[Server-devel] Bridging XS to another network
Jerry Vonau
jvonau at shaw.ca
Mon Nov 1 06:42:54 EDT 2010
On Sat, 2010-10-30 at 17:32 -0500, Anna wrote:
> David:
>
> I'm a little confused as to your setup. If you just have the one
> ethernet device on the XS, it can either get an IP address from your
> router (as eth0) or hand out DHCP addresses (as eth1). It can't be in
> both roles.
>
> I've played around with external access for the XS and it does involve
> some firewall stuff. I think I used lokkit to configure access to
> port 80 and the jabber port to my regular LAN. Then I opened up those
> ports on my router firewall for access from the rest of the internet.
>
> By way of example, here's a setup I've done in the past:
>
> Regular LAN:
> XS (eth0) 192.168.1.20
> My Desktop 192.168.1.6
> "XO A" 192.168.1.7
>
> XS LAN:
> XS (eth1) 172.18.0.1
> "XO B" 172.18.96.2
>
> On the XS LAN, "XO B" can go to http://schoolserver or 172.18.0.1 and
> see the default Moodle homepage. It can also register to the XS and
> all that good stuff, cause it's getting its IP address from the XS's
> DHCP server.
>
> On the Regular LAN, my desktop and "XO A" can't see the Moodle
> homepage at 192.168.1.20 until I open port 80 in the firewall on the
> XS using lokkit (or edit iptables or whatever). Since "XO A" is not
> getting its IP address from the XS, it won't be able to register.
That is fixable, edit /etc/idmgr.conf.in and idmgr.conf change
BIND_DOMAIN=172.18.0.1 to BIND_ADDRESS='0.0.0.0'
service idmgr restart
You would need to open up port 8080 for idmgr
> If "XO A" wants to use the XS's Jabber server, that port needs to be
> opened in the XS firewall. "XO A" can now manually set the Jabber
> server to 192.168.1.20 and collaborate. If you want to use Moodle,
> not being able to register to the XS is a huge issue.
Now with idmgr listening on all interfaces, you just have to now have
schoolserver resolve to 192.168.1.20 for the clients on this network.
If you have control over the dns, add schoolserver so it resolves,
or you can just add a schoolserver entry to the /etc/hosts file on the
XOs. This should allow the XO register, you don't have to edit the
jabber server address, that get filled in upon registration.
> Apache access works fine, though.
>
That sounds like what is happening to David.
> I use ifcfg-eth0-local to set the static IP for eth0 on the XS.
> Here's my example:
>
> IPADDR=192.168.1.20
> NETMASK=255.255.255.0
> NETWORK=192.168.1.0
> BROADCAST=192.168.1.255
> GATEWAY=192.168.1.254
>
> To see what I need to put in there, I'll do this on another Linux box
> connected to my Regular LAN:
>
> anna at anna-desktop:~$ ifconfig eth0
> eth0 Link encap:Ethernet HWaddr 00:0f:1f:80:0d:ea
> inet addr:192.168.1.4 Bcast:192.168.1.255
> Mask:255.255.255.0
> inet6 addr: fe80::20f:1fff:fe80:dea/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1328780 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1018129 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:1602636271 (1.6 GB) TX bytes:98891469 (98.8 MB)
>
> anna at anna-desktop:~$ netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window
> irtt Iface
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
> 0 eth0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
> 0 eth0
> 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0
> 0 eth0
>
> If you're trying to have all the services available with just the
> single ethernet port, good luck. I'm no networking expert, but I
> don't see how it's possible.
>
Can be done, there are a few files that need editing.
Jerry
More information about the Server-devel
mailing list