[nos-bbs] HTTP server restriction maybe

(Skip) K8RRA k8rra at ameritech.net
Mon Apr 16 08:52:25 EDT 2007 

Barry, I jumped the gun on this one - at least I included "maybe" in the
title...

On Mon, 2007-04-16 at 03:11 -0400, Barry Siegfried wrote:

> ["(Skip) K8RRA" <k8rra at ameritech.net> wrote]:
> 
> > We both fail to serve browsers at the other site across radio links.
> > We are both successful with telnet to the other site over radio between
> > jnos.
> 
> I'm sorry but that makes no sense unless you are somehow blocking HTTP
> (port 80) connections and not blocking telnet (port 23) connections
> over the radio link.  Also, are you sure your HTTP client (presumably
> a machine with an operating system that supports a web browser) is using
> the radio link to communicate to the HTTP server?

When I responded to Maiko, you note I suspected asymmetrical routing?
It is exactly what happened on my site.
The http query arrived on asy from the radio and the server response
departed tun on it's way into cyberspace.
I suspect there are few solutions.
The one that pops into mind is to extend the 44... network beyond the
jnos stack back into the LAN.
Except that violates other "rules"?

> 
> > NO NAT may be the entire answer in a nutshell?
> 
> Doubtful.

You are right from the "many ways to skin a cat" perspective, maybe you
even taught me that before today...
My existing "problem" is lack of solution.
Each alternative I know messes up somebody somewhere it seems.

The missing NAT seems elegant...

> 
> > > The trace would be helpful of course :-)
> 
> A trace is always helpful.

Postmortems are enhanced for sure.

> 
> > What are the chances I can install NAT as a service from the opsys
> > on jnos?
> 
> Very low.
> 
> > Need to learn C first?
> 
> Yes.  You would have to either lift or write 'C' code for insertion
> into ip_route() (IPROUTE.C) that implements several things in order
> to make IPNAT (for outgoing frames) and IP forwarding (for incoming
> frames) work.  There was a time when you might have had to do that
> in order to do what you want with JNOS over the internet (Linux was
> the first O/S to have IPNAT capabilities in the mid-1990s).  Then
> one or two lunatics wrote IPNAT and IP forwarding code for some
> "specialty" NOSs in order to make them mimic what Linux does.  Then
> after that, we became a dynamically IP-assigned world and IPNAT
> appeared in Windows for the masses.
> 
> But with small consumer DHCP/PPPoE/IPNAT routers today, why would
> you want (or need) to do that anymore?  These routers handle these
> functions very nicely now leaving your JNOS program to be very happy
> running behind them.
> 
> > Or am I being erratic?
> 
> Possibly.

OK - I can accept that, then let me ask your opinion of this:
IP Masquerade is a kernal function used routinely on those "old"
machines serving as gateway in their second life.
They sit in a corner with gateway to internet and sometimes a squid
proxy to cache frequent pages.
No "C" required - configure it into the kernel and add the external
configuration to install it.

Might IP Masquerade be configured to work in the Linux host stack on the
tun device traffic?

Certainly that is the point you want to place the 44... static network
(masqueraded) bridge to the "any IP" LAN network.  Even if the Linux
host has no network beyond it, the host stack is a "foreign IP" as far
as jnos is concerned and the host stands to gain "visability" from the
44... network.
There may be a significant difference between an eth0 device and a tun
device, but the network location seems correct.  And if not IP
Masquerade, then there are other options than writing it all over again?

> 
> 73, de Barry, K2MF >>
>            o
>           <|>      Barry Siegfried
> +---------/-\---------------------------+
> | Internet | bgs at mfnos.net              |
> | HomePage | http://www.mfnos.net/~bgs  |
> +----------+----------------------------+
> | Amprnet  | k2mf at k2mf.ampr.org         |
> | PBBS     | k2mf at k2ge.#cnj.nj.usa.noam |
> +----------+----------------------------+
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at lists.tapr.org
> https://lists.tapr.org/cgi-bin/mailman/listinfo/nos-bbs


73
de [George (Skip) VerDuin] K8RRA k
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20070416/c2ae34b8/attachment.html>

More information about the nos-bbs mailing list