[Dxspider-support] DXSpider multiple calls with same IP.

Dirk Koopman djk at tobit.co.uk
Wed Mar 15 23:23:56 GMT 2023 

Many nodes that have an external address actually are located on a DMZ  
or other network with, for example, rfc1918 addresses. There is a 
pinhole or reverse address translation mapping to get from outside to 
that internal node / port. If a user connects from outside, it will come 
into the node on the DMZ with its external source intact. Any spots that 
user on the outside makes will have their  external address used. There 
is no problem. Otherwise getting on for 80% of the cluster would be 
having issues.

No, the real problem comes with arrangements that connect to another 
program (I will use the term "webcluster", loosely, from now on) that is 
also pinholed or reverse proxied onto a program that also located on 
that (or indeed some other) DMZ. We have now have two programs that 
communicate together just on that DMZ (or just internally) using 
'internal' addresses. There is now no direct IP link between the 
webcluster user and the node.  The intrinsic information that is 
available from the IP addresses on a direct NATed external->internal 
node connection can be (or often, it seems, is) lost for any user 
connecting to the webcluster (if care is not taken). The only 
connection, such as it is, is user-->webcluster->node and vice-versa.

There are ways of dealing with this, one in the user command interface 
or, a more general and sophisticated way, by connecting webcluster and 
node through a basic PC protocol connection. Oh, or the coming third way.

Most webclusters use the user command interface, which is usable but 
(but in my view) more complicated and more limited than the second 
method. This interface allows the webcluster (using its callsign) to add 
both the 'by <call>' and 'ip <ipaddress>' keywords to the normal user 
mode 'dx <qrg> <call> [<comment>]' spot submission to the node. This is 
provided that the sysop of the node has given the webcluster callsign 
sufficient privilege level.  There is no equivalent for other commands 
like announces, chat etc etc. This means that any outgoing spot 
submitted through the webcluster will pop out of the node with the 
user's call and IP address intact. An example might be: 'dx 7001 oh5zz 
ip 82.68.205.1 by g1tlh test tes tse etc'

The second way allows one to send spots as PC61s and announces etc as 
PC92s after a very small startup exchange on first connection, that also 
means that one can get the same back from the node, no privileges need 
be messed about with etc. Instead of a user dx command (like the one 
above) you send 'PC61^7001.0^OH5ZZ^15-Mar-2023^2242Z^test tes tse 
etc^G1TLH^GB7TLH-2^82.68.205.1^H99^', the node will just distribute that 
as a normal incoming spot to all its users and nodes in the normal way. 
The webcluster is already managing its users and their state, so the 
node does not need get involved with that at all.  Any PC sentences that 
the node sends the webcluster, that it isn't interested in (anything 
other than PC61, PC11, PC93 and probably PC41) can simply be dumped. Or 
in the future, maybe I could establish 'classes' of 'nodes' where I 
limit what that class of that node-like connection sees in PC Protocol - 
meaning I just send you what that class wants. Or, thinking aloud now, 
you could just tell the node which PC sentences you want.

So that is now(ish).

Sometime in the (hopefully very near) future, when I can step back from 
firefighting idiots, the next method will become available: websockets. 
It will be possible to reverse proxy into standard websocket on which 
will certainly be a standard [user] command interface - but other 
interfaces could be done - [a matter for further discussion].

This is actually the opposite way of looking at modern websites, but 
then we will be starting from the inside out anyway. In order for an 
external entity (user or webcluster) to get a websocket, there has to be 
a website active in the node - a websocket has to have a URL. So, 
inevitably, to get a websocket a basic website has to be available to 
serve that websocket URL (if nothing else).  As you have to have that 
webserver anyway as part of the node, if were skinnable (it will be) - 
that skin could be constructed with, and use, any of the fabulous things 
that the Mojolicious webapp system provides - then one has a web cluster 
which could handle 1000s of users. All in one 200-400MB process.

Just (a bit more than) a thought...

73 Dirk G1TLH

P.S. It really was not some random chance that I started using the 
Mojolicious system.

On 15/03/2023 21:51, Lee Sawkins via Dxspider-support wrote:
> The problem is when non local users of clusters enter DX spots and have their own IP Address replaced by the cluster's IP address.  This results in all users of some clusters all showing the same IP address.
>
> Lee VE7CC
>
> ----- Original Message -----
> From: "Kjell Jarl" <kjell.jarl at bahnhof.se>
> To: "The DXSpider Support list" <dxspider-support at tobit.co.uk>
> Cc: "Lee Sawkins" <ve7cc at shaw.ca>
> Sent: Wednesday, March 15, 2023 9:31:12 PM
> Subject: SV: [Dxspider-support] DXSpider multiple calls with same IP.
>
> Hi
> I am not sure about that. I, being on my local interface (192...), will appear with IP address of the dxspider server when spotting, I don't remember seeing that presenting a problem.
> 73 Kjell SM7GVF
>
> ---- Lee Sawkins via Dxspider-support skrev ----
>
>> I thought it was decided that sending out spots with the IP address of the Cluster Node was a bad idea.
>>
>> _______________________________________________
>> Dxspider-support mailing list
>> Dxspider-support at tobit.co.uk
>> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support
> _______________________________________________
> Dxspider-support mailing list
> Dxspider-support at tobit.co.uk
> https://mailman.tobit.co.uk/mailman/listinfo/dxspider-support

More information about the Dxspider-support mailing list