Status-react: Chat non-functional on networks that block ports other than 80/443

Created on 17 Oct 2018  路  11Comments  路  Source: status-im/status-react

Visited the Liberty Science Center today and to my surprise found a pic of Vitalik on the wall - turns out he made it to their list of resident Genuises: https://lsc.org/index.php?cID=1592 :)

They also have a free wifi that, like many other free wifi's on airports, cafes and libraries that I've been to and tried using Status, blocks anything other than web traffic, usually by port filtering (helps them avoid most torrenting for example)

Whisper, with its default settings, runs a devp2p overlay network on an odd port in the 30k range, and so do all our servers making the chat unreachable on such networks (status app shows something like "connecting to peers" indefinitely).

Possible short term fix: run a few whisper nodes on said ports (won't help with smarter, content-based packet filters, but these are less common)

Liberty Science Center
View the full list of winners from our annual Genius Gala event.
chat chat-reliability
Source
picture arnetheduck

All 11 comments

Had this issue today. Chat doesn't work when using YOTA mobile operator in Russia that probably blocks ports other than 80 and 443.

dmitryn picture dmitryn on 19 Oct 2018

@PombeirP Let's prioritize this

chadyj picture chadyj on 20 Oct 2018

Thanks for this. I imagine this is my issue as well as Status works great at home and on mobile but will hang on my office network.

mattcrum picture mattcrum on 25 Oct 2018

Chatted with @pablanopete about this a little - there are slightly longer term solutions that would be more solid ways to address this - for future reference:

  • Change the status node default to port 80/443

    • conflicts with web servers on the same IP
    • on unix, you need root access for ports <1024

  • Change the transport to WebRTC or Websockets

    • This is a better long-term solution. Together with encryption, this would make ETH traffic more difficult to filter, as it would look like ordinary web or video requests.
    • it's slightly more difficult because it involves convincing the community of ethereum developers for maximum effect
    • the most realistic way for this to happen is with the introduction of libp2p into ethereum in general
arnetheduck picture arnetheduck on 25 Oct 2018
👍1

conflicts with web servers on the same IP

Although this can probably be solved by using a reverse proxy (e.g. nginx) on the node to weed out Status traffic from other traffic, that also means that we'd be making it easy for adversaries to filter our traffic, making it look more like a stop-gap solution.

pedropombeiro picture pedropombeiro on 26 Oct 2018
👍1

conflicts with web servers on the same IP

we can also... not have any web servers on the same IP...

mandrigin picture mandrigin on 8 Jan 2019
👍1

we can also... not have any web servers on the same IP...

And we don't. None of out eth.* fleet hosts have any webservers on 80/443.

jakubgs picture jakubgs on 10 Jan 2019

I think this could be reasonably simply achieved by using iptables rules:

iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 30305

I will try this out today.

jakubgs picture jakubgs on 28 Jan 2019

I've deployed a change that uses iptables to redirect 443 to the bootnode/mailserver/1st whisper node.
Commit: https://github.com/status-im/infra-eth-cluster/commit/63a13eedc2775122f2b4ffc0a569c58c9bdea81f

It has been deployed to both eth.test and eth.staging for testing.
I have verified that it works using node-canary:

$ echo testing node-01.gc-us-central1-a.eth.test
testing node-01.gc-us-central1-a.eth.test
$ ./build/bin/node-canary -log INFO -staticnode enode://d0b8718c12f02a461197b38fef71e1293928dacb202b9f8153e33da516726684f9435adcdddd23b49c452700cf065eec5ac96d91203d375f528835e54796ebb7@35.194.31.108:443
INFO [01-28|18:21:18.357] Status backend initialized               version= commit=
INFO [01-28|18:21:18.368] LES protocol is disabled                 package=status-go/node
INFO [01-28|18:21:18.368] Status service api is disabled           package=status-go/node
INFO [01-28|18:21:18.369] Starting peer-to-peer node               instance=node-canary/linux-amd64/go1.10.7
INFO [01-28|18:21:18.369] Starting P2P networking 
INFO [01-28|18:21:18.369] started whisper v.6.0 
INFO [01-28|18:21:18.370] Handlers registered                      package=status-go/api.StatusBackend
INFO [01-28|18:21:18.370] Account reselected                       package=status-go/api.StatusBackend
INFO [01-28|18:21:18.559] Difference with ntp servers              offset=-5.583309ms
INFO [01-28|18:21:23.628] whisper stopped 
INFO [01-28|18:21:23.628] message loop                             peer=b67440e63ad42175 err=EOF
INFO [01-28|18:21:23.635] Connected to static node correctly       package=status-go/cmd/node-canary   address=enode://d0b8718c12f02a461197b38fef71e1293928dacb202b9f8153e33da516726684f9435adcdddd23b49c452700cf065eec5ac96d91203d375f528835e54796ebb7@35.194.31.108:443

@mandrigin I think we could start trying to use this in Status app as a fallback option.

jakubgs picture jakubgs on 28 Jan 2019

so we just need to test it

mandrigin picture mandrigin on 28 Jan 2019

I will take a shot on it tomorrow.

mandrigin picture mandrigin on 28 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pedropombeiro picture pedropombeiro  路  63Comments
chadyj picture chadyj  路  92Comments
jeluard picture jeluard  路  68Comments
hesterbruikman picture hesterbruikman  路  41Comments
rachelhamlin picture rachelhamlin  路  49Comments