End Of the Line for SpeakFreely: NATed to Death

Arun writes "John Walker (of AutoDesk and Fourmilab fame), primary author of SpeakFreely, has decided to EOL the program (a pioneering network telephony effort), come January 15th, 2004. He cites difficulty in maintaining a decade-old code base, lack of appropriate developer support and a fundamental change in the peer-to-peer nature of the Internet upon which SF is dependent as motivating factors behind his decision. While the last release of the program will continue to be available from SourceForge, the main web site, mailing list, and web forum will be shut down on the aforementioned date." He's got some good points too, like how once IPv6 is more common, most users probably won't go back to one address per machine. I know I enjoy the added security of a NATed firewall, and without a really good reason, I won't be quick to give it up.

sad to see it go

[NumLk]

I used this software several years ago. While it does exactly what it does, the biggest problem was the sever lack of an installed base. Once Yahoo started integrating voice chat into their IM client, I really had no use for it. Its unfortunate though, since I always felt the sound quality was inferior on Yahoo (and the others that have since come along), but I'd imagine that was due to those clients compressing more to save bandwidth.

That's too bad

[Rosco+P.+Coltrane]

SF is a great program. It's not graphical bloatware, it supports many compressions, it's somewhat modular ... I've spent countless hours getting a stable 2-way voice comm over a 33.6 dialup link, back in the days, and it actually worked at some point (the rest of the time it didn't, which prompted me to change from AOL to an Internet provider. Thanks SpeakFreely!)

When I discovered I could have a voice converstaions with anybody in the world, I was so excited I picked up my phone to tell my friend in Canada :)

In Europe ISPs do not NAT their customers!

Here in the netherlands at least, both the major broadband providers (UPC adn KPN)give all customers a generically routable IP.

Customers using a cable modem or dsl modem get a live wild-side IP and a unique hostname such as:
node139a2z.xs4all.nl
by which they're already DNS addresable.

Most commodity OS's and even the cheap (horrific!) home-router products I've seen have port forwarding capablity,so there's really no such problem as he describes here.

Does anyone have different experience elsewhere?
The States, for instance? I'd like to hear.

Liam.

Re:NAT & fresh windows installs

[toddestan]

The best part about NAT is that I can hook up a freshly reinstalled Windows computer to it with no firewalls like Zonealarm on it, it picks up an IP and is hooked up to the internet immediately. And I don't have to worry about it instantly getting 0wn3d by MSBlaster, etc. Giving me plenty of time to download service packs, patches, drivers, software, etc. I suppose it can be done with another computer and CD-Rs, but this way is so much easier.

Also, I can have file shares open between different computers on the NATed (natted? NATted?) network, allowing for easy sharing of files. If each computer was hooked directly to the internet there would be no way I'd have ports 135-139 open for Windows file shares!

I know I enjoy the added security of a NATed firew

[stratjakt]

There's no added security to NAT. A nat box that blocks incoming connections is no more secure than a router that blocks incoming connections.

Ipchains used to let udp packets addressed to your internal net pass through untouched. All a hacker need do is guess your internal address space (all signs point to 192.168.0.*) and he could bombard your innards with all kinds of silly shit. And most exploits are emailed/downloaded trojans, not viruses in the old sense.

What NAT is, is convenient. I have my router box equipped with NAT and DHCP. I can bring home a laptop or plug something in, and presto! I'm online. No calling ISP and asking for another IP, no hoops to jump through.

I could pay for extra IPs from my ISP, but why? I dont serve anything from home, and neither do most home and small business users - thats what colos are for.

NAT is just way too convienient and sensible. It's like just plugging a phone into an extension, vs running it's own line.

And it works 99.9% of the time for me. Transparent proxies (ya mofo i violate RFCs by even transparently proxying http, i'm fucking crazy man, crazy!!) fill the gap for the 0.999%, leaving 0.001% of stuff a pain in the ass, and I can avoid that pain in the ass stuff since it's all warez clients, err p2p applications.

So, I don't mourn the loss of SpeakFree. Open source needs to be able to adapt to survive, too. NAT is here to stay.

Re:NAT destroying the Internet

[PhoenixFlare]

Why do people just love NAT ?

Is it a "superiority complex" thing ?

No, troll, people love it because it adds security, it's easy to do, and it's already built-in to many consumer devices.

"Hee hee, my ISP doesn't realise I'm connecting more than one PC" BONK. Yes they do.

Hee hee, my ISP (Time Warner, maybe you've heard of the company) doesn't care if I hook up more than one PC. They even asked if I wanted help setting up a home network when I started service.

# NAT doesn't protect you from email payload viruses.
# NAT doesn't protect you from spy where. You downloaded that when you downloaded the free P2P software. Once inside your NAT box, it can establish more outgoing TCP connections, and download what ever it likes.
# TCP connections are full duplex - data (innocent or malicious) can be downloaded via a TCP connection initiated in the outgoing direction. That is how the WWW works !

Nobody sets up NAT to protect against email viruses or spyware, except in whatever fantasy world you're pulling arguments from.

Its just breaking the Internet, killing off useful peer to peer applications like speakeasy.

The author of SpeakEasy apparently failed to notice that 99% of NAT devices out there today can be set up to do port forwarding. I'm using a Linksys 4-port router/switch myself, for example, and if I needed to open a port for something like SpeakEasy, I could have it done in 30 seconds- open up the config page in a browser, put in the external+internal ports, pick which internal IP to forward to, save, and done.

Do people like screwing around with their NAT box configuration everytime they add a new P2P application ? (dumb question on slashdot I suppose).

Sorry, but any of the good p2p apps don't require any screwing around to work, and if they do, it's optional (eMule, for example).

Should have googled....

[harlows_monkeys]

He should have Googled before giving up

Why should every device be accesible?

[fermion]

I have to disagree that not having every computer connected directly to 'The Internet' is a bad thing. The first definition from google for the internet, taken from the american heritage dictionary, is
An interconnected system of networks that connects computers around the world via the TCP/IP protocol..

This means that the Internet is made up of networks which may themselves may be made up of networks, etc. These networks use a common protocol. Most would say that not every device on the network, or even every sub network on the network has to be connected to the Internet. It is quite arguable that there are benefits, both personal and for the commons, to not have every device connected to the Internet.

What is for sure is that for the Internet to run, everyone who uses it must contribute to it's well being. There has to be enough devices connected directly to the Intent to process and forward all the packets in an efficient and timely manner. I personally pay a number of services that manage such activity on my behalf. My personal machines, which are not in the primary bussiness of routing packets, are behind a NAT, which is.

Being behind a NAT allows me to manage my network with less effect on the rest of the community. There are still many security issues, and i can still flood others if I get infected, but it is a first step. I would argue that assuming every computer on every network to be directly addressable from every other computer on the every other network might not be the best design decision. It certainly fits in well with the TelCo desire to sell at least one IP per device, as they tried to do in the past with telephones, but other than that I do not see the benifit.

Re:NAT destroying the Internet

[PhoenixFlare]

Yes, troll, i've already read that RFC, and it doesn't change my mind, really. The issues it raises can be dealt with rather effectively, and I still see no reason why NAT should have made SpeakFreely's author quit the project.

The author even says this:

" But one operational advantage with firewalls is that they are generally installed into networks with the explicit intent to interfere with traffic flow, so the issues are more likely to be understood or at least looked at if mysterious problems arise. The same issues with NAT devices can sometimes be overlooked since NAT devices are frequently presented as transparent to applications."

Read that a few times if it doesn't sink in. Firewall/NAT boxes are supposed to interfere with traffic flow. But if traffic needs to pass through, it can be allowed quite easily, as I said in the previous comment.

Seems you're the one who shouldn't be expressing your opinion, since you're basing your whole position on an RFC devoted to the problems of NAT.

IAX goes through Firewalls

Asterisk uses the IAX protocol which goes through NATs without problems. That might be the way to go.

Re:I'm stil confused

[Nurgled]

The linux box doing the NAT is also configured to route packets. On your LAN, you would configure the "default gateway" to be that box, and thus cause any packets not destined for an address in your LAN subnet to be sent to the NAT box for routing.

Imagine if a computer at your ISP had a route added to its routing table which causes 192.168.0.0/16 to be routed to your external IP address. This computer will now send any packets destined for an address in your LAN subnet to your router, which will inspect its routing table and see that, for example, 192.168.0.0/16 is to be transmitted out of interface eth0 onto your LAN.

The way you stop this is to configure the router to drop packets on your Internet-facing interface which are addressed to internal hosts. Once you do this, you are using a packet filter (ie a "firewall") in addition to NAT.

Another anti-NAT rant: motd on irc.homelien.no

[Graabein]

This is from the motd on irc.homelien.no:

"Second, we get overwhelmed by requests to add special access for
LAN parties and small businesses running NAT (for the
illiterate, if your IP address starts with 192.168. or 10., you are
probably running NAT -- and your personal freedom is severely
restricted).

Please understand; our answer will always be NO. It always has
been, and it always will be. I will try to put this in simple
terms; NAT (Network Address Translation) and similar "technologies"
(masquerading, etc) are detrimental to the Public Internet.

NAT destroys the end-to-end transparency of the Internet. If you
do not understand this or the ramifications of this, please READ
UP ON IT and make up your mind. It is a short-term, detrimental
solution to a long-term problem which is most easily solved by
USING UP ALL AVAILABLE IPV4 ADDRESSES AS SOON AS POSSIBLE to force
a transition to IPv6.

irc.homelien.no will never succumb to the incompetence of
consultants. We do, however, realize that a number of our users
actually constitute part of the technician and consultant
community. If you want to give us something in return for
providing this service, increase your awareness of the above
issues. Short and to the point. --edison, Oystein Homelien"

(irc.homelien.no is a popular server on EFnet)