[Server-devel] Bridging XS to another network

David Leeming david at leeming-consulting.com
Sun Oct 31 17:55:05 EDT 2010 

Still no luck here. What it boils down to, is that when placing the XS (eth1
- LAN) behind a router with NAT, in order to allow the XS web service to be
visible on the external WAN side of the router, what are the required LAN IP
settings including netmask and firewall settings, including port forwarding
or DMZ Host or other. Anna, you seem to have been able to do that but I
can't replicate without more info on your router/firewall settings.

 

I have tried everything I can think of and the XS is not visible from the
external network.  Only need to be able to see Moodle, etc, (not interested
in registering XOs on the external network) 

 

David Leeming

Solomon Islands Rural Link 
P.O.Box 652 Honiara, Solomon Islands

+677 7476396 (m) +677 24419 (h)

www.leeming-consulting.com

 

From: server-devel-bounces at lists.laptop.org
[mailto:server-devel-bounces at lists.laptop.org] On Behalf Of David Leeming
Sent: Sunday, 31 October 2010 11:38 a.m.
To: 'Anna'
Cc: 'XS Devel'
Subject: Re: [Server-devel] Bridging XS to another network

 

Anna,

 

What you describe below is what I am trying to do (see the net diagram in my
other email). I only want apache/Moodle/wiki to be available to the external
network (your "regular LAN"). You'll see that I have a simple WRT54G router
bridging but no matter what I try, I can't see the apache service through
the router. Can you say what Wan and LAN settings you used for your router? 

I used

WAN - fixed 192.168.1.88 / 255.255.255.0

LAN - fixed 172.18.0.88 / 255.255.255.0

Port 80 forwarded from WAN to 172.18.0.1 (or DMZ host with 171.18.0.1)

In this set up: 

If I try to ping from the XS to 172.18.0.88 it is OK, if I try to
192.168.0.88 it says network unreachable.

But if I use a PC hooked up on the eth1 network, with fixed IP 172.18.0.89 /
255.255.255.0 (for example) I can ping the WAN address and beyond. This is
what leads me to think it needs one extra step with route, or it may be
something to do with the WRT LAN setting and XS having different netmasks.
You can see I am reaching at straws a little L  

 

 

 

 

By way of example, here's a setup I've done in the past:

Regular LAN:
XS (eth0) 192.168.1.20
My Desktop 192.168.1.6
"XO A" 192.168.1.7

XS LAN:
XS (eth1) 172.18.0.1
"XO B" 172.18.96.2

On the XS LAN, "XO B" can go to http://schoolserver or 172.18.0.1 and see
the default Moodle homepage.  It can also register to the XS and all that
good stuff, cause it's getting its IP address from the XS's DHCP server.

On theRegular LAN, my desktop and "XO A" can't see the Moodle homepage at
192.168.1.20 until I open port 80 in the firewall on the XS using lokkit (or
edit iptables or whatever).  Since "XO A" is not getting its IP address from
the XS, it won't be able to register.  If "XO A" wants to use the XS's
Jabber server, that port needs to be opened in the XS firewall.  "XO A" can
now manually set the Jabber server to 192.168.1.20 and collaborate.  If you
want to use Moodle, not being able to register to the XS is a huge issue.
Apache access works fine, though.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/server-devel/attachments/20101101/420f229e/attachment.htm

More information about the Server-devel mailing list