[nos-bbs] HTTP server restriction maybe

Jay Nugent jjn at nuge.com
Thu Apr 19 09:11:25 EDT 2007 

Greetings Skip,

On Wed, 18 Apr 2007, (Skip) K8RRA wrote:

> I hate to do this Jay, but the formula does not work here...


> >    The "source" address of an outgoing packet is determined by the
> > *interface* address used.  And which *interface* is determined by the
> > destination address you are trying to reach, and what *interface* the
> > *route table* says you must use to get to the desired destination.
> 
> The above protocol did not work here - the FROM IP remained 192... as
> seen in the tun0 trace.
> I used ping 44.102.132.20 (me) and 44.102.132.1 (Dave)
> In all cases the ICMP packet from ping did go out the radio as it should
> - OUTBOUND is OK... except for FROM IP.

   I'll assume here you are performing these pings from the shell prompt 
on the Linux box???

   Then that tells me we are not sucessfully picking up a 44-net "source" 
address from Linux.  Probably because the Linux box doesn't have a 44-net 
address known to its IP stack (usually picked up from the ethernet card or 
cards).


> >   However, I would like this box to also be able to reach the HTTP
> > webpages at wb8rcr.ampr.org.  To do this I added an additional
> > *interface* to this box along with the supporting *route* entry, as
> > follows:
> > 
> >    ifconfig eth0:44 44.102.1.239
> > 
> >    route add -net 44.0.0.0/8 gw 44.102.1.1
> 
> My choices were both:
> 
>     ifconfig eth0:44 44.102.132.229
>     route add -net 44.102.0.0/16  tun0
> 
> and:
> 
>    ifconfig tun0:44 44.102.132.229
>    route add -net 44.102.0.0/16 tun0

   No no no.  Leave the TUN alone.  It is mearly a P-t-P (Point to Point) 
link between the Linux IP stack and the JNOS "applications" IP stack.  We 
will do everything we need to do in the ROUTING TABLES on the Linux box 
and the ROUTING TABLE in the JNOS application.

 
> In both cases the ifconfig showed the desired added interface - I don't
> have yours for comparison but they look OK to me.
> 
> Interesting fact (FYI):
> In the first case "eth0:44" the ifconfig statement added a route to the
> host table "44.0.0.0 * ... eth0"

   Correct.  This is good.  When an ethernet card is configured it is 
assumed that a "network" route to the subnet that the card was configured 
for will be needed.  This is so the ethernet can reach other hosts out on 
th eethernet of the same subnet.


> In the second case "tun0:44" there was no route added to the table
> automatically.

   As I said earlier.  We do not touch the TUN interface.


   MY scenario was a stand-alone Linux box with a browser, sitting 
peacefully on my ethernet.  All seperate from a seperate box running JNOS, 
also sitting peacefully on my ethernet.  Very simple.  Very easy.

   But in your case it appears, you are trying to browse the 
wb8rcr.ampr.org webpages from the browser ON the same Linux box that also 
hosts your JNOS application.  Is this correct???

   This *may* make getting the browser on Linux to USE the 44-net address 
of its ethernet card (set as an alias using 'ifconfig eth0:44 
44.102.132.228').

   A picture is worth a thousand words.  I quickly put together a JPG
(attached) of how I *think* you network *should* be configured.  I show an
external host using a browser (in the same way that I do here) to reach
the wb8rcr webpages over the AMPRnet.  I also show how I *think* the
hosting Linux box would be configured so its browser could reach the
wb8rcr webpages.  I show the route table on the Linux box.  The route
table on the JNOS application.  The route table on an external Linux box.  
And I show any special 'ifconfigs' that would be needed.

   Look it over, see if it makes any sense.  And please realize I threw 
this together while half asleep and in a hurry,  so there may be minor 
syntatical errors - but you'll get the idea...

   Dang!  Just caught an error.  The 'route add' on Hamgate.Ottawa should
be to 44.102.132.229 not .228.  And the route table on the hosting Linux
box needs to have a route to .229 via ETH0 added so the external Linux box
can be reached.  Sheesh! The details...

   Enjoy!  I'm off to bed now so I can be up at the crack-of-noon to start 
my regular workday :)

      --- Jay Nugent  WB8TKL

"Getting rid of terrorism is like getting rid of dandruff.  It cannot
 be done completely no matter how hard you try." -- Gore Vidal
+------------------------------------------------------------------------+
| Jay Nugent   jjn at nuge.com    (734)484-5105    (734)544-4326/Fax        |
| Nugent Telecommunications  [www.nuge.com]     (734)649-0851/Cell       |
|   Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
| Web-Pegasus    [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
| LinuxNIC, Inc. [www.linuxnic.net]   Registrar of the .linux TLD        |
+------------------------------------------------------------------------+
  8:01am  up 39 days,  3:50,  5 users,  load average: 0.00, 0.02, 0.08
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AMPR-Web-Access.jpg
Type: image/jpeg
Size: 138559 bytes
Desc: 
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20070419/09c7e35d/attachment.jpg>

More information about the nos-bbs mailing list