[mosh-users] Using mosh in UDP-constrained networks (e.g. many public guest wifi networks)

Mike Grant mggr at pml.ac.uk
Tue May 8 05:50:44 EDT 2012 

I've been playing with mosh with mobile/cellular networking with a lot 
of success, but was having problems on constrained wifi networks.  After 
popping onto IRC, the kindly, if FreeBSD-addicted) "zi" helped me out 
and I thought it might be useful to write it up for the mailing list, so 
others can find this info in future.  I've written it sort-of FAQ style, 
though it'll need editing for correctness / verbosity before it could be 
used that way.

---

Mosh uses "connectionless" UDP packets to avoid the time cost of setting 
up a TCP connection, the slow timeout (>2mins before your connection 
drops) and difficulty resuming sessions from another IP when roaming.

Unfortunately many public wifi "guest" networks at businesses, etc block 
UDP, as it's not normally considered an "essential" services like web 
traffic (HTTP / TCP port 80).  This stops mosh working.

However, DNS uses UDP port 53, so this port is typically open.  One can 
ask mosh to use port 53 with the following steps:

  0. On the client, test if the network you're connected to is blocking 
UDP port 53.  On Linux, run "host mosh.mit.edu 8.8.8.8".  This attempts 
a DNS lookup using Google's public DNS servers.  If you get an answer, 
then the port is clear to Google and probably to everywhere else.  If 
you get a timeout, give up on this workaround and go complain to the 
network admins.

  1. On your server, mosh must be given additional privileges to be able 
to use ports below 1024.  There are a number of approaches that vary by 
OS but generally require root privilege.
    Linux:
     - The best option is to use capabilities.  Run:
        setcap 'cap_net_bind_service=+ep' /usr/bin/mosh-server
     - Other possibilities (don't use sudo/setuid!):
 
http://stackoverflow.com/questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-1024-on-l
    FreeBSD:
     - "mac_portacl" will allow you to grant non-root users the ability 
to bind to ports <1024.  See the man page examples.

  2. On your server, ensure you aren't running any services that bind to 
UDP port 53.  On Linux, you can check by running:
  sudo lsof |grep 'UDP.*domain'
and looking for anything attached to the IPs that you want to connect to 
with mosh.

Normally you'd only have something on port 53 if you're running DNS on 
the machine.  The most common situation is if you're running dnsmasq to 
provide DHCP+DNS to internal machines.  Most people won't want to do 
this on their public Internet connection, but dnsmasq defaults to 
binding to all interfaces.  This can be disabled by setting the "bind 
interfaces" option and specifying the "interfaces= YOUR INTERNAL NET 
DEVICE" option.

  3. On your server, open UDP port 53 to connections and, if you use a 
NAT router, port forward UDP port 53 to your server.  How you do this 
depends on your firewall configuration and router.

  4. Cross your fingers and, on your client, run:
    mosh --port 53 username at server

---

Cheers,

Mike.

<br />
<hr />
<p><font face="Arial" size="1">
Plymouth Marine Laboratory<br />
Registered Office: <br />
Prospect Place<br />
The Hoe<br />
Plymouth  PL1 3DH
</font></p>

<p><font face="Arial" size="1">Website: <a href="http://www.pml.ac.uk">www.pml.ac.uk</a>
<br />
<a href="http://www.pml.ac.uk/pdf/PML%20Annual%20Review%202011_2.pdf">Click here for the latest PML Annual Review</a>
<br />
Registered Charity No. 1091222<br />
PML is a company limited by guarantee<br />
registered in England & Wales<br />
company number 4178503</font></p>

<p><font face="Arial" size="1" color="green">Please think before you print.</font></p>

<hr />

<p><font face="Arial" size="1">This e-mail, its content and any file attachments are confidential.</font></p>

<p><font face="Arial" size="1">If you have received this e-mail in error please do not copy, disclose it to any third party or use the contents or attachments in any way. Please notify the sender by replying to this e-mail or e-mail forinfo at pml.ac.uk and then delete the email without making any copies or using it in any other way.</font></p>

<p><font face="Arial" size="1">The content of this message may contain personal views which are not the views of Plymouth Marine Laboratory unless specifically stated.</font></p>

<p><font face="Arial" size="1">You are reminded that e-mail communications are not secure and may contain viruses. Plymouth Marine Laboratory accepts no liability for any loss or damage which may be caused by viruses.</font></p>

<hr />
<br />
<br />

More information about the mosh-users mailing list