[nos-bbs] HTTP server restriction maybe

Jay Nugent jjn at nuge.com
Tue Apr 17 19:54:31 EDT 2007

Greetings Skip,

On Tue, 17 Apr 2007, (Skip) K8RRA wrote:

> OK Jay - Barry says I am proving *his* point with *my* argument...
> Now you pull out this black magic book from somewhere and make sense of
> it all...
> On Tue, 2007-04-17 at 15:03 -0400, Jay Nugent wrote:
> > Greetings Skip (et al),
> > 
> > On Tue, 17 Apr 2007, (Skip) K8RRA wrote:
> > 
> > > On Tue, 2007-04-17 at 12:08 -0500, Barry Siegfried wrote:
> >    The "source" address of an outgoing packet is determined by the
> > *interface* address used.  And which *interface* is determined by the
> > destination address you are trying to reach, and what *interface* the
> > *route table* says you must use to get to the desired destination.
> I did not find this in the man pages - it's good stuff.
> > 
> >    That's alot to chew on.  Let me explain...
> > 
> >    I have a Linux box here.  It's address is  However, I 
> > would like this box to also be able to reach the HTTP webpages at 
> > wb8rcr.ampr.org.  To do this I added an additional *interface* to this box 
> > along with the supporting *route* entry, as follows:
> > 
> >    ifconfig eth0:44
> What black magic is this ":44" stuff? does this make your eth0 interface
> carry a special (alias?) *44*?
> May I presume the (non-alias?) ifconfig for eth0 carries the

   A'yup!  In Linux you can assign an ethernet card to have many many
'aliases'.  The alternative would be to install a 2nd ethernet card and
configure it with the 44.102.x.y address.  And I chose the :44 designation
just so it would stand out to me, the lowly carbon unit (infestation that
I am), could easily differentiate this interface from any others that I
might have when I type the "ifconfig" command.  You can use any
(reasonable) numeric designation that you like.

   This also goes hand in hand with the fact that you can run many many 
different subnets on the *same* ethernet.  It's just a wire.  It doesn't 
care who the bits are addressed to :)

   And you presume correctly, the non-alias of the card is my public IP 
address of :)

> >    route add -net gw
> Isn't the route statement missing the interface "dev eth0:44" spec?
> Or is :44 a subnet spec?

   Nope, that is optional.  Since there is only ONE ethernet card on
this box, it is assumed the "dev" with be eth0.

> I recognize - is it a separate dos platform on the LAN with
> jnos?

   Yes, is my DOS based JNOS 2.0 configured as

> >    BINGO!!!  
> BINGO indeed...
> > Now when I point my browser to http://wb8rcr.ampr.org,
> Resolved thru DNS by virtue of ampr.org registration as shown in HOSTS
> table you keep on DRG?

   Nothing to do with HOSTS.NET really.  But yes, it is resolved through 
DNS just like any other domain name is on the Internet.

   Our xNOS boxes *can* be configured to act as DNS "servers" that will
perform recursive lookups with the master servers at UCSD (and other
masters placed around the world) if they have a connection to the
Internet.  Or they can be configured to act simply as "caching
nameservers" only, and base their lookups purly on what is contained in 
the DOMAIN.TXT file.

   BTW - I have a new DOMAIN.TXT file (for Michigan Only) I will publish
on the DRG website in the next day or two...

> >  my
> > packets to out addressed TO, addressed FROM  
> > They are 'GW'ayed to the JNOS/Hamgate, who then passes them
> > through the normal AMPRnet routing to get to wb8rcr.ampr.org's web server.
> Whew - Ola / no NAT!
> > 
> >    When the wb8rcr.ampr.org web server responds, it returns packets
> > addressed to my FROM address of  Following the normal
> > AMPRnet network routing that says send all 44.102.1/24 to
> > Hamgate.Washtenaw.AMPR.org (
> > 
> >    Normally, Hamgate.Washtenaw sends all 44.102.1/24 traffic out its RF
> > port, but remember we put in a /32 route stipulating we are to send
> > out the ethernet.  So "Thinking like a Packet" we do just
> > that and the web content reaches my Linux box and my browser dislays the
> > webpage :)
> > 
> >    Forget NAT (it's almost as evil as firewalls are).  We have enough
> > 44-net addresses to go around so there is NO need to use NAT anywhere.  
> > If you want more 44-et addresses Skip, fill out the application on the
> > MI-DRG.org website and get a few more assigned to you.
> If I understand, then that will be one 44.. per box on the LAN having
> access thru hamgate.

   Correct.  If you are just testing (as I often do) just grab and use an 
address from high up in your subnet ( or above).  If you 
need the address protected so that nobody else accidentaly grabs it, then 
fill out the application form of the DRG website and I'll give ya some.

> >   Also, there is
> > nothing "magical" about the 44-net addresses.  ANY ip address *can* be
> > routed over the RF network.  We *could* be using 192.168.x.y if we wanted.  
> > Just so long as the ROUTING TABLES on every node that needs to pass such
> > traffic knows how to send them.  They are *just numbers*.
> Well sorta yes - but...
> When I read the "beauty" of 192.168 I interpret it to imply "freedom to
> choose subnet members with impunity".
> The private subnets manage their own IP assignments without concern for
> the rest of the world and insulate themselves with NAT.
> With the above approach to the private C routing, no one else had better
> duplicate my choice of node IP addresses.
> I'm concerned that use of *just numbers* approach creates an
> unmanageable circumstance...? (more later eye-to-eye)

   Yes, there are concerns of duplication, such as letting packets get
loose in the wild (i.e. out on the Internet) that should not be.  We can 
talk about that more eye-2-eye.

> >    Skip, I believe you will be attending this Saturday's DRG meeting?  In
> > my training session I'll be going over static routing and how to "Think
> > like a Packet".
> I saw the agenda - it looks very meaty...
> >   Hope to see you there!
> And I *pray* that you will work with me to get at least one topic from
> the agenda also presented thru wiki.
> I *really want* to present wiki in the context: "You can see this (some)
> topic already presented here another way / here is the example..."

   I plan to work your Wiki into the discussion in several places.  
Partly to publicise the website, and partly to get people to jump on board
and lend you more assistance.  There are a number of pages that I feel you
can use minor rewrites by someone who has a fuller understanding of the
material.  You have done a butt-load of work, sir!  Keep up the good work!

> >   And hope that we can help clear
> > up any misconceptions and help lift the fog a little.  I'll bring an empty
> > V8 juice can with me so you can smack it into your forehead when this all
> > comes clear for you ;-)
> I'm already wet!

   Glad you remembered the commercial that came from.  Some folks miss
that reference entirely... DOH!


      --- Jay Nugent  WB8TKL
"Getting rid of terrorism is like getting rid of dandruff.  It cannot
 be done completely no matter how hard you try." -- Gore Vidal
| Jay Nugent   jjn at nuge.com    (734)484-5105    (734)544-4326/Fax        |
| Nugent Telecommunications  [www.nuge.com]     (734)649-0851/Cell       |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net]   Registrar of the .linux TLD        |
  7:01pm  up 37 days, 14:47,  5 users,  load average: 0.57, 0.19, 0.12
-------------- next part --------------
nos-bbs mailing list
nos-bbs at lists.tapr.org

More information about the nos-bbs mailing list