[nos-bbs] HTTP server restriction maybe

Barry Siegfried k2mf at k2mf.ampr.org
Mon Apr 16 21:02:13 EDT 2007


["(Skip) K8RRA" <k8rra at ameritech.net> wrote]:

> OK Barry - I believe I better understand / here is a little
> clarification for you...
>
> On Mon, 2007-04-16 at 09:15 -0500, Barry Siegfried wrote:
>
> > ["(Skip) K8RRA" <k8rra at ameritech.net> wrote]:
> >
> > > It is exactly what happened on my site.
> > >
> > > The http query arrived on asy from the radio and the server response
> > > departed tun on it's way into cyberspace.
> >
> > Why is that?  Why could not the return path from the web server
> > to the browsing client be via the radio?
>
> Routing...
>
> The request came from 66... (not 44...)

So you're saying the client request came in over the internet?
I'm confused here.

> The remote browser [and mine is similar] is serviced by the host
> stack (66...), not the jnos stack (44...).

What is a "host" stack?  By "host" do you mean Linux... with a TUN
device to a JNOS program?  And whose JNOS stack?  Again I am quite
confused.

> So the FROM IP is a 66... address.  My jnos can't legit route IP 66...
> out the radio.

Why not?  Where in the rules does it say you can't do that?  My frames
often appear on radio circuits which originate from my desktop at work
where I do software maintenance on RF-only reachable machines.  Do you
think there any special FCC "permit" that comes with using a 44-net
number?  The only thing the FCC says is that you must NOT permit a
non-amateur licensed individual to key an amateur radio transmitter.
Do you think that by using a 44-net number you are somehow pre-
validated as being a licensed amateur radio operator or that by not
using a 44-net number you are somehow pre-tagged as NOT being a
licenses amateur radio operator?

And honestly... even if these things above were true, WHO do you
think is watching?  Answer:  Absolutely nobody.  Because very few
packet radio enthusiasts actually look at raw channel traffic.
But if there WERE people watching, I assure you that they would be
examining AX.25 callsign headers of the packets on the radio channel
rather than the IP numbers of the data they contain.  In other words,
while I might transmit with a 66... IP address over amateur packet
radio, I would definitely NOT transmit with NOCALL-0.

> Actually - if I was willing to manually add his 66... IP to the jnos
> route table to service his site uniquely it has proven to work - but
> his IP is dynamic and the solution is too narrow.

Almost all ISP-provided IP numbers for licensed amateur radio operators
today are dynamically allocated just like they are for everyone else.
What exactly is the problem for which you are trying to find a solution,
and what do you mean by "too narrow"?  Can't your friend who is at this
"host" stack also use a 44-net IP address to transmit over the air to
your "host" stack.  You *can* (you know) assign a different IP address
to each interface in the machine if you'd like.  So then, assign
44-net IP addresses to your radio-attached (presumably) ASY interfaces
and set up your IP routing accordingly.

> His site can not offer reciprocity - probably because my lan is the
> private class C IP number...

Isn't "his" LAN a private class C number too (whoever he is)?  Again,
confusion abounds in my brain.

> Think of it this way:
>
> The solution should support two independent class C networks existing
> geographically remote to each other interconnected by a static 44
> network of one to many hops.
> 
> The solution should also fit on top of any encaps that exist to tunnel
> thru internet from site to site.

Ok.  Then is what you need dynamic IP *routing* in JNOS so that it
can detect a downed RF path and switch to the internet automagically?
To the best of my knowledge nobody has yet ported BGP to any NOS.

> Seems to me other configurations might be simpler than that - so
> those configurations simplify the above solution?

Just set up the IP routing between the two sites the way you want the
packets to travel... regardless of what IP addresses they are using.
But make the IP routing work for the IP addresses you *are* using,
of course.  Read what Jay eloquently explained earlier today.  The
packets will take the IP route you have installed at the end points
and at the IP hops between the end points along the way.

> Our examples work OK where the LAN user (FROM IP unrestricted) obtains
> service (telnet and http) from jnos node 44... site.

I don't know what "IP unrestricted" means.

> Our examples work OK where the jnos bbs user (FROM IP 44...) obtains
> service (telnet & smtp) from remote network 44 sites.
>
> Our examples fail where one user on the LAN uses 44... network to obtain
> service (any) from a site remote to the site of entry into the 44...
> network.
>
> So far - no solution (yes Jay we will keep looking).

My goodness this seems to be terribly complicated.  Good luck on
finding your solution!

> > If I even knew what an "opsys" was I might add.  :)
>
> Oh my - "opsys" == Operating System / mine is Linux...

I have never seen "operating system" referred to that way.  I
abbreviate it "O/S".

73, de Barry, K2MF >>
           o
          <|>      Barry Siegfried
+---------/-\---------------------------+
| Internet | bgs at mfnos.net              |
| HomePage | http://www.mfnos.net/~bgs  |
+----------+----------------------------+
| Amprnet  | k2mf at k2mf.ampr.org         |
| PBBS     | k2mf at k2ge.#cnj.nj.usa.noam |
+----------+----------------------------+




More information about the nos-bbs mailing list