[nos-bbs] HTTP server restriction maybe

(Skip) K8RRA k8rra at ameritech.net
Tue Apr 17 19:11:24 EDT 2007


OK Jay - Barry says I am proving *his* point with *my* argument...
Now you pull out this black magic book from somewhere and make sense of
it all...

On Tue, 2007-04-17 at 15:03 -0400, Jay Nugent wrote:

> Greetings Skip (et al),
> 
> On Tue, 17 Apr 2007, (Skip) K8RRA wrote:
> 
> > On Tue, 2007-04-17 at 12:08 -0500, Barry Siegfried wrote:



>    The "source" address of an outgoing packet is determined by the
> *interface* address used.  And which *interface* is determined by the
> destination address you are trying to reach, and what *interface* the
> *route table* says you must use to get to the desired destination.

I did not find this in the man pages - it's good stuff.

> 
>    That's alot to chew on.  Let me explain...
> 
>    I have a Linux box here.  It's address is 216.144.208.6.  However, I 
> would like this box to also be able to reach the HTTP webpages at 
> wb8rcr.ampr.org.  To do this I added an additional *interface* to this box 
> along with the supporting *route* entry, as follows:
> 
>    ifconfig eth0:44 44.102.1.239

What black magic is this ":44" stuff? does this make your eth0 interface
carry a special (alias?) *44*?
May I presume the (non-alias?) ifconfig for eth0 carries the
216.144.208.6?

> 
>    route add -net 44.0.0.0/8 gw 44.102.1.1

Isn't the route statement missing the interface "dev eth0:44" spec?
Or is :44 a subnet spec?

I recognize 44.102.1.1 - is it a separate dos platform on the LAN with
jnos?


>    BINGO!!!  

BINGO indeed...

> Now when I point my browser to http://wb8rcr.ampr.org,

Resolved thru DNS by virtue of ampr.org registration as shown in HOSTS
table you keep on DRG?

>  my
> packets to out addressed TO 44.102.200.17, addressed FROM 44.102.1.239.  
> They are 'GW'ayed to the JNOS/Hamgate 44.102.1.1, who then passes them
> through the normal AMPRnet routing to get to wb8rcr.ampr.org's web server.

Whew - Ola / no NAT!

> 
>    When the wb8rcr.ampr.org web server responds, it returns packets
> addressed to my FROM address of 44.102.1.239.  Following the normal
> AMPRnet network routing that says send all 44.102.1/24 to
> Hamgate.Washtenaw.AMPR.org (44.102.1.1).
> 
>    Normally, Hamgate.Washtenaw sends all 44.102.1/24 traffic out its RF
> port, but remember we put in a /32 route stipulating we are to send
> 44.102.1.239 out the ethernet.  So "Thinking like a Packet" we do just
> that and the web content reaches my Linux box and my browser dislays the
> webpage :)
> 
>    Forget NAT (it's almost as evil as firewalls are).  We have enough
> 44-net addresses to go around so there is NO need to use NAT anywhere.  
> If you want more 44-et addresses Skip, fill out the application on the
> MI-DRG.org website and get a few more assigned to you.

If I understand, then that will be one 44.. per box on the LAN having
access thru hamgate.

>   Also, there is
> nothing "magical" about the 44-net addresses.  ANY ip address *can* be
> routed over the RF network.  We *could* be using 192.168.x.y if we wanted.  
> Just so long as the ROUTING TABLES on every node that needs to pass such
> traffic knows how to send them.  They are *just numbers*.

Well sorta yes - but...
When I read the "beauty" of 192.168 I interpret it to imply "freedom to
choose subnet members with impunity".
The private subnets manage their own IP assignments without concern for
the rest of the world and insulate themselves with NAT.
With the above approach to the private C routing, no one else had better
duplicate my choice of node IP addresses.
I'm concerned that use of *just numbers* approach creates an
unmanageable circumstance...? (more later eye-to-eye)

> 
>    Skip, I believe you will be attending this Saturday's DRG meeting?  In
> my training session I'll be going over static routing and how to "Think
> like a Packet".

I saw the agenda - it looks very meaty...

>   Hope to see you there!

And I *pray* that you will work with me to get at least one topic from
the agenda also presented thru wiki.
I *really want* to present wiki in the context: "You can see this (some)
topic already presented here another way / here is the example..."
HOW CAN I HELP MAKE THAT HAPPEN?

>   And hope that we can help clear
> up any misconceptions and help lift the fog a little.  I'll bring an empty
> V8 juice can with me so you can smack it into your forehead when this all
> comes clear for you ;-)

I'm already wet!

>   See you there!
> 
>       --- Jay Nugent  WB8TKL
>  



73
de [George (Skip) VerDuin] K8RRA k
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20070417/695581db/attachment.html>


More information about the nos-bbs mailing list