[Server-devel] Server-devel Digest, Vol 58, Issue 28

Tony Anderson tony at olenepal.org
Fri Mar 23 06:03:30 EDT 2012 

Hi,

I am sorry that in Rwanda I do not have internet access; otherwise I 
might have seen this earlier. Actually, I disabled iptables on that 
system because I couldn't access through it and did not have time then 
to figure out the issue.

Squid is indeed installed and with the proper iptables, it should be 
possible to do what you need.

In Nepal, practice is to leave the LAN network open when the SS is not 
connected to the internet (almost universal) and to use a wpa2 password 
when it is. XO handles wpa2 reasonably well although someone must be 
available to explain the occasional request for password.

Tony

On 02/29/2012 05:05 PM, server-devel-request at lists.laptop.org wrote:
> Send Server-devel mailing list submissions to
> 	server-devel at lists.laptop.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.laptop.org/listinfo/server-devel
> or, via email, send a message with subject or body 'help' to
> 	server-devel-request at lists.laptop.org
>
> You can reach the person managing the list at
> 	server-devel-owner at lists.laptop.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Server-devel digest..."
>
>
> Today's Topics:
>
>     1. A quick networking question (George Hunt)
>     2. Re: A quick networking question (Holt)
>     3. Re: A quick networking question (Holt)
>     4. Re: A quick networking question (Anna)
>     5. Re: A quick networking question (John Watlington)
>     6. Re: A quick networking question (Holt)
>     7. Re: A quick networking question (rolf)
>     8. Re: A quick networking question (Samuel Greenfeld)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 28 Feb 2012 12:29:37 -0500
> From: George Hunt<georgejhunt at gmail.com>
> To: XS Devel<server-devel at lists.laptop.org>
> Subject: [Server-devel] A quick networking question
> Message-ID:
> 	<CADfCcpVJ_=tVxpSaDnyO6pHdFCM6Gfd5cgcBfgdFC3XYiKHCfQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> In Haiti, Adam and I have been trying to get a school server online.  We're
> finding that volunteers are going through the school server to the internet
> with their laptops, and he wants to turn that off, at least for now.
>
> I've turned off /proc/net...ip_forward and verified that there is no
> masquerade enabled in the iptables.
>
> But that's not enough!!  I wasn't sure that the vpn wasn't setting up a
> gateway, so I had him turn off the vpn.  But still the school server was
> routing to the 3G usb modem dongle even with the vpn pipe closed down.
>
> How does the school server act like a router?  It may be related to the ppp
> connection and wdial configuration.  But I'm stumped.
>
> But I'm trying to bring myself up to speed quickly because he really wants
> to get it turned off.
>
> Any ideas on what to try next?  I'm afraid the solution is going to be to
> pull out the 3g dongle.
>
> George
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<http://lists.laptop.org/pipermail/server-devel/attachments/20120228/a6a38158/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 28 Feb 2012 12:49:34 -0500
> From: Holt<holt at laptop.org>
> To: server-devel at laptop.org
> Subject: Re: [Server-devel] A quick networking question
> Message-ID:<4F4D13AE.10203 at laptop.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 2/28/2012 12:29 PM, George Hunt wrote:
>> In Haiti, Adam and I have been trying to get a school server online.
>> We're finding that volunteers are going through the school server to
>> the internet with their laptops, and he wants to turn that off, at
>> least for now.
>>
>> I've turned off /proc/net...ip_forward and verified that there is no
>> masquerade enabled in the iptables.
>>
>> But that's not enough!!  I wasn't sure that the vpn wasn't setting up
>> a gateway, so I had him turn off the vpn.  But still the school server
>> was routing to the 3G usb modem dongle even with the vpn pipe closed
>> down.
>>
>> How does the school server act like a router?  It may be related to
>> the ppp connection and wdial configuration.  But I'm stumped.
>>
>> But I'm trying to bring myself up to speed quickly because he really
>> wants to get it turned off.
>>
>> Any ideas on what to try next?  I'm afraid the solution is going to be
>> to pull out the 3g dongle.
>
> Interestingly the XS(*) creates an open path for any random non-XO
> laptop to access the web, but seems to block non-web traffic like ssh
> and IMAP.
>
> In any case, even if it's just forwarding port 80 and 443 (?) we just
> cannot afford to become a free ISP here in semi-rural Haiti, given so
> many visitors to our school especially.
>
>       (*) XS as set up by Tony Anderson early autumn 2011, and currently
> maintained by George Hunt&  I.
>
> --
> Help kids everywhere map their world, at http://olpcMAP.net !
>
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 28 Feb 2012 13:05:13 -0500
> From: Holt<holt at laptop.org>
> To: server-devel at lists.laptop.org
> Subject: Re: [Server-devel] A quick networking question
> Message-ID:<4F4D1759.7000000 at laptop.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that
> connect over Wifi.
>
> Traffic across all other ports (incl 443 = https) is thankfully blocked,
> though I've no idea why/how unfortunately ;)
>
>
> On 2/28/2012 12:49 PM, Holt wrote:
>> On 2/28/2012 12:29 PM, George Hunt wrote:
>>> In Haiti, Adam and I have been trying to get a school server online.
>>> We're finding that volunteers are going through the school server to
>>> the internet with their laptops, and he wants to turn that off, at
>>> least for now.
>>>
>>> I've turned off /proc/net...ip_forward and verified that there is no
>>> masquerade enabled in the iptables.
>>>
>>> But that's not enough!!  I wasn't sure that the vpn wasn't setting up
>>> a gateway, so I had him turn off the vpn.  But still the school
>>> server was routing to the 3G usb modem dongle even with the vpn pipe
>>> closed down.
>>>
>>> How does the school server act like a router?  It may be related to
>>> the ppp connection and wdial configuration.  But I'm stumped.
>>>
>>> But I'm trying to bring myself up to speed quickly because he really
>>> wants to get it turned off.
>>>
>>> Any ideas on what to try next?  I'm afraid the solution is going to
>>> be to pull out the 3g dongle.
>>
>> Interestingly the XS(*) creates an open path for any random non-XO
>> laptop to access the web, but seems to block non-web traffic like ssh
>> and IMAP.
>>
>> In any case, even if it's just forwarding port 80 and 443 (?) we just
>> cannot afford to become a free ISP here in semi-rural Haiti, given so
>> many visitors to our school especially.
>>
>>      (*) XS as set up by Tony Anderson early autumn 2011, and currently
>> maintained by George Hunt&  I.
>>
>> --
>> Help kids everywhere map their world, at http://olpcMAP.net !
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 28 Feb 2012 15:38:48 -0600
> From: Anna<aschoolf at gmail.com>
> To: Holt<holt at laptop.org>
> Cc: server-devel at lists.laptop.org
> Subject: Re: [Server-devel] A quick networking question
> Message-ID:
> 	<CAFM0qr0dVKB7ZfFpU_G2peEnBwvuk4FmZRnUBr6ynoV51ZhrGA at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> As long as the volunteers connecting with their laptops aren't familiar
> with MAC spoofing, you can tell the XS's dhcp server to only hand out IP
> addresses to XOs.  Instead of fooling with the bit about redirecting all
> http traffic for unknown clients to kittenwar.net, leave that bit out or
> redirect them to 172.18.0.1 so they can access the local XS but not get
> outside.
>
> Here's the writeup:
>
> http://lists.laptop.org/pipermail/server-devel/2011-January/005341.html
>
> Anyway, it's a thought.
>
> Anna Schoolfield
> Birmingham
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<http://lists.laptop.org/pipermail/server-devel/attachments/20120228/1a89d2a8/attachment-0001.html>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 28 Feb 2012 16:43:29 -0500
> From: John Watlington<wad at laptop.org>
> To: Holt<holt at laptop.org>
> Cc: server-devel at lists.laptop.org
> Subject: Re: [Server-devel] A quick networking question
> Message-ID:<328291A6-D69C-4121-A1AB-6DB1DF0C8E24 at laptop.org>
> Content-Type: text/plain; charset=us-ascii
>
>
> On Feb 28, 2012, at 1:05 PM, Holt wrote:
>
>> Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect over Wifi.
>>
>> Traffic across all other ports (incl 443 = https) is thankfully blocked, though I've no idea why/how unfortunately ;)
>
> Sounds like your problem is squid.   Your firewall is probably blocking FORWARDS from non-XOs,
> but routing all http traffic into squid.   You instead need to only route XO http traffic into squid.
>
> What version school server software ?
>
> Cheers,
> wad
>
>> On 2/28/2012 12:49 PM, Holt wrote:
>>> On 2/28/2012 12:29 PM, George Hunt wrote:
>>>> In Haiti, Adam and I have been trying to get a school server online.  We're finding that volunteers are going through the school server to the internet with their laptops, and he wants to turn that off, at least for now.
>>>>
>>>> I've turned off /proc/net...ip_forward and verified that there is no masquerade enabled in the iptables.
>>>>
>>>> But that's not enough!!  I wasn't sure that the vpn wasn't setting up a gateway, so I had him turn off the vpn.  But still the school server was routing to the 3G usb modem dongle even with the vpn pipe closed down.
>>>>
>>>> How does the school server act like a router?  It may be related to the ppp connection and wdial configuration.  But I'm stumped.
>>>>
>>>> But I'm trying to bring myself up to speed quickly because he really wants to get it turned off.
>>>>
>>>> Any ideas on what to try next?  I'm afraid the solution is going to be to pull out the 3g dongle.
>>>
>>> Interestingly the XS(*) creates an open path for any random non-XO laptop to access the web, but seems to block non-web traffic like ssh and IMAP.
>>>
>>> In any case, even if it's just forwarding port 80 and 443 (?) we just cannot afford to become a free ISP here in semi-rural Haiti, given so many visitors to our school especially.
>>>
>>>     (*) XS as set up by Tony Anderson early autumn 2011, and currently maintained by George Hunt&  I.
>>>
>>> --
>>> Help kids everywhere map their world, at http://olpcMAP.net !
>> _______________________________________________
>> Server-devel mailing list
>> Server-devel at lists.laptop.org
>> http://lists.laptop.org/listinfo/server-devel
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 29 Feb 2012 07:36:27 -0500
> From: Holt<holt at laptop.org>
> To: server-devel at laptop.org
> Subject: Re: [Server-devel] A quick networking question
> Message-ID:<4F4E1BCB.3070700 at laptop.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Thanks Wad you fixed the problem:
> We did not know squid was running on the XS Tony Anderson installed (0.6
> derivative I believe) early autumn 2011.
>
> Why our XS continue to resolve&  offer free/accurate DNS to any random
> laptop that connects over Wifi is disconcerting, if anyone can explain?
>
> But at least the critical problem of giving away free web access (to
> rich visitors, rather than Haitian XO users) is solved for now!
>
>
> On 2/28/2012 4:43 PM, John Watlington wrote:
>> On Feb 28, 2012, at 1:05 PM, Holt wrote:
>>
>>> Clarif: port 80 is (unfort) forwarded thru the XS, for all laptops that connect over Wifi.
>>>
>>> Traffic across all other ports (incl 443 = https) is thankfully blocked, though I've no idea why/how unfortunately ;)
>> Sounds like your problem is squid.   Your firewall is probably blocking FORWARDS from non-XOs,
>> but routing all http traffic into squid.   You instead need to only route XO http traffic into squid.
>>
>> What version school server software ?
>>
>> Cheers,
>> wad
>>
>>> On 2/28/2012 12:49 PM, Holt wrote:
>>>> On 2/28/2012 12:29 PM, George Hunt wrote:
>>>>> In Haiti, Adam and I have been trying to get a school server online.  We're finding that volunteers are going through the school server to the internet with their laptops, and he wants to turn that off, at least for now.
>>>>>
>>>>> I've turned off /proc/net...ip_forward and verified that there is no masquerade enabled in the iptables.
>>>>>
>>>>> But that's not enough!!  I wasn't sure that the vpn wasn't setting up a gateway, so I had him turn off the vpn.  But still the school server was routing to the 3G usb modem dongle even with the vpn pipe closed down.
>>>>>
>>>>> How does the school server act like a router?  It may be related to the ppp connection and wdial configuration.  But I'm stumped.
>>>>>
>>>>> But I'm trying to bring myself up to speed quickly because he really wants to get it turned off.
>>>>>
>>>>> Any ideas on what to try next?  I'm afraid the solution is going to be to pull out the 3g dongle.
>>>> Interestingly the XS(*) creates an open path for any random non-XO laptop to access the web, but seems to block non-web traffic like ssh and IMAP.
>>>>
>>>> In any case, even if it's just forwarding port 80 and 443 (?) we just cannot afford to become a free ISP here in semi-rural Haiti, given so many visitors to our school especially.
>>>>
>>>>      (*) XS as set up by Tony Anderson early autumn 2011, and currently maintained by George Hunt&   I.
>>>>
>>>> --
>>>> Help kids everywhere map their world, at http://olpcMAP.net !
>>> _______________________________________________
>>> Server-devel mailing list
>>> Server-devel at lists.laptop.org
>>> http://lists.laptop.org/listinfo/server-devel
>

More information about the Server-devel mailing list