd errors half the time. Can somebody just please explain how to configure the NATFW box as an edge router between the private
network
192.168.1.X and the public network 10.0.0.X. This is a virtual network with virtual machines, hence using in truth private LAN topologies and treating them as public Internet. What I want is the NATFW box to act as a proxy between NSIS-enabled private network and
NSIS-disabled public network.
Mikael
On Wed, 4 Jul 2007, Mikael Henriksson wrote:
Hello,
It seems that I've got trouble configuring the NSIS NATFWD. The FW part seems to work, but I can't get the NAT part working.
Oddly enough, I get the GistException: Legacy NAT detected. I dug
up
on the Internet a draft, which implies that the NAT device is not NSIS-enabled, though it very well should be. I figured out that the cause may be that NSIS does not have explicit access to iptables,
at
least as far as I know. I do not know how to give NSIS explicit access to iptables, other than running nsis as root.
I have however noticed that when having the FWon switched to true, NSIS creates it's own chains in iptables filter table. But the nat table remains untouched, as if NSIS did not have access to it. I've configured the settings as far as I can tell correctly. I'll paste
them both below:
NATFW device configuration file:
# ******************************************* # ***** General Configuration ***** # *******************************************
# Start Ping and Diagnostics NSLP daemon together with GIST nslp.startPing = yes nslp.startQoS = no nslp.startNatFw = yes nslp.startDiag = yes
# Accept explicitly routed messages (default is yes) gist.acceptExplicitMessages = yes
# Accept GIST DATA messages that do not relate to any GIST state (default is yes) gist.acceptStatelessGistMessage = yes
# ******************************************* # ***** GIST Transport Configuration ***** # *******************************************
## Policies which transport protocols are offered to peers. # Offer SCTP as transport to peers? gist.offerSCTP = no
# Offer TLS over TCP as transport to peers? gist.offerTLS = no
## Policies # Prefer SCTP over TCP as transfer protocol? gist.useSCTP = no
# ******************************************* # ***** GIST Timer Configuration ***** # *******************************************
## All Timeouts are measured in milliseconds
# How long do we wait for a Response to out initial Query? # On retransmission, this value is doubled each time. (default: 10000 ms) gist.timeout.waitForInitialResponse = 10000
# How long do we wait for a Confirm on the Receiver-Side? (default: 10000 ms) gist.timeout.waitForConfirm = 10000
# How long do we wait between sending refreshing Queries? (default: 30000 ms) gist.timeout.refreshInterval = 30000
# How long do we wait for a Response to a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.queryingNodeStateExpiration = 100000
# How long do we wait for a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.respondingNodeStateExpiration = 100000
# ******************************************* # ***** IP address/routing configurtion ***** #
# If readRoutingTable is set to yes, all IP address configuration # used by NSIS is derived from the local IP routing tables and # interface information. # NOTE: If readRoutingTable is set to yes, all remaining IP address # configuration in this file is NOT used by NSIS. readRoutingTable = no
# CAUTION: The address configuration is like a routing table.
# This example IPv4 configuration contains a default route # as
well
as special configuration for two network segments # (i.e 192.168.0.0/24 and 192.168.1.0/24) IPv4.entries = 2
# This is the only route that is secured by NSIS. # DEFAULT ROUTE NEEDS TO BE FIRST IN LIST! IPv4[1].addr = 10.0.0.2 IPv4[1].net = 0.0.0.0 IPv4[1].mask = 0 # This address is the extrernal address to the public network. IPv4[1].natfw.useAsExternalAddress = yes # Network is public (i.e. the global internet) # IPv4[1].natfw.isPrivateNet = no
# This is the only route that is secured by NSIS. IPv4[0].addr = 192.168.1.3 IPv4[0].net = 192.168.1.0 IPv4[0].mask = 24 # This addrss is not the external address to the public network. # IPv4[0].natfw.useAsExternalAddress = no # Network is private # IPv4[0].natfw.isPrivateNet = yes
# ******************************************* # ***** NatFW NSLP Configuration ***** # *******************************************
# This host runs a NAT and a firewall. Exclusive access to iptables is # recommended... How to enable that? natfw.isNAT = yes natfw.isFW = yes
# Hosts inside the private network can reserve external
addresses/ports.
# As the above configuration shows, 10.0.0.1 is the only external address this # router has to offer: natfw.resources.IPv4.entries = 1 natfw.resources.IPv4[0].addr = 192.168.1.3
NSIS-enabled host behind NAT, trying to access public network:
# ******************************************* # ***** General Configuration ***** # *******************************************
# Start Ping and Diagnostics NSLP daemon together with GIST nslp.startPing = yes nslp.startQoS = no nslp.startNatFw = yes nslp.startDiag = yes
# Accept explicitly routed messages (default is yes) gist.acceptExplicitMessages = yes
# Accept GIST DATA messages that do not relate to any GIST state (default is yes) gist.acceptStatelessGistMessage = yes
# ******************************************* # ***** GIST Transport Configuration ***** # *******************************************
## Policies which transport protocols are offered to peers. # Offer SCTP as transport to peers? gist.offerSCTP = no
# Offer TLS over TCP as transport to peers? gist.offerTLS = no
## Policies # Prefer SCTP over TCP as transfer protocol? gist.useSCTP = no
# ******************************************* # ***** GIST Timer Configuration ***** # *******************************************
## All Timeouts are measured in milliseconds
# How long do we wait for a Response to out initial Query? # On retransmission, this value is doubled each time. (default: 10000 ms) gist.timeout.waitForInitialResponse = 10000
# How long do we wait for a Confirm on the Receiver-Side? (default: 10000 ms) gist.timeout.waitForConfirm = 10000
# How long do we wait between sending refreshing Queries? (default: 30000 ms) gist.timeout.refreshInterval = 30000
# How long do we wait for a Response to a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.queryingNodeStateExpiration = 100000
# How long do we wait for a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.respondingNodeStateExpiration = 100000
# ******************************************* # ***** IP address/routing configurtion ***** #
# If readRoutingTable is set to yes, all IP address configuration # used by NSIS is derived from the local IP routing tables and # interface information. # NOTE: If readRoutingTable is set to yes, all remaining IP address # configuration in this file is NOT used by NSIS. readRoutingTable = no
# CAUTION: The address configuration is like a routing table.
# This example IPv4 configuration contains a default route # as
well
as special configuration for two network segments # (i.e 192.168.0.0/24 and 192.168.1.0/24) IPv4.entries = 1
# The first entry is meant as a default route. It is used when # no subsequent entry matches. IPv4[0].addr = 192.168.1.1 IPv4[0].net = 0.0.0.0 IPv4[0].mask = 0 IPv4[0].natfw.useAsExternalAddress = yes # IPv4[0].natfw.isPrivateNet = yes
# ******************************************* # ***** NatFW NSLP Configuration ***** # *******************************************
# Not a NAT nor a firewall. natfw.isNAT = no natfw.isFW = no
Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
-- Niklas Steinleitner Tel: +49 551 3913583 Institute for Informatics steinleitner@cs.uni-goettingen.de University of Göttingen http://www.tmg.informatik.uni-
goettingen.de
Lotzestrasse 16-18 D-37083 Göttingen, Germany
I did fix the Legacy NAT detected -problem. I am not completely sure of what fixed it though. I was fiddling around in the configuration file, checking everything and obviously I made some small change that fixed it.
What I want, is the NATFW router to act as an Edge-router betwen NSIS-enabled and NSIS-disabled networks. I use the proxy mode switch -x in the natfw command, which as far as I understand should make the edge router act as a proxy. Thus, which should happen by the NSIS RFC, is that the edge-router sends the RESPONSE message itself back to the NSIS-network.
Currently no RESPONSE message is passed back, and thus both the NATFW box and the other box, let's call it BOX1, just keep on waiting for the reply which never comes. With TCPDump, I can see that the NATFW box does not understand it should act as a proxy, but instead keeps on sending packets on to the public network. The reply, is as I do not have any service running on the target machine, port unreachable. The NATFW box does not react on the port unreachable, so I assume it does not act as a proxy, but as a normal NSIS router routing NSIS-packets to the next NSIS-enabled router.
Here is the debug output of nsis -debug 3 on the NATFW box, which I deemed as the most interesting of all debug outputs. -debug 2 didn't provide much info at all, just counting te three counts: GenericObject, NatBinding and FwPinhole counts as 0 all the time.
debian:/home/user/Desktop/nsis-0.5.0# ./bin/nsis -debug 3 (err) Configuration: Using 193.0.0.2 as local IPv4 address (err) Configuration: Using 192.168.1.3 as local IPv4 address (err) Setting Debug Level to 3 NSIS daemon v0.5.0 starting ... My PID id = 25083 FD is -1 TEST: no Starting pingServer (pid: 25084) ... Starting diagServer (pid: 25086) ... (warn) Debug client connected (warn) *** Connection over Unix Socket *** (warn) register_unix_sd : new connection sd[9] added to Event Loop. (warn) Debug Client send 3 (warn) *** Received API Call *** (err) Registered NSLP with NSLPID 3 Starting natfwServer (pid: 25085) ... (err) Diag: connected to GIST server (warn) *** Connection over Unix Socket *** (warn) register_unix_sd : new connection sd[10] added to Event Loop. (warn) *** Received API Call *** (err) Registered NSLP with NSLPID 5 iptables: Chain already exists iptables: Chain already exists iptables: Chain already exists (warn) *** Connection over Unix Socket *** (warn) register_unix_sd : new connection sd[11] added to Event Loop. (warn) *** Received API Call *** (err) Registered NSLP with NSLPID 2 (warn) *** Received RAO packet (value = 00 00) *** (warn) *** Dmode message from : 192.168.1.1:4> *** (warn) *** This is a UNknown flow *** (warn) Creating new MA (warn) register_server_sd : new connection sd[12] added to Event Loop. (warn) Found the pending MA (crit) void GistMAEntry::setSock(Socket * sock) (warn) *** Cmode connect via IPv4 from : 192.168.1.1:1810 *** (warn) register_sd : new connection sd[13] added to Event Loop. (warn) *** This is a known flow *** (warn) Checking Stack Proposal in CONFIRM ... (err) MA Keep Alive Timer started ... (warn) *** This is a known flow *** (warn) (NatFw) sid: c5cf434394be6a507aab21a713b97b16 (warn) (NatFw) sid: c5cf434394be6a507aab21a713b97b16 (warn) (NatFw) triggerEvent: st_nf_idle(1) ev_rx_create(6) (warn) (NatFw) isReserved: no binding reservation found for from(192.168.1.1:2020) to(193.0.0.1:30), new(192.168.1.3:0) (warn) (NatFw) reserve() binding reservation for from(192.168.1.1:2020) to(193.0.0.1:30), new(192.168.1.3:0) (warn) (NatFw) setState: st_nf_waitresp(7) (warn) (NatFw) SendMessage(srcIP: 192.168.1.3, (warn) (NatFw) destIP: 193.0.0.1) (warn) *** Received API Call *** (warn) *** Starting new Downstream FSM ***
From this point onwards it only starts renewing the MA Keep Alive Timer to BOX1.
Hope this is sufficient info to get some help. I have this summer time to finish this project, and I ain't even gotten to the real thing as getting NSIS working is the major requirement here.
With kind regards, Mikael Henriksson
On Wed, 4 Jul 2007, Christian Dickmann wrote:
Hi,
The message you see is not indicating a bug. It's is just a left over from a debugging session.
Did you fix the Nat Traversal problem (or better the problem that GIST was complaining about a NAT without any NAT being present)? How?
From your mails I can't really tell to which extend your test is working and where it breaks. What is happening, what do you expect to happen? With more debug output (start ./nsis with -debug 3 or -debug 2) I might be able to help.
Thank you for your interest and I am confident that we will make this work for you.
Regards, Christian Dickmann
-----Original Message----- From: nsis_imp-bounces@informatik.uni-goettingen.de [mailto:nsis_imp- bounces@informatik.uni-goettingen.de] On Behalf Of Mikael Henriksson Sent: Wednesday, July 04, 2007 2:42 PM To: Niklas Steinleitner Cc: nsis_imp@informatik.uni-goettingen.de Subject: [Nsis_imp] Configuring natfwd )
I looked up that GistMAEntry again. It's in GistMAEntry.cpp in this method:
void GistMAEntry::setSock(Socket * sock) { DebugLogger::print(5, "void GistMAEntry::setSock(Socket * sock)\n"); theSock = sock; if (dynamic_cast<TCPTLSSocket*>(sock) != 0) { profileLength = 2; profile[0] = GIST_STACK_PROTO_TLS; profile[1] = GIST_STACK_PROTO_TCP; } else if (dynamic_cast<TCPSocket*>(sock) != 0) { profileLength = 1; profile[0] = GIST_STACK_PROTO_TCP; } #ifdef SCTP_SUPPORT_FOUND else if (dynamic_cast<SCTPSocket*>(sock) != 0) { profileLength = 1; profile[0] = GIST_STACK_PROTO_SCTP; } #endif // SCTP_SUPPORT_FOUND }
It seems only to be a debug printout, but I wonder what the purpose is of that printout is. I bet it is for debugging, but is the bug fixed? Simply put, is there some bug that prevents me from using NSIS to configure the NATFW box?
As stated, what I want is to be able to create a NAT-mapping in a NATFW virtual machine using NSIS, so that the other NSIS-enabled box can accept incoming connection attempts. Basically dynamically mapping opening ports.
Mikael
On Wed, 4 Jul 2007, Niklas Steinleitner wrote:
Please try with a real public address, not with a private one as 10.0.0.0/8 as public. I belief the NAT part does not work with
private addresses.
Do you still have the "Legacy NAT detected" problem?
Niklas
Mikael Henriksson schrieb:
Got past that problem, now on to the next one. I keep getting odd errors half the time. Can somebody just please explain how to configure the NATFW box as an edge router between the private
network
192.168.1.X and the public network 10.0.0.X. This is a virtual network with virtual machines, hence using in truth private LAN topologies and treating them as public Internet. What I want is the NATFW box to act as a proxy between NSIS-enabled private network and
NSIS-disabled public network.
Mikael
On Wed, 4 Jul 2007, Mikael Henriksson wrote:
Hello,
It seems that I've got trouble configuring the NSIS NATFWD. The FW part seems to work, but I can't get the NAT part working.
Oddly enough, I get the GistException: Legacy NAT detected. I dug
up
on the Internet a draft, which implies that the NAT device is not NSIS-enabled, though it very well should be. I figured out that the cause may be that NSIS does not have explicit access to iptables,
at
least as far as I know. I do not know how to give NSIS explicit access to iptables, other than running nsis as root.
I have however noticed that when having the FWon switched to true, NSIS creates it's own chains in iptables filter table. But the nat table remains untouched, as if NSIS did not have access to it. I've configured the settings as far as I can tell correctly. I'll paste
them both below:
NATFW device configuration file:
# ******************************************* # ***** General Configuration ***** # *******************************************
# Start Ping and Diagnostics NSLP daemon together with GIST nslp.startPing = yes nslp.startQoS = no nslp.startNatFw = yes nslp.startDiag = yes
# Accept explicitly routed messages (default is yes) gist.acceptExplicitMessages = yes
# Accept GIST DATA messages that do not relate to any GIST state (default is yes) gist.acceptStatelessGistMessage = yes
# ******************************************* # ***** GIST Transport Configuration ***** # *******************************************
## Policies which transport protocols are offered to peers. # Offer SCTP as transport to peers? gist.offerSCTP = no
# Offer TLS over TCP as transport to peers? gist.offerTLS = no
## Policies # Prefer SCTP over TCP as transfer protocol? gist.useSCTP = no
# ******************************************* # ***** GIST Timer Configuration ***** # *******************************************
## All Timeouts are measured in milliseconds
# How long do we wait for a Response to out initial Query? # On retransmission, this value is doubled each time. (default: 10000 ms) gist.timeout.waitForInitialResponse = 10000
# How long do we wait for a Confirm on the Receiver-Side? (default: 10000 ms) gist.timeout.waitForConfirm = 10000
# How long do we wait between sending refreshing Queries? (default: 30000 ms) gist.timeout.refreshInterval = 30000
# How long do we wait for a Response to a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.queryingNodeStateExpiration = 100000
# How long do we wait for a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.respondingNodeStateExpiration = 100000
# ******************************************* # ***** IP address/routing configurtion ***** #
# If readRoutingTable is set to yes, all IP address configuration # used by NSIS is derived from the local IP routing tables and # interface information. # NOTE: If readRoutingTable is set to yes, all remaining IP address # configuration in this file is NOT used by NSIS. readRoutingTable = no
# CAUTION: The address configuration is like a routing table.
# This example IPv4 configuration contains a default route # as
well
as special configuration for two network segments # (i.e 192.168.0.0/24 and 192.168.1.0/24) IPv4.entries = 2
# This is the only route that is secured by NSIS. # DEFAULT ROUTE NEEDS TO BE FIRST IN LIST! IPv4[1].addr = 10.0.0.2 IPv4[1].net = 0.0.0.0 IPv4[1].mask = 0 # This address is the extrernal address to the public network. IPv4[1].natfw.useAsExternalAddress = yes # Network is public (i.e. the global internet) # IPv4[1].natfw.isPrivateNet = no
# This is the only route that is secured by NSIS. IPv4[0].addr = 192.168.1.3 IPv4[0].net = 192.168.1.0 IPv4[0].mask = 24 # This addrss is not the external address to the public network. # IPv4[0].natfw.useAsExternalAddress = no # Network is private # IPv4[0].natfw.isPrivateNet = yes
# ******************************************* # ***** NatFW NSLP Configuration ***** # *******************************************
# This host runs a NAT and a firewall. Exclusive access to iptables is # recommended... How to enable that? natfw.isNAT = yes natfw.isFW = yes
# Hosts inside the private network can reserve external
addresses/ports.
# As the above configuration shows, 10.0.0.1 is the only external address this # router has to offer: natfw.resources.IPv4.entries = 1 natfw.resources.IPv4[0].addr = 192.168.1.3
NSIS-enabled host behind NAT, trying to access public network:
# ******************************************* # ***** General Configuration ***** # *******************************************
# Start Ping and Diagnostics NSLP daemon together with GIST nslp.startPing = yes nslp.startQoS = no nslp.startNatFw = yes nslp.startDiag = yes
# Accept explicitly routed messages (default is yes) gist.acceptExplicitMessages = yes
# Accept GIST DATA messages that do not relate to any GIST state (default is yes) gist.acceptStatelessGistMessage = yes
# ******************************************* # ***** GIST Transport Configuration ***** # *******************************************
## Policies which transport protocols are offered to peers. # Offer SCTP as transport to peers? gist.offerSCTP = no
# Offer TLS over TCP as transport to peers? gist.offerTLS = no
## Policies # Prefer SCTP over TCP as transfer protocol? gist.useSCTP = no
# ******************************************* # ***** GIST Timer Configuration ***** # *******************************************
## All Timeouts are measured in milliseconds
# How long do we wait for a Response to out initial Query? # On retransmission, this value is doubled each time. (default: 10000 ms) gist.timeout.waitForInitialResponse = 10000
# How long do we wait for a Confirm on the Receiver-Side? (default: 10000 ms) gist.timeout.waitForConfirm = 10000
# How long do we wait between sending refreshing Queries? (default: 30000 ms) gist.timeout.refreshInterval = 30000
# How long do we wait for a Response to a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.queryingNodeStateExpiration = 100000
# How long do we wait for a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.respondingNodeStateExpiration = 100000
# ******************************************* # ***** IP address/routing configurtion ***** #
# If readRoutingTable is set to yes, all IP address configuration # used by NSIS is derived from the local IP routing tables and # interface information. # NOTE: If readRoutingTable is set to yes, all remaining IP address # configuration in this file is NOT used by NSIS. readRoutingTable = no
# CAUTION: The address configuration is like a routing table.
# This example IPv4 configuration contains a default route # as
well
as special configuration for two network segments # (i.e 192.168.0.0/24 and 192.168.1.0/24) IPv4.entries = 1
# The first entry is meant as a default route. It is used when # no subsequent entry matches. IPv4[0].addr = 192.168.1.1 IPv4[0].net = 0.0.0.0 IPv4[0].mask = 0 IPv4[0].natfw.useAsExternalAddress = yes # IPv4[0].natfw.isPrivateNet = yes
# ******************************************* # ***** NatFW NSLP Configuration ***** # *******************************************
# Not a NAT nor a firewall. natfw.isNAT = no natfw.isFW = no
Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
Nsis_Imp mailing list Nsis_Imp@informatik.uni-goettingen.de https://user.informatik.uni-goettingen.de/mailman/listinfo/nsis_imp
-- Niklas Steinleitner Tel: +49 551 3913583 Institute for Informatics steinleitner@cs.uni-goettingen.de University of Göttingen http://www.tmg.informatik.uni-
goettingen.de
Lotzestrasse 16-18 D-37083 Göttingen, Germany
Oh and here is the up to date nsis.conf from the NATFW box:
# This is an example configuration file for NSIS # Please change it to fit your needs (i.e. IP address configuration # of your host). # # For more information about the configuration, check the manual at # manual/Configuration
# ******************************************* # ***** General Configuration ***** # *******************************************
# Start Ping and Diagnostics NSLP daemon together with GIST nslp.startPing = yes nslp.startQoS = no nslp.startNatFw = yes nslp.startDiag = yes
# Accept explicitly routed messages (default is yes) gist.acceptExplicitMessages = yes
# Accept GIST DATA messages that do not relate to any GIST state (default is yes) gist.acceptStatelessGistMessage = yes
# ******************************************* # ***** GIST Transport Configuration ***** # *******************************************
## Policies which transport protocols are offered to peers. # Offer SCTP as transport to peers? gist.offerSCTP = no
# Offer TLS over TCP as transport to peers? gist.offerTLS = no
## Policies # Prefer SCTP over TCP as transfer protocol? gist.useSCTP = no
# ******************************************* # ***** GIST Timer Configuration ***** # *******************************************
## All Timeouts are measured in milliseconds
# How long do we wait for a Response to out initial Query? # On retransmission, this value is doubled each time. (default: 10000 ms) gist.timeout.waitForInitialResponse = 10000
# How long do we wait for a Confirm on the Receiver-Side? (default: 10000 ms) gist.timeout.waitForConfirm = 10000
# How long do we wait between sending refreshing Queries? (default: 30000 ms) gist.timeout.refreshInterval = 30000
# How long do we wait for a Response to a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.queryingNodeStateExpiration = 100000
# How long do we wait for a refreshing Query # until state is removed? (default: 100000 ms) gist.timeout.respondingNodeStateExpiration = 100000
# ******************************************* # ***** IP address/routing configurtion ***** # *******************************************
# If readRoutingTable is set to yes, all IP address configuration # used by NSIS is derived from the local IP routing tables and # interface information. # NOTE: If readRoutingTable is set to yes, all remaining IP address # configuration in this file is NOT used by NSIS. readRoutingTable = no
# CAUTION: The address configuration is like a routing table.
# This example IPv4 configuration contains a default route # as well as special configuration for one network segment IPv4.entries = 2
# This is the only route that is secured by NSIS. # DEFAULT ROUTE NEEDS TO BE FIRST IN LIST! IPv4[1].addr = 193.0.0.2 IPv4[1].net = 193.0.0.0 IPv4[1].mask = 24 # This address is the extrernal address to the public network. IPv4[1].natfw.useAsExternalAddress = yes # Network is public (i.e. the global internet) IPv4[1].natfw.isPrivateNet = no
# This is the only route that is secured by NSIS. IPv4[0].addr = 192.168.1.3 IPv4[0].net = 192.168.1.0 IPv4[0].mask = 24 # This addrss is not the external address to the public network. IPv4[0].natfw.useAsExternalAddress = no # Network is private IPv4[0].natfw.isPrivateNet = yes
# ******************************************* # ***** NatFW NSLP Configuration ***** # *******************************************
# This host runs a NAT and a firewall. Exclusive access to iptables is # recommended... How to enable that? natfw.isNAT = yes natfw.isFW = yes
# Hosts inside the private network can reserve external addresses/ports. # As the above configuration shows, 10.0.0.1 is the only external address this # router has to offer: natfw.resources.IPv4.entries = 1 natfw.resources.IPv4[0].addr = 192.168.1.3
# ******************************************* # ***** QoS NSLP Configuration ***** # *******************************************
# Choose the RMF: ClsRMF, SimpleRMF and NullRMF (default) are available. # See man page on what they do. (case does not matter) qos.rmf = NullRMF
## Configuration related to the SimpleRMF # Use Traffic Control on these addresses if SimpleRMF is used: qos.simplermf.interfaces = eth0
# Specify maximum overall bandwidth of the interface (default 100mbit) qos.simplermf.interface[eth0].overall_bandwidth = 100mbit
# Specify mininum bandwidth, that unclassified traffic can use (default 100kbit) # (Unclassified traffic is such traffic, that is not part of any known flow) qos.simplermf.interface[eth0].min_unclassified_bandwidth = 100kbit
# Specify maximum bandwidth, that unclassified traffic can use # (default is maximum overall bandwidth) qos.simplermf.interface[eth0].max_unclassified_bandwidth = 100mbit
nsis_imp@informatik.uni-goettingen.de