Send Server-devel mailing list submissions to
server-devel@lists.laptop.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.laptop.org/listinfo/server-devel
or, via email, send a message with subject or body 'help' to
server-devel-requ...@lists.laptop.org
You can reach the person managing the list at
server-devel-ow...@lists.laptop.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Server-devel digest..."
Today's Topics:
1. A quick networking question (George Hunt)
2. Re: A quick networking question (Holt)
3. Re: A quick networking question (Holt)
4. Re: A quick networking question (Anna)
5. Re: A quick networking question (John Watlington)
6. Re: A quick networking question (Holt)
7. Re: A quick networking question (rolf)
8. Re: A quick networking question (Samuel Greenfeld)
----------------------------------------------------------------------
Message: 1
Date: Tue, 28 Feb 2012 12:29:37 -0500
From: George Hunt<georgejh...@gmail.com>
To: XS Devel<server-devel@lists.laptop.org>
Subject: [Server-devel] A quick networking question
Message-ID:
<CADfCcpVJ_=tvxpsadnyo6phdfcm6gfd5cgcbfgdfc3xyikh...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
In Haiti, Adam and I have been trying to get a school server online. We're
finding that volunteers are going through the school server to the internet
with their laptops, and he wants to turn that off, at least for now.
I've turned off /proc/net...ip_forward and verified that there is no
masquerade enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up a
gateway, so I had him turn off the vpn. But still the school server was
routing to the 3G usb modem dongle even with the vpn pipe closed down.
How does the school server act like a router? It may be related to the ppp
connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really wants
to get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to be to
pull out the 3g dongle.
George
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://lists.laptop.org/pipermail/server-devel/attachments/20120228/a6a38158/attachment-0001.html>
------------------------------
Message: 2
Date: Tue, 28 Feb 2012 12:49:34 -0500
From: Holt<h...@laptop.org>
To: server-de...@laptop.org
Subject: Re: [Server-devel] A quick networking question
Message-ID:<4f4d13ae.10...@laptop.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 2/28/2012 12:29 PM, George Hunt wrote:
In Haiti, Adam and I have been trying to get a school server online.
We're finding that volunteers are going through the school server to
the internet with their laptops, and he wants to turn that off, at
least for now.
I've turned off /proc/net...ip_forward and verified that there is no
masquerade enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up
a gateway, so I had him turn off the vpn. But still the school server
was routing to the 3G usb modem dongle even with the vpn pipe closed
down.
How does the school server act like a router? It may be related to
the ppp connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really
wants to get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to be
to pull out the 3g dongle.
Interestingly the XS(*) creates an open path for any random non-XO
laptop to access the web, but seems to block non-web traffic like ssh
and IMAP.
In any case, even if it's just forwarding port 80 and 443 (?) we just
cannot afford to become a free ISP here in semi-rural Haiti, given so
many visitors to our school especially.
(*) XS as set up by Tony Anderson early autumn 2011, and currently
maintained by George Hunt& I.
--
Help kids everywhere map their world, at http://olpcMAP.net !
------------------------------
Message: 3
Date: Tue, 28 Feb 2012 13:05:13 -0500
From: Holt<h...@laptop.org>
To: server-devel@lists.laptop.org
Subject: Re: [Server-devel] A quick networking question
Message-ID:<4f4d1759.7000...@laptop.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that
connect over Wifi.
Traffic across all other ports (incl 443 = https) is thankfully blocked,
though I've no idea why/how unfortunately ;)
On 2/28/2012 12:49 PM, Holt wrote:
On 2/28/2012 12:29 PM, George Hunt wrote:
In Haiti, Adam and I have been trying to get a school server online.
We're finding that volunteers are going through the school server to
the internet with their laptops, and he wants to turn that off, at
least for now.
I've turned off /proc/net...ip_forward and verified that there is no
masquerade enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up
a gateway, so I had him turn off the vpn. But still the school
server was routing to the 3G usb modem dongle even with the vpn pipe
closed down.
How does the school server act like a router? It may be related to
the ppp connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really
wants to get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to
be to pull out the 3g dongle.
Interestingly the XS(*) creates an open path for any random non-XO
laptop to access the web, but seems to block non-web traffic like ssh
and IMAP.
In any case, even if it's just forwarding port 80 and 443 (?) we just
cannot afford to become a free ISP here in semi-rural Haiti, given so
many visitors to our school especially.
(*) XS as set up by Tony Anderson early autumn 2011, and currently
maintained by George Hunt& I.
--
Help kids everywhere map their world, at http://olpcMAP.net !
------------------------------
Message: 4
Date: Tue, 28 Feb 2012 15:38:48 -0600
From: Anna<ascho...@gmail.com>
To: Holt<h...@laptop.org>
Cc: server-devel@lists.laptop.org
Subject: Re: [Server-devel] A quick networking question
Message-ID:
<cafm0qr0dvkb7zffpu_g2peenbwvuk4fmzrnubr6ynov51zh...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
As long as the volunteers connecting with their laptops aren't familiar
with MAC spoofing, you can tell the XS's dhcp server to only hand out IP
addresses to XOs. Instead of fooling with the bit about redirecting all
http traffic for unknown clients to kittenwar.net, leave that bit out or
redirect them to 172.18.0.1 so they can access the local XS but not get
outside.
Here's the writeup:
http://lists.laptop.org/pipermail/server-devel/2011-January/005341.html
Anyway, it's a thought.
Anna Schoolfield
Birmingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL:<http://lists.laptop.org/pipermail/server-devel/attachments/20120228/1a89d2a8/attachment-0001.html>
------------------------------
Message: 5
Date: Tue, 28 Feb 2012 16:43:29 -0500
From: John Watlington<w...@laptop.org>
To: Holt<h...@laptop.org>
Cc: server-devel@lists.laptop.org
Subject: Re: [Server-devel] A quick networking question
Message-ID:<328291a6-d69c-4121-a1ab-6db1df0c8...@laptop.org>
Content-Type: text/plain; charset=us-ascii
On Feb 28, 2012, at 1:05 PM, Holt wrote:
Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect
over Wifi.
Traffic across all other ports (incl 443 = https) is thankfully blocked, though
I've no idea why/how unfortunately ;)
Sounds like your problem is squid. Your firewall is probably blocking
FORWARDS from non-XOs,
but routing all http traffic into squid. You instead need to only route XO
http traffic into squid.
What version school server software ?
Cheers,
wad
On 2/28/2012 12:49 PM, Holt wrote:
On 2/28/2012 12:29 PM, George Hunt wrote:
In Haiti, Adam and I have been trying to get a school server online. We're
finding that volunteers are going through the school server to the internet
with their laptops, and he wants to turn that off, at least for now.
I've turned off /proc/net...ip_forward and verified that there is no masquerade
enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up a
gateway, so I had him turn off the vpn. But still the school server was
routing to the 3G usb modem dongle even with the vpn pipe closed down.
How does the school server act like a router? It may be related to the ppp
connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really wants to
get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to be to pull
out the 3g dongle.
Interestingly the XS(*) creates an open path for any random non-XO laptop to
access the web, but seems to block non-web traffic like ssh and IMAP.
In any case, even if it's just forwarding port 80 and 443 (?) we just cannot
afford to become a free ISP here in semi-rural Haiti, given so many visitors to
our school especially.
(*) XS as set up by Tony Anderson early autumn 2011, and currently maintained
by George Hunt& I.
--
Help kids everywhere map their world, at http://olpcMAP.net !
_______________________________________________
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
------------------------------
Message: 6
Date: Wed, 29 Feb 2012 07:36:27 -0500
From: Holt<h...@laptop.org>
To: server-de...@laptop.org
Subject: Re: [Server-devel] A quick networking question
Message-ID:<4f4e1bcb.3070...@laptop.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Thanks Wad you fixed the problem:
We did not know squid was running on the XS Tony Anderson installed (0.6
derivative I believe) early autumn 2011.
Why our XS continue to resolve& offer free/accurate DNS to any random
laptop that connects over Wifi is disconcerting, if anyone can explain?
But at least the critical problem of giving away free web access (to
rich visitors, rather than Haitian XO users) is solved for now!
On 2/28/2012 4:43 PM, John Watlington wrote:
On Feb 28, 2012, at 1:05 PM, Holt wrote:
Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect
over Wifi.
Traffic across all other ports (incl 443 = https) is thankfully blocked, though
I've no idea why/how unfortunately ;)
Sounds like your problem is squid. Your firewall is probably blocking
FORWARDS from non-XOs,
but routing all http traffic into squid. You instead need to only route XO
http traffic into squid.
What version school server software ?
Cheers,
wad
On 2/28/2012 12:49 PM, Holt wrote:
On 2/28/2012 12:29 PM, George Hunt wrote:
In Haiti, Adam and I have been trying to get a school server online. We're
finding that volunteers are going through the school server to the internet
with their laptops, and he wants to turn that off, at least for now.
I've turned off /proc/net...ip_forward and verified that there is no masquerade
enabled in the iptables.
But that's not enough!! I wasn't sure that the vpn wasn't setting up a
gateway, so I had him turn off the vpn. But still the school server was
routing to the 3G usb modem dongle even with the vpn pipe closed down.
How does the school server act like a router? It may be related to the ppp
connection and wdial configuration. But I'm stumped.
But I'm trying to bring myself up to speed quickly because he really wants to
get it turned off.
Any ideas on what to try next? I'm afraid the solution is going to be to pull
out the 3g dongle.
Interestingly the XS(*) creates an open path for any random non-XO laptop to
access the web, but seems to block non-web traffic like ssh and IMAP.
In any case, even if it's just forwarding port 80 and 443 (?) we just cannot
afford to become a free ISP here in semi-rural Haiti, given so many visitors to
our school especially.
(*) XS as set up by Tony Anderson early autumn 2011, and currently maintained
by George Hunt& I.
--
Help kids everywhere map their world, at http://olpcMAP.net !
_______________________________________________
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
