[nos-bbs] HTTP server restriction maybe
(Skip) K8RRA
k8rra at ameritech.net
Wed Apr 18 21:27:08 EDT 2007
I hate to do this Jay, but the formula does not work here...
On Tue, 2007-04-17 at 15:03 -0400, Jay Nugent wrote:
> Greetings Skip (et al),
>
> On Tue, 17 Apr 2007, (Skip) K8RRA wrote:
>
> > On Tue, 2007-04-17 at 12:08 -0500, Barry Siegfried wrote:
>
> Nada. No way. Uh uh. No sirie! NAT, cough gag hurl!
>
> The "source" address of an outgoing packet is determined by the
> *interface* address used. And which *interface* is determined by the
> destination address you are trying to reach, and what *interface* the
> *route table* says you must use to get to the desired destination.
The above protocol did not work here - the FROM IP remained 192... as
seen in the tun0 trace.
I used ping 44.102.132.20 (me) and 44.102.132.1 (Dave)
In all cases the ICMP packet from ping did go out the radio as it should
- OUTBOUND is OK... except for FROM IP.
The route table is attached for your inspection.
>
> That's alot to chew on. Let me explain...
>
> I have a Linux box here. It's address is 216.144.208.6.
I have a Linux box here with FC-6 and jnos on it. The host is static
192.168.1.32
> However, I
> would like this box to also be able to reach the HTTP webpages at
> wb8rcr.ampr.org. To do this I added an additional *interface* to this box
> along with the supporting *route* entry, as follows:
>
> ifconfig eth0:44 44.102.1.239
>
> route add -net 44.0.0.0/8 gw 44.102.1.1
My choices were both:
ifconfig eth0:44 44.102.132.229
route add -net 44.102.0.0/16 tun0
and:
ifconfig tun0:44 44.102.132.229
route add -net 44.102.0.0/16 tun0
In both cases the ifconfig showed the desired added interface - I don't
have yours for comparison but they look OK to me.
Interesting fact (FYI):
In the first case "eth0:44" the ifconfig statement added a route to the
host table "44.0.0.0 * ... eth0"
In the second case "tun0:44" there was no route added to the table
automatically.
>
>
> So at this point I now have a Linux box that will send ALL it's traffic
> out onto my ethernet as 216.144.208.6 *UNLESS* it happens to be going to
> anything in the AMPRnet (44/8). In which case it flows out onto my
> ethernet addressesd FROM 44.102.1.239 and GATEWAYED through 44.102.1.1
> (which happens to be my JNOS/Hamgate on that very same ethernet).
>
> Now, remember what I said about "Think like a Packet" the other day.
> What's missing? ...a return route!!!
>
> So on the JNOS/Hamgate I have to add a route that will send any packets
> it receives *for* 44.102.1.239 *back* to the Linux box on the ethernet.
> So on the JNOS/Hamgate I have added this route:
>
> route add 44.102.1.239 eth0
this was:
route add 44.102.132.229 tun0
The route tables partly worked - the packet went out.
>
>
> BINGO!!!
NO BINGO!!! Lost packets for wrong FROM IP (I guess).
> Skip, I believe you will be attending this Saturday's DRG meeting? In
> my training session I'll be going over static routing and how to "Think
> like a Packet". Hope to see you there! And hope that we can help clear
> up any misconceptions and help lift the fog a little. I'll bring an empty
> V8 juice can with me so you can smack it into your forehead when this all
> comes clear for you ;-) See you there!
I expect you will see me - but I'd like to be successful before I arrive
at the meeting.
What say you?
>
> --- Jay Nugent WB8TKL
>
73
de [George (Skip) VerDuin] K8RRA k
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20070418/b63ace10/attachment.html>
-------------- next part --------------
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
k8rra.ampr.org * 255.255.255.255 UH 0 0 0 tun0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
44.102.0.0 * 255.255.0.0 U 0 0 0 tun0
default 192.168.1.254 0.0.0.0 UG 0 0 0 eth0
More information about the nos-bbs
mailing list