Re: [Server-devel] Bridging XS to another network
On Mon, 2010-11-01 at 11:35 +1100, David Leeming wrote: > Hi thanks jerry, > > Almost there, just need clarification... > > On the router, what should I use for the LAN network, like this or different? > 172.18.0.88 > 255.255.255.0 > (is that correct? It means the network does not include the higher ranges > 172.18.96.xxx etc) > That should work, then only the XS has a direct route, while the XOs on 172.18.96.xxx don't. > Should the router firewall settings be virtual server port 80 to > 172.18.0.1??? or 172.18.???.??? > What is the main IP address of the XS, I thought is was 172.18.0.1 > use 172.18.0.1 as the target of the port forwarding, that should work once the default route is set as below. > To add a route on the XS, do you mean (and what are the ??/): > > route add default gw 172.18.0.88 netmask 255.255.???.??? landbond0??? > Yea that is the idea, but you would need to re-add that upon reboots. Lets try to get this to auto configure, edit ifcfg-lanbond0:2 from: if [ $XS_SERVER_NUM = "1" ] ;then ONBOOT=yes IPADDR=$XS_LANBOND_MAINXS_IPADDR NETMASK=255.255.255.0 BOOTPROTO=static #BONDING_OPTS="" IPV6INIT=no else To be: if [ $XS_SERVER_NUM = "1" ] ;then ONBOOT=yes IPADDR=$XS_LANBOND_MAINXS_IPADDR NETMASK=255.255.255.0 GATEWAY=172.18.0.88 BOOTPROTO=static #BONDING_OPTS="" IPV6INIT=no else That should create the default route via 172.18.0.88, when the network comes up. restart the network service and retest service network restart ping 172.18.0.88 ping 192.168.1.88 This that fails, can you capture the output of: ip route ls Jerry > David Leeming > Solomon Islands Rural Link > > -Original Message- > From: Jerry Vonau [mailto:jvo...@shaw.ca] > Sent: Monday, 1 November 2010 10:41 a.m. > To: David Leeming > Cc: 'XS Devel' > Subject: Re: [Server-devel] Bridging XS to another network > > On Sun, 2010-10-31 at 18:13 -0500, Jerry Vonau wrote: > > On Mon, 2010-11-01 at 08:55 +1100, David Leeming wrote: > > > Still no luck here. What it boils down to, is that when placing the XS > > > (eth1 - LAN) behind a router with NAT, in order to allow the XS web > > > service to be visible on the external WAN side of the router, what are > > > the required LAN IP settings including netmask and firewall settings, > > > including port forwarding or DMZ Host or other. Anna, you seem to have > > > been able to do that but I can’t replicate without more info on your > > > router/firewall settings. > > > > > > > > > > > > I have tried everything I can think of and the XS is not visible from > > > the external network. Only need to be able to see Moodle, etc, (not > > > interested in registering XOs on the external network) > > > > > > > > > > > > David Leeming > > > > > > Solomon Islands Rural Link > > > P.O.Box 652 Honiara, Solomon Islands > > > > > > +677 7476396 (m) +677 24419 (h) > > > > > > www.leeming-consulting.com > > > > > > > > > > > > > > > From: server-devel-boun...@lists.laptop.org > > > [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of David > > > Leeming > > > Sent: Sunday, 31 October 2010 11:38 a.m. > > > To: 'Anna' > > > Cc: 'XS Devel' > > > Subject: Re: [Server-devel] Bridging XS to another network > > > > > > > > > > > > > > > Anna, > > > > > > > > > > > > What you describe below is what I am trying to do (see the net diagram > > > in my other email). I only want apache/Moodle/wiki to be available to > > > the external network (your “regular LAN”). You’ll see that I have a > > > simple WRT54G router bridging but no matter what I try, I can’t see > > > the apache service through the router. Can you say what Wan and LAN > > > settings you used for your router? > > > > > > I used > > > > > > WAN – fixed 192.168.1.88 / 255.255.255.0 > > > > > > LAN – fixed 172.18.0.88 / 255.255.255.0 > > > > > > Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1) > > > > > > In this set up: > > > > > > If I try to ping from the XS to 172.18.0.88 it is OK, if I try to > > > 192.168.0.88 it says network unreachable. > > > > > > > > > You have a single interface in use, in order for the XS to see past > > anything other than what routes that are present(these are local to the > > lan), what your missing is the default gateway. > > > > > > > But if I use a PC hooked up on the eth1 network, with fixed IP > > > 172.18.0.89 / 255.255.255.0 (for example) I can ping the WAN address > > > and beyond. This is what leads me to think it needs one extra step > > > with route, or it may be something to do with the WRT LAN setting and > > > XS having different netmasks. You can see I am reaching at straws a > > > little L > > > > > > No, you need to have a default gateway present, how are you configuring > > 172.18.0.88 on the XS? > > > > Jerry > > OK, I have that backwards your running the XS as is and you have added > the linksys with the ip address 172
Re: [Server-devel] Bridging XS to another network
Hi thanks jerry, Almost there, just need clarification... On the router, what should I use for the LAN network, like this or different? 172.18.0.88 255.255.255.0 (is that correct? It means the network does not include the higher ranges 172.18.96.xxx etc) Should the router firewall settings be virtual server port 80 to 172.18.0.1??? or 172.18.???.??? What is the main IP address of the XS, I thought is was 172.18.0.1 To add a route on the XS, do you mean (and what are the ??/): route add default gw 172.18.0.88 netmask 255.255.???.??? landbond0??? David Leeming Solomon Islands Rural Link -Original Message- From: Jerry Vonau [mailto:jvo...@shaw.ca] Sent: Monday, 1 November 2010 10:41 a.m. To: David Leeming Cc: 'XS Devel' Subject: Re: [Server-devel] Bridging XS to another network On Sun, 2010-10-31 at 18:13 -0500, Jerry Vonau wrote: > On Mon, 2010-11-01 at 08:55 +1100, David Leeming wrote: > > Still no luck here. What it boils down to, is that when placing the XS > > (eth1 - LAN) behind a router with NAT, in order to allow the XS web > > service to be visible on the external WAN side of the router, what are > > the required LAN IP settings including netmask and firewall settings, > > including port forwarding or DMZ Host or other. Anna, you seem to have > > been able to do that but I can’t replicate without more info on your > > router/firewall settings. > > > > > > > > I have tried everything I can think of and the XS is not visible from > > the external network. Only need to be able to see Moodle, etc, (not > > interested in registering XOs on the external network) > > > > > > > > David Leeming > > > > Solomon Islands Rural Link > > P.O.Box 652 Honiara, Solomon Islands > > > > +677 7476396 (m) +677 24419 (h) > > > > www.leeming-consulting.com > > > > > > > > > > From: server-devel-boun...@lists.laptop.org > > [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of David > > Leeming > > Sent: Sunday, 31 October 2010 11:38 a.m. > > To: 'Anna' > > Cc: 'XS Devel' > > Subject: Re: [Server-devel] Bridging XS to another network > > > > > > > > > > Anna, > > > > > > > > What you describe below is what I am trying to do (see the net diagram > > in my other email). I only want apache/Moodle/wiki to be available to > > the external network (your “regular LAN”). You’ll see that I have a > > simple WRT54G router bridging but no matter what I try, I can’t see > > the apache service through the router. Can you say what Wan and LAN > > settings you used for your router? > > > > I used > > > > WAN – fixed 192.168.1.88 / 255.255.255.0 > > > > LAN – fixed 172.18.0.88 / 255.255.255.0 > > > > Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1) > > > > In this set up: > > > > If I try to ping from the XS to 172.18.0.88 it is OK, if I try to > > 192.168.0.88 it says network unreachable. > > > > > You have a single interface in use, in order for the XS to see past > anything other than what routes that are present(these are local to the > lan), what your missing is the default gateway. > > > > But if I use a PC hooked up on the eth1 network, with fixed IP > > 172.18.0.89 / 255.255.255.0 (for example) I can ping the WAN address > > and beyond. This is what leads me to think it needs one extra step > > with route, or it may be something to do with the WRT LAN setting and > > XS having different netmasks. You can see I am reaching at straws a > > little L > > > No, you need to have a default gateway present, how are you configuring > 172.18.0.88 on the XS? > > Jerry OK, I have that backwards your running the XS as is and you have added the linksys with the ip address 172.18.0.88. The linksys is providing the route to 192.168... The XS can't respond to anything from 192.168... as there is no route back to 192.168. You can either add a route to 192.168... via 172.18.0.88, or add 172.18.0.88 as the default gateway, on the XS. Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Bridging XS to another network
On Sun, 2010-10-31 at 18:13 -0500, Jerry Vonau wrote: > On Mon, 2010-11-01 at 08:55 +1100, David Leeming wrote: > > Still no luck here. What it boils down to, is that when placing the XS > > (eth1 - LAN) behind a router with NAT, in order to allow the XS web > > service to be visible on the external WAN side of the router, what are > > the required LAN IP settings including netmask and firewall settings, > > including port forwarding or DMZ Host or other. Anna, you seem to have > > been able to do that but I can’t replicate without more info on your > > router/firewall settings. > > > > > > > > I have tried everything I can think of and the XS is not visible from > > the external network. Only need to be able to see Moodle, etc, (not > > interested in registering XOs on the external network) > > > > > > > > David Leeming > > > > Solomon Islands Rural Link > > P.O.Box 652 Honiara, Solomon Islands > > > > +677 7476396 (m) +677 24419 (h) > > > > www.leeming-consulting.com > > > > > > > > > > From: server-devel-boun...@lists.laptop.org > > [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of David > > Leeming > > Sent: Sunday, 31 October 2010 11:38 a.m. > > To: 'Anna' > > Cc: 'XS Devel' > > Subject: Re: [Server-devel] Bridging XS to another network > > > > > > > > > > Anna, > > > > > > > > What you describe below is what I am trying to do (see the net diagram > > in my other email). I only want apache/Moodle/wiki to be available to > > the external network (your “regular LAN”). You’ll see that I have a > > simple WRT54G router bridging but no matter what I try, I can’t see > > the apache service through the router. Can you say what Wan and LAN > > settings you used for your router? > > > > I used > > > > WAN – fixed 192.168.1.88 / 255.255.255.0 > > > > LAN – fixed 172.18.0.88 / 255.255.255.0 > > > > Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1) > > > > In this set up: > > > > If I try to ping from the XS to 172.18.0.88 it is OK, if I try to > > 192.168.0.88 it says network unreachable. > > > > > You have a single interface in use, in order for the XS to see past > anything other than what routes that are present(these are local to the > lan), what your missing is the default gateway. > > > > But if I use a PC hooked up on the eth1 network, with fixed IP > > 172.18.0.89 / 255.255.255.0 (for example) I can ping the WAN address > > and beyond. This is what leads me to think it needs one extra step > > with route, or it may be something to do with the WRT LAN setting and > > XS having different netmasks. You can see I am reaching at straws a > > little L > > > No, you need to have a default gateway present, how are you configuring > 172.18.0.88 on the XS? > > Jerry OK, I have that backwards your running the XS as is and you have added the linksys with the ip address 172.18.0.88. The linksys is providing the route to 192.168... The XS can't respond to anything from 192.168... as there is no route back to 192.168. You can either add a route to 192.168... via 172.18.0.88, or add 172.18.0.88 as the default gateway, on the XS. Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Bridging XS to another network
On Mon, 2010-11-01 at 08:55 +1100, David Leeming wrote: > Still no luck here. What it boils down to, is that when placing the XS > (eth1 - LAN) behind a router with NAT, in order to allow the XS web > service to be visible on the external WAN side of the router, what are > the required LAN IP settings including netmask and firewall settings, > including port forwarding or DMZ Host or other. Anna, you seem to have > been able to do that but I can’t replicate without more info on your > router/firewall settings. > > > > I have tried everything I can think of and the XS is not visible from > the external network. Only need to be able to see Moodle, etc, (not > interested in registering XOs on the external network) > > > > David Leeming > > Solomon Islands Rural Link > P.O.Box 652 Honiara, Solomon Islands > > +677 7476396 (m) +677 24419 (h) > > www.leeming-consulting.com > > > > > From: server-devel-boun...@lists.laptop.org > [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of David > Leeming > Sent: Sunday, 31 October 2010 11:38 a.m. > To: 'Anna' > Cc: 'XS Devel' > Subject: Re: [Server-devel] Bridging XS to another network > > > > > Anna, > > > > What you describe below is what I am trying to do (see the net diagram > in my other email). I only want apache/Moodle/wiki to be available to > the external network (your “regular LAN”). You’ll see that I have a > simple WRT54G router bridging but no matter what I try, I can’t see > the apache service through the router. Can you say what Wan and LAN > settings you used for your router? > > I used > > WAN – fixed 192.168.1.88 / 255.255.255.0 > > LAN – fixed 172.18.0.88 / 255.255.255.0 > > Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1) > > In this set up: > > If I try to ping from the XS to 172.18.0.88 it is OK, if I try to > 192.168.0.88 it says network unreachable. > You have a single interface in use, in order for the XS to see past anything other than what routes that are present(these are local to the lan), what your missing is the default gateway. > But if I use a PC hooked up on the eth1 network, with fixed IP > 172.18.0.89 / 255.255.255.0 (for example) I can ping the WAN address > and beyond. This is what leads me to think it needs one extra step > with route, or it may be something to do with the WRT LAN setting and > XS having different netmasks. You can see I am reaching at straws a > little L No, you need to have a default gateway present, how are you configuring 172.18.0.88 on the XS? Jerry ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Bridging XS to another network
Still no luck here. What it boils down to, is that when placing the XS (eth1 - LAN) behind a router with NAT, in order to allow the XS web service to be visible on the external WAN side of the router, what are the required LAN IP settings including netmask and firewall settings, including port forwarding or DMZ Host or other. Anna, you seem to have been able to do that but I can't replicate without more info on your router/firewall settings. I have tried everything I can think of and the XS is not visible from the external network. Only need to be able to see Moodle, etc, (not interested in registering XOs on the external network) David Leeming Solomon Islands Rural Link P.O.Box 652 Honiara, Solomon Islands +677 7476396 (m) +677 24419 (h) www.leeming-consulting.com From: server-devel-boun...@lists.laptop.org [mailto:server-devel-boun...@lists.laptop.org] On Behalf Of David Leeming Sent: Sunday, 31 October 2010 11:38 a.m. To: 'Anna' Cc: 'XS Devel' Subject: Re: [Server-devel] Bridging XS to another network Anna, What you describe below is what I am trying to do (see the net diagram in my other email). I only want apache/Moodle/wiki to be available to the external network (your "regular LAN"). You'll see that I have a simple WRT54G router bridging but no matter what I try, I can't see the apache service through the router. Can you say what Wan and LAN settings you used for your router? I used WAN - fixed 192.168.1.88 / 255.255.255.0 LAN - fixed 172.18.0.88 / 255.255.255.0 Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1) In this set up: If I try to ping from the XS to 172.18.0.88 it is OK, if I try to 192.168.0.88 it says network unreachable. But if I use a PC hooked up on the eth1 network, with fixed IP 172.18.0.89 / 255.255.255.0 (for example) I can ping the WAN address and beyond. This is what leads me to think it needs one extra step with route, or it may be something to do with the WRT LAN setting and XS having different netmasks. You can see I am reaching at straws a little L By way of example, here's a setup I've done in the past: Regular LAN: XS (eth0) 192.168.1.20 My Desktop 192.168.1.6 "XO A" 192.168.1.7 XS LAN: XS (eth1) 172.18.0.1 "XO B" 172.18.96.2 On the XS LAN, "XO B" can go to http://schoolserver or 172.18.0.1 and see the default Moodle homepage. It can also register to the XS and all that good stuff, cause it's getting its IP address from the XS's DHCP server. On theRegular LAN, my desktop and "XO A" can't see the Moodle homepage at 192.168.1.20 until I open port 80 in the firewall on the XS using lokkit (or edit iptables or whatever). Since "XO A" is not getting its IP address from the XS, it won't be able to register. If "XO A" wants to use the XS's Jabber server, that port needs to be opened in the XS firewall. "XO A" can now manually set the Jabber server to 192.168.1.20 and collaborate. If you want to use Moodle, not being able to register to the XS is a huge issue. Apache access works fine, though. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
