[nos-bbs] HTTP server restriction maybe

Barry Siegfried k2mf at k2mf.ampr.org
Tue Apr 17 14:50:56 EDT 2007 

["(Skip) K8RRA" <k8rra at ameritech.net> wrote]:

> On Tue, 2007-04-17 at 12:08 -0500, Barry Siegfried wrote:
>
> > ["(Skip) K8RRA" <k8rra at ameritech.net> wrote]:
> >
> > > Try this model:
> > > Site A (me):
> > >    Host A1 / Linux: static 192.168.1.32 IP + jnos 44.102.132.20
> > >    LAN to Internet bridge appliance: LAN IP 192.168.1.254 + WAN IP 24...
> > > dynamic
> > >    Host A2 / any O/S: dynamic LAN IP 192...
> >
> > And don't you also have a 44-net IP address on the Linux side of
> > the TUN device to JNOS?
>
> Oh no - the host stack only has a route to 44... network - there is no
> 44 IP on the host.

Why not???  That is the crux of your WHOLE problem!  LOL

As I am picturing this, the ASY radio interface is either on the
"host stack" (i.e. Linux), or on the JNOS stack.  If it is on the
"host stack" (i.e. Linux), then it should have a 44-net IP address
assigned to it which will then be used as an originating IP address
when sending frames to the ASY radio interface.  If it is on the JNOS
stack, then the 44-net IP address that is assigned to the Linux end
of the TUN device to JNOS will be used as an originating IP address
when sending frames to the ASY radio interface.

Either way, the frame *should* emerge on the air with a 44-net FROM
address.  This is how it is done.  Otherwise (my poor understanding
of) what you are trying to do will NEVER work.

> > <<SNIP>>- the primary issue is that the FROM IP is NOT 44....
> >
> > Well it should be.  Why isn't it?
>
> No - it should not be - network rules are being accurately followed
> here.

Huh?  What network rules?  Are you talking about the 24..., 66...,
and 192... "private" stuff?  These numbers wouldn't even come into
play if you had a proper 44-net IP address assignment on the ASY
radio interface and/or on the Linux TUN device.

> The only way to get to 44... as a FROM IP (without re-writing jnos to
> share the host stack) is thru NAT as far as I know.

Oh boy.  Which books have you been reading?  You have made this
incredibly more complicated than it has to be.

> > > As a parting thought Barry:
> > >
> > > Remember this conversation is pointed at defining a *representative*
> > > set of configuration examples for documentation on the wiki.  It is
> > > my desire that the wiki example might be used like a cut-and-paste
> > > to create new config files while changing a site.
> >
> > Skip, I'm sorry to tell you that cutting and pasting other people's
> > configs are EXACTLY what gets most newbies into trouble and getting
> > other people involved anyway "to straighten out the mess".  You are
> > not the first person to try and do this with an "automated installation"
> > of one sort or another.  All very noble goals to get more people
> > "interested".  But it doesn't change the fact that every config is
> > unique and there is just no way around that.
> >
> > Honestly, I think you are spinning your wheels with this idea of
> > creating a "one config fits all" scenario.
>
> Oh no no - not one but *maybe* a dozen...?

Here is a comparison:

It's like the emergency (or "disaster recovery") that we like to
prepare for in business (to make stockholders think we are
"prepared").  No matter which scenario we envision happening,
something *else* will happen that we did not forsee and for which
we did not prepare.

It never fails to happen that way.  Every situation presents a
unique set of problems to solve.  And so does every hardware
configuration as well as each person's goals for the software
that they use.

> My life has demonstrated many times that learning from example is
> quite effective.

Well of course it is!  But that is from *personal* experience.  There
are thousands of examples in the naked city before you narrow them down
to the ones that *you* like to use and the ones that achieve *your*
goals.

> Please don't confuse "not thinking for one's self" with "cut-and-paste"
> - and I'll leave automation to developers.

Unfortunately, my long experience with attempting to help get people
on packet over the years is just that:  For the most part, they don't
think for themselves (and they don't *want* to know either), and that
is where our "examples" only get them into trouble.

"But it worked for you!  Why isn't it working for me?" is what is most
often heard.  I think you then know what comes next.  You then need
to take over the config of their equipment because they can't make
it work themselves.

If you think a Wiki full of config examples will make it easier for
you, it won't.  It will only get you more involved with individuals
who will be telling you that the information you have posted is
just plain WRONG!  Well it has to be.  It DOESN'T work!

Call me jaded if you will (and you have every right to) but I'm not
making this stuff up.  :)  The battle to "make things easier" is a
battle that nobody can win because no matter how clear we make
something, SOMEBODY will become confused.

> I'm headed for enough examples that learning what is "right for me" can
> be done from comparison with what has been "right for several others".
> That is why I ask you for examples of what has worked in the past...

Very well then.  :)  We will do our very best to comply.

> > There are infinite possibilities within infinite choices.
>
> Oh come on - only if you include minutia like specific IP numbers do
> the options count become truly large.

There is an INCREDIBLE amount of "minutia" besides simply changing
IP numbers.  You didn't think it could really be that simple now,
did you??  But I will not argue about this, and no, I will not make
a laundry list.  It's all really quite irrelevant.

> The sad part in this is that manufacturer and model of equipment does
> effect the options available to the user (as in LinkSys Router & Bridge
> appliance).

Indeed.  See what I mean?  And that's just the tip of the iceberg (so
to speak).

> Yup - havin fun.

And that's what it's all about!  :)

73, de Barry, K2MF >>
           o
          <|>      Barry Siegfried
+---------/-\---------------------------+
| Internet | bgs at mfnos.net              |
| HomePage | http://www.mfnos.net/~bgs  |
+----------+----------------------------+
| Amprnet  | k2mf at k2mf.ampr.org         |
| PBBS     | k2mf at k2ge.#cnj.nj.usa.noam |
+----------+----------------------------+

More information about the nos-bbs mailing list