[Server-devel] A quick networking question

John Watlington wad at laptop.org
Tue Feb 28 16:43:29 EST 2012 

On Feb 28, 2012, at 1:05 PM, Holt wrote:

> Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect over Wifi.
> 
> Traffic across all other ports (incl 443 = https) is thankfully blocked, though I've no idea why/how unfortunately ;)

Sounds like your problem is squid.   Your firewall is probably blocking FORWARDS from non-XOs,
but routing all http traffic into squid.   You instead need to only route XO http traffic into squid.

What version school server software ?

Cheers,
wad

> On 2/28/2012 12:49 PM, Holt wrote:
>> On 2/28/2012 12:29 PM, George Hunt wrote:
>>> In Haiti, Adam and I have been trying to get a school server online.  We're finding that volunteers are going through the school server to the internet with their laptops, and he wants to turn that off, at least for now.
>>> 
>>> I've turned off /proc/net...ip_forward and verified that there is no masquerade enabled in the iptables.
>>> 
>>> But that's not enough!!  I wasn't sure that the vpn wasn't setting up a gateway, so I had him turn off the vpn.  But still the school server was routing to the 3G usb modem dongle even with the vpn pipe closed down.
>>> 
>>> How does the school server act like a router?  It may be related to the ppp connection and wdial configuration.  But I'm stumped.
>>> 
>>> But I'm trying to bring myself up to speed quickly because he really wants to get it turned off.
>>> 
>>> Any ideas on what to try next?  I'm afraid the solution is going to be to pull out the 3g dongle.
>> 
>> Interestingly the XS(*) creates an open path for any random non-XO laptop to access the web, but seems to block non-web traffic like ssh and IMAP.
>> 
>> In any case, even if it's just forwarding port 80 and 443 (?) we just cannot afford to become a free ISP here in semi-rural Haiti, given so many visitors to our school especially.
>> 
>>    (*) XS as set up by Tony Anderson early autumn 2011, and currently maintained by George Hunt & I.
>> 
>> --
>> Help kids everywhere map their world, at http://olpcMAP.net !
> _______________________________________________
> Server-devel mailing list
> Server-devel at lists.laptop.org
> http://lists.laptop.org/listinfo/server-devel

More information about the Server-devel mailing list