[nos-bbs] HTTP server restriction maybe
k8rra at ameritech.net
Tue Apr 17 19:11:24 EDT 2007
OK Jay - Barry says I am proving *his* point with *my* argument...
Now you pull out this black magic book from somewhere and make sense of
On Tue, 2007-04-17 at 15:03 -0400, Jay Nugent wrote:
> Greetings Skip (et al),
> On Tue, 17 Apr 2007, (Skip) K8RRA wrote:
> > On Tue, 2007-04-17 at 12:08 -0500, Barry Siegfried wrote:
> The "source" address of an outgoing packet is determined by the
> *interface* address used. And which *interface* is determined by the
> destination address you are trying to reach, and what *interface* the
> *route table* says you must use to get to the desired destination.
I did not find this in the man pages - it's good stuff.
> That's alot to chew on. Let me explain...
> I have a Linux box here. It's address is 184.108.40.206. However, I
> would like this box to also be able to reach the HTTP webpages at
> wb8rcr.ampr.org. To do this I added an additional *interface* to this box
> along with the supporting *route* entry, as follows:
> ifconfig eth0:44 220.127.116.11
What black magic is this ":44" stuff? does this make your eth0 interface
carry a special (alias?) *44*?
May I presume the (non-alias?) ifconfig for eth0 carries the
> route add -net 18.104.22.168/8 gw 22.214.171.124
Isn't the route statement missing the interface "dev eth0:44" spec?
Or is :44 a subnet spec?
I recognize 126.96.36.199 - is it a separate dos platform on the LAN with
> Now when I point my browser to http://wb8rcr.ampr.org,
Resolved thru DNS by virtue of ampr.org registration as shown in HOSTS
table you keep on DRG?
> packets to out addressed TO 188.8.131.52, addressed FROM 184.108.40.206.
> They are 'GW'ayed to the JNOS/Hamgate 220.127.116.11, who then passes them
> through the normal AMPRnet routing to get to wb8rcr.ampr.org's web server.
Whew - Ola / no NAT!
> When the wb8rcr.ampr.org web server responds, it returns packets
> addressed to my FROM address of 18.104.22.168. Following the normal
> AMPRnet network routing that says send all 44.102.1/24 to
> Hamgate.Washtenaw.AMPR.org (22.214.171.124).
> Normally, Hamgate.Washtenaw sends all 44.102.1/24 traffic out its RF
> port, but remember we put in a /32 route stipulating we are to send
> 126.96.36.199 out the ethernet. So "Thinking like a Packet" we do just
> that and the web content reaches my Linux box and my browser dislays the
> webpage :)
> Forget NAT (it's almost as evil as firewalls are). We have enough
> 44-net addresses to go around so there is NO need to use NAT anywhere.
> If you want more 44-et addresses Skip, fill out the application on the
> MI-DRG.org website and get a few more assigned to you.
If I understand, then that will be one 44.. per box on the LAN having
access thru hamgate.
> Also, there is
> nothing "magical" about the 44-net addresses. ANY ip address *can* be
> routed over the RF network. We *could* be using 192.168.x.y if we wanted.
> Just so long as the ROUTING TABLES on every node that needs to pass such
> traffic knows how to send them. They are *just numbers*.
Well sorta yes - but...
When I read the "beauty" of 192.168 I interpret it to imply "freedom to
choose subnet members with impunity".
The private subnets manage their own IP assignments without concern for
the rest of the world and insulate themselves with NAT.
With the above approach to the private C routing, no one else had better
duplicate my choice of node IP addresses.
I'm concerned that use of *just numbers* approach creates an
unmanageable circumstance...? (more later eye-to-eye)
> Skip, I believe you will be attending this Saturday's DRG meeting? In
> my training session I'll be going over static routing and how to "Think
> like a Packet".
I saw the agenda - it looks very meaty...
> Hope to see you there!
And I *pray* that you will work with me to get at least one topic from
the agenda also presented thru wiki.
I *really want* to present wiki in the context: "You can see this (some)
topic already presented here another way / here is the example..."
HOW CAN I HELP MAKE THAT HAPPEN?
> And hope that we can help clear
> up any misconceptions and help lift the fog a little. I'll bring an empty
> V8 juice can with me so you can smack it into your forehead when this all
> comes clear for you ;-)
I'm already wet!
> See you there!
> --- Jay Nugent WB8TKL
de [George (Skip) VerDuin] K8RRA k
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nos-bbs