Overlay Convergence Architecture for Legacy Applications

Nov 22, 2006: Website redesigned.

Access machines behind NATs

Computers behind NATs and firewalls are not accessible from the Internet. Home computers behind wireless routers and office desktops behind port-blocking firewalls fall in this category.

OCALA leverages the Internet Indirection Infrastructure (i3) to make these computers accessible from anywhere in the Internet.


To make your NATted/firewalled computer accessible from the Internet using OCALA, please download and install the OCALA proxy. Easy-to-use installation programs for Windows, Linux and Mac OS X are available in the Software Downloads page. The installation program prompts you to choose a name for your machine, say johndoe.pli3. Now your computer is accessible from anywhere on the Internet by using the name johndoe.pli3. No other software or configuration is required - existing applications (Firefox, Internet Explorer, ssh client, httpd, sshd etc) will be able to communicate with johndoe.pli3 without any modifications.

Example Scenario 1 : web server at home

John Doe has a large number of photographs he wishes to exhibit to the world. John creates his own photo album website as he is not happy with the features offered by free photo hosting websites. To avoid paying costly website hosting fees, John hosts the photo website on his home computer which is behind a wireless router. In order to make the website accessible to anyone on the Internet, John installs the OCALA proxy on his home computer and chooses the name johndoe.pli3. Now anyone on the Internet can access John's website at http://johndoe.pli3.ocalaproxy.net:8040 Visitors to John's website need not install the OCALA proxy or any other special software -- they can use their existing web browsers (eg: Firefox, Internet Explorer, Opera, etc).

To see a demo of a websites hosted via OCALA, please visit http://dilip.pli3.ocalaproxy.net:8040


Example Scenario 2: ssh to office desktop

John Doe cannot ssh to his office desktop as it is behind a firewall that blocks ssh port 22. To make his office desktop accessible, John installs the OCALA proxy on his office desktop and chooses the name johndoeoffice.pli3. John can now connect to the ssh server running on his office desktop from any computer also running OCALA by using the name johndoeoffice.pli3. Any ssh client and ssh server can be used. Unlike in Example Scenario 1, OCALA proxies must be running on both the client and the server machines.


Example Scenario 3: copy files from a laptop

John Doe carries his laptop to work every day. One day he forgets to carry the laptop to work; the laptop is at John's home, connected to the Internet through a wireless router. Now John wants to urgently access a PowerPoint presentation that is on the laptop. The laptop is behind a NAT and John does not know the dynamic external IP address of the NAT either. He has no way to connect to the laptop. Fortunately, John had earlier installed the OCALA proxy on his laptop. So he can use any filesharing tool (scp, windows file sharing) to connect johndoelaptop.pli3 and retrieve the presentation.


Frequently Asked Questions

Do others have to install OCALA in order to access my machine which is behind a NAT?

Users only wishing to access a webserver running on your NATted machine need NOT install OCALA. They can access your webserver by suffixing the name of your machine with .ocalaproxy.net:8040. For example, to access John Doe's website, a user needs to simply type in johndoe.pli3.ocalaproxy.net:8040 into a web browser; the user need not install OCALA. For all services other than the web, the users communicating with the NATted machine must also run OCALA; the .ocalaproxy.net suffix cannot be used.

How is this different from Dynamic DNS services?

Dynamic DNS services allow you to associate a DNS name with the IP address of your machine, which may change from time to time. However, it does not help you access servers behind NATs/firewalls if the required ports are not open.

How is this different from Port Forwarding?

Your machine will be accessible from the Internet if you appropriately set up port forwarding on your NAT and open the required ports on your firewall. Many users do not know how to configure firewalls and NATs. In cases where the NAT/firewall is maintained by some other entity (say corporate IT team), users do not have the administrative rights to set up port forwarding.

Active Gateways

We currently run multiple OCALA gateways on PlanetLab. The domain ocalaproxy.net resolves to the gateway closest to you using the OASIS anycast service. The active gateways are displayed on the map below:

Last Updated on 11/22/06 15:51:48