While I write the post about OSSEC and after seeing that some people have problems with the ports in I2P I decided to create this little post trying to explain what are the usual problems, an anecdote and their solutions.
Note: Even if I2P appears as behind a firewall it should work but the quality of the service will be severely reduced.
From now on I will refer to your I2P router as 127.0.0.1 as its the default IP used, if you have the router in another machine remember to change this.
UPNP
By default I2P tries to use UPNP for the port redirection in the router, this is not always possible as, the ISP may not allow us to enable UPNP or even trying is not an option, public networks.
If you can access your router, check if UPNP is enabled and try again, as every router is a different world I can’t explain how to do it.
You can check the status of UPNP in I2P in this link:
http://127.0.0.1:7657/peers#upnp
Manual redirection
In case that UPNP is not an option, because your doesn’t allow it or your paranoid level is high enough that you don’t want applications opening ports in your router (like me), you have the option to redirect the necessary ports manually in your router.
To disable UPNP (as we are not going to use it) and configure the ports for I2P we should go to:
http://127.0.0.1:7657/confignet
As you can see the first option allow us to disable UPNP and if we continue to scroll down we will find the sections for the UDP and TCP ports.
By default I2P uses the port UDP 29622 and TCP is configured to use the same one. Following your paranoia level you may want to change this as you wish.
Once we finish changing things, save them and let’s go to our router. Again I’m sorry to say that I can’t explain how to redirect ports but this option is usually available under “Port Fordwarding” or something similar.
Is very important that you remember that you need both UDP and TCP port to be able to enjoy the full I2P experience.
Testing ports
If you have already done all the previous steps you can use on of the several website in the internet that check if you have a specific port open, bu, as we are in a high level of paranoia it will be always better to do it ourselves using nmap for example.
VPN
In case that you have your own VPN (sadly public vpns usually don’t allow us to play around with ports) you could try “jumping” over the local firewall (I will explain this in the future) and pass over your vpn.
Note that in this cases is better to have your I2P router already running on the same server as the VPN if possible and simply point your device to the router address in the vpn.
The people from Hackerñol did a video about this last point:
Video in Spanish:
Multiple routers
In I2P’s subrredit (/r/i2p) a little while ago I was helping a user that even after trying a thousand things we couldn’t make the behind a firewall message disappear.
Well, in the end this guy had his own router and the ISP router, but instead of having it in modem mode or with a DMZ, they were just one after the other.
The problem was that using UPNP or manual redirections they only happened in his router but the ISP one was still blocking the ports.
In this case (not sure which method he decided to use) he had two options, configure his router as a DMZ in the ISP’s router making all the traffic reach directly his own router; or manually redirect the ports in both routers: from the ISP router to his own and from his own router to his PC.
This is all I can think at the moment and they usually are pretty common, in case you have doubts, know about other issues, etc, etc just let me know and will be happy to help you and update the post.
Greetings!