[Server-devel] Bridging XS to another network

Anna aschoolf at gmail.com
Sat Oct 30 18:32:52 EDT 2010 

David:

I'm a little confused as to your setup.  If you just have the one ethernet
device on the XS, it can either get an IP address from your router (as eth0)
or hand out DHCP addresses (as eth1).  It can't be in both roles.

I've played around with external access for the XS and it does involve some
firewall stuff.  I think I used lokkit to configure access to port 80 and
the jabber port to my regular LAN.  Then I opened up those ports on my
router firewall for access from the rest of the internet.

By way of example, here's a setup I've done in the past:

Regular LAN:
XS (eth0) 192.168.1.20
My Desktop 192.168.1.6
"XO A" 192.168.1.7

XS LAN:
XS (eth1) 172.18.0.1
"XO B" 172.18.96.2

On the XS LAN, "XO B" can go to http://schoolserver or 172.18.0.1 and see
the default Moodle homepage.  It can also register to the XS and all that
good stuff, cause it's getting its IP address from the XS's DHCP server.

On the Regular LAN, my desktop and "XO A" can't see the Moodle homepage at
192.168.1.20 until I open port 80 in the firewall on the XS using lokkit (or
edit iptables or whatever).  Since "XO A" is not getting its IP address from
the XS, it won't be able to register.  If "XO A" wants to use the XS's
Jabber server, that port needs to be opened in the XS firewall.  "XO A" can
now manually set the Jabber server to 192.168.1.20 and collaborate.  If you
want to use Moodle, not being able to register to the XS is a huge issue.
Apache access works fine, though.

I use ifcfg-eth0-local to set the static IP for eth0 on the XS.  Here's my
example:

IPADDR=192.168.1.20
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.254

To see what I need to put in there, I'll do this on another Linux box
connected to my Regular LAN:

anna at anna-desktop:~$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0f:1f:80:0d:ea
          inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20f:1fff:fe80:dea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1328780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1018129 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1602636271 (1.6 GB)  TX bytes:98891469 (98.8 MB)

anna at anna-desktop:~$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
eth0
0.0.0.0         192.168.1.254   0.0.0.0         UG        0 0          0
eth0

If you're trying to have all the services available with just the single
ethernet port, good luck.  I'm no networking expert, but I don't see how
it's possible.

Anna Schoolfield
Birmingham
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20101030/0c4d9c03/attachment.htm

More information about the Server-devel mailing list