<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<title>Re: [Server-devel] Bridging XS to another network</title>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-NZ link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Hi Phil,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Many thanks for helping. I attach a diagram. I have tried port
forwarding 192.168.1.88 to port 80 on 172.18.0.1 in port forwarding, UPnP forwarding
and DMZ Host (yes all ports should be exposed). <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>It’s quite complicated. If you connect a PC to the XS with
auto settings, it gets an IP in network 172.18.96.0/255.255.224.0 but the DNS
is on 172.18.0.1. Just did it now, and my laptops was given these settings by
the XS:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>IP – 172.18.96.28<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Mask – 255.255.224.0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Gateway – 172.18.96.1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>DHCP – 172.18.96.1<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>DNS – 172.18.0.1 (sic)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I enter 172.18.96.1 into the browser it gives the “could
not establish connection” page.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I enter 172.18.0.1 I can see the XS Moodle, wiki everything.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>So the DNS is on a DIFFERENT network to the DHCP and gateway etc.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>If I change my PC settings manually to match the router
(172.18.0.88/255.255.255.0)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>IP – 172.18.0.89<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Mask – 255.255.255.0<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Gateway – 172.18.0.88<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I can now ping through the router to the external network, and
if I enter 172.18.0.1 in the browser I can access the server (it comes up with
the Moodle page – thanks to the DNS). <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>BUT the server will only ping the 172.18.0.88 LAN side of the
router. If I try the WAN it responds network unreachable.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>I attach the httpd.conf and route tables from the XS... (note
that I added two routes at the top of the table - didn’t work) <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<p class=MsoNormal><b><span style='font-size:9.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>David Leeming<o:p></o:p></span></b></p>
<p class=MsoNormal><span style='font-size:8.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Solomon Islands Rural Link <br>
<br>
<o:p></o:p></span></p>
</div>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> Phill Hardstaff [mailto:phillh@spc.int] <br>
<b>Sent:</b> Sunday, 31 October 2010 10:20 a.m.<br>
<b>To:</b> David Leeming<br>
<b>Cc:</b> Mark Flynn<br>
<b>Subject:</b> Re: [Server-devel] Bridging XS to another network<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'>David, any chance to do a simple diagram ?
I don’t think netmasks are the problem here, and I am not familiar with
the WRT running in DMZ host mode, does that mean it forwards all ports from the
WAN port to the DMZ host ? I sketched out what you have here and basically it
looks OK but it will only work if port 80 is being forwarded from 192.168.1.88
to port 80 on 172.18.0.1 but you need to confirm 1 thing, is Apache listening
on 172.18.0.1 ? Easy way to tell would be from the XO network can you get a web
page by going to <a href="http://172.18.0.1">http://172.18.0.1</a> ? Or even
from the XS itself. Or look at the Apache config file, usually under /etc/httpd
on older Redhats and see what IP it is listening on.<br>
<br>
Generally speaking a default Apache 2 would be listening on all IP’s but
have port 80 configured.<br>
<br>
#<br>
# Listen: Allows you to bind Apache to specific IP addresses and/or<br>
# ports, instead of the default. See also the <VirtualHost>
<br>
# directive.<br>
#<br>
# Change this to Listen on specific IP addresses as shown below to<br>
# prevent Apache from glomming onto all bound IP addresses.<br>
#<br>
#Listen 12.34.56.78:80<br>
Listen 80<br>
<br>
“Trying to connect on the network 2 side using a browser if I enter
192.168.1.88 or 172.18.0.1 it just times out.”<br>
<br>
172.18.0.1 will never work as there is no route, but 192.168.1.88 should if
there is a port forward for port 80 to 172.18.0.1 and Apache is indeed running
on 172.18.0.1. <br>
<br>
Cheers<br>
<br>
Phill<br>
<br>
<br>
On 30/10/10 6:23 PM, "David Leeming" <<a
href="david@leeming-consulting.com">david@leeming-consulting.com</a>> wrote:</span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif";color:#1F497D'>Corrected line in ***<br>
<br>
</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'><br>
Hello all again,<br>
<br>
A networking challenge this time.<br>
<br>
I have an XS at a school where there also exists a wide area private network
connecting schools using Wi-Fi. We want those connected schools to be able to
access the XS, for various reasons.<br>
<br>
That network (let’s call it network 2) is 192.168.1.0/24 and it is
connected with the Internet via a router running NAT and DHCP.<br>
<br>
The XS local network seems to be quite complicated, I don’t fully
understand it, but what I need to know is the correct slash designation for the
httpd and dns servers at 172.18.0.1 so that I can bridge it to network 2.<br>
<br>
I am trying to use a Linksys WRT54G2 in DMZ Host mode with the IP address
172.18.0.1 bridged to the external Wan IP address of the WRT (set to
192.168.1.88)<br>
<br>
The WRT LAN IP setting only allows netmask values of up to 255.255.255.0 and I
am worried if there is a mismatch then it could be why I can’t get it to
work. <br>
<br>
I also suspect I may have to add something to the apache or routing config on
the XS, so as to “listen” on the WRT external IP address <br>
<br>
At the moment I set the Linksys to <br>
WAN – fixed IP 192.168.1.88 / 255.255.255.0<br>
LAN IP address – 172.18.0.88 / 255.255.255.0 (could the net mask be
the issue?)<br>
<span style='color:#1F497D'>*** </span>Application: DMZ Host, value 172.18.0.1 <span
style='color:#1F497D'>***<br>
</span>Required changes to xs apache settings ??????
<br>
<br>
Trying to connect on the network 2 side using a browser if I enter 192.168.1.88
or 172.18.0.1 it just times out.<br>
<br>
If anyone reading this recognises what I am trying to do, I’d very much
appreciate your advice.<br>
<br>
<br>
</span><b><span style='font-size:9.0pt;font-family:"Calibri","sans-serif"'>David
Leeming<br>
</span></b><span style='font-size:8.0pt;font-family:"Calibri","sans-serif"'>Solomon
Islands Rural Link <br>
<br>
</span><o:p></o:p></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:11.0pt;
font-family:"Calibri","sans-serif"'><br>
-- <br>
Phill Hardstaff<br>
Manager ICT Section <br>
Secretariat of the Pacific Community<br>
B.P. D5 - Noumea Cedex - 98848<br>
New Caledonia<br>
<br>
Phone +687-260141<br>
Mobile +687 838091<br>
<a href="http://www.spc.int/it">http://www.spc.int/it</a><br>
<br>
<br>
</span><o:p></o:p></p>
</div>
</body>
</html>