Opened 4 years ago

Last modified 6 months ago

#1453 assigned enhancement

Help users with info to open their ports more easily

Reported by: somewon Owned by: slumlord
Priority: minor Milestone: 0.9.36
Component: apps/console Version: 0.9.17
Keywords: ux, interface, design, interface design, user interface, network, firewall, firewalls, firewalled, warning, warnings, user education Cc: sadie
Parent Tickets: #2330

Description

I have seen a number of users who don't quite understand why their router is telling them "Firewalled" because for many of them the problem is a home router's NAT and not a true "firewall" at all. The text at http://localhost:7657/confignet#help doesn't give them the info they need right away, and I think we have the power to correct this, to help these users begin relaying participating traffic.

I believe that these sections should explain that they may need to allow traffic through any firewalls they're using _and also_ explain that they may need to forward the relevant port(s) on their local network's router. This is a little tricky since we must refer to the I2P "router" and their local network's "router" side-by-side, but these can be distinguished as I have done below. I also feel that the relevant port number(s) should be displayed right there, in the relevant message, in addition to where it's displayed above, to minimize confusion (it's actually not very easy to find the relevant port number in the fields at the top). The other, original text can be trimmed and work alongside these instructions. Here's my mockup of what I would consider some "better" explanation messages:

Firewalled - I2P appears unable to receive incoming connections, though this message is sometimes displayed in error and may resolve itself soon. It is very beneficial for I2P to have an open listening port, though it will still work even while Firewalled. Check that any firewalls on your network are open to allow TCP and/or UDP traffic to this device on {$PORT, TCP port $TCPPORT and UDP port $UDPPORT}, and that your router or modem (if present) are set to forward {TCP port $TCPPORT and UDP port $UDPPORT, port $PORT} to this device. You may look up your router's model (or a similar one) on http://www.portforward.com \[CLEARNET WARNING\] for instructions on how to do this. If this message persists, consider that you may have both a hardware and a software firewall, or that you may be behind an additional, institutional firewall you cannot control. Also, some home network routers cannot correctly forward both TCP and UDP on a single port, or may have other limitations or bugs that prevent them from passing traffic through to I2P.

WARN - Firewalled and Fast - You have configured I2P to share more than 128KBps of bandwidth, but you appear to be firewalled. While I2P will work moderately well in this configuration, if you really have over 128KBps of bandwidth to share, you will get better performance and will be much more helpful to the network if you ensure that any firewall(s) and your local network's router are set to allow or forward traffic to {TCP port $TCPPORT and UDP port $UDPPORT, port $PORT} on this machine. For more information about forwarding ports on a local network router, look up your router's model (or a similar one) on http://www.portforward.com \[CLEARNET WARNING\].

WARN - Firewalled and Floodfill - You have configured I2P to be a floodfill router, but you are firewalled. For best participation as a floodfill router, you should open your firewall and ensure that I2P's port ($PORT) is forwarded to this machine on your local network's router, if you have one. For more information about forwarding ports on a local network router, look up your router's model (or a similar one) on http://www.portforward.com \[CLEARNET WARNING\].

WARN - Firewalled with Inbound TCP Enabled - You have configured inbound TCP, however your UDP port is firewalled, and therefore it is likely that your TCP port is firewalled as well. If your TCP port is firewalled with inbound TCP enabled, other I2P routers will not be able to contact you via TCP, which will harm I2P's performance. Please open your firewall and ensure that I2P's UDP port ($UDPPORT) is forwarded to this machine on your local network's router, if you have one - or disable inbound TCP above. For more information about forwarding ports on a local network router, look up your router's model (or a similar one) on http://www.portforward.com \[CLEARNET WARNING\].

WARN - Firewalled with UDP Disabled - You have disabled UDP traffic and appear to be firewalled against incoming TCP connections, therefore your I2P router cannot accept any inbound connections. Please open your firewall and ensure that I2P's TCP port ($TCPPORT) is forwarded to this machine on your local network's router, if you have one - or enable UDP above. For more information about forwarding ports on a local network router, look up your router's model (or a similar one) on http://www.portforward.com \[CLEARNET WARNING\].

And here are those same messages as they are currently:

Firewalled - Your UDP port appears to be firewalled. As the firewall detection methods are not 100% reliable, this may occasionally be displayed in error. However, if it appears consistently, you should check whether both your external and internal firewalls are open for your port. I2P will work fine when firewalled, there is no reason for concern. When firewalled, the router uses "introducers" to relay inbound connections. However, you will get more participating traffic and help the network more if you can open your firewall(s). If you think you have already done so, remember that you may have both a hardware and a software firewall, or be behind an additional, institutional firewall you cannot control. Also, some routers cannot correctly forward both TCP and UDP on a single port, or may have other limitations or bugs that prevent them from passing traffic through to I2P.

WARN - Firewalled and Fast - You have configured I2P to share more than 128KBps of bandwidth, but you are firewalled. While I2P will work fine in this configuration, if you really have over 128KBps of bandwidth to share, it will be much more helpful to the network if you open your firewall.

WARN - Firewalled and Floodfill - You have configured I2P to be a floodfill router, but you are firewalled. For best participation as a floodfill router, you should open your firewall.

WARN - Firewalled with Inbound TCP Enabled - You have configured inbound TCP, however your UDP port is firewalled, and therefore it is likely that your TCP port is firewalled as well. If your TCP port is firewalled with inbound TCP enabled, routers will not be able to contact you via TCP, which will hurt the network. Please open your firewall or disable inbound TCP above.

WARN - Firewalled with UDP Disabled - You have configured inbound TCP, however you have disabled UDP. You appear to be firewalled on TCP, therefore your router cannot accept inbound connections. Please open your firewall or enable UDP.

Lots of love to all the I2P devs who help make history each and every day!

Subtickets (add)

Change History (3)

comment:1 Changed 9 months ago by zzz

  • Cc sadie added
  • Milestone changed from undecided to 0.9.36
  • Owner set to slumlord
  • Status changed from new to assigned

These are individually tagged strings so we can do continuous improvement on this at any time, in 36 and/or 37, up to tag freeze.

Should ensure consistency with website FAQ page updates in #2224

comment:2 Changed 9 months ago by slumlord

I have only skimmed through this and the ticket was created 3 years ago so I'm not sure if any major changes have been made since. The "Firewalled & Floodfill" case seems unnecessary as floodfill selection is done automatically by default.

As we had discussed elsewhere, having clearnet links in our console may not be the best idea.

It may be useful to have a short guide on our website/in our console that would help users to understand the purpose of port forwarding on their home routers and a short guide/summary on accomplishing this. Skimmed through /help/ and didn't find anything obvious discussing/explaining port forwarding. Instead of having the port numbers listed in the text itself, we could link to the configuration page where users can find this information.

comment:3 Changed 6 months ago by zzz

  • Parent Tickets set to 2330

This should happen as a part of #2298

Note: See TracTickets for help on using tickets.