[MLB-WIRELESS] A Netgear, A Linksys, RIP and Routing.

Brenton D ivile01 at yahoo.com.au
Sun Apr 10 12:22:57 EST 2005 

Its what your routers uses to connect your lan to the
internet, Network address translation. Under linux it
can be setup with one command line.

Instead of using it to connect to the internet you use
it to connect to the mw network.


 --- Rob <roberts at dcsi.net.au> wrote: 
> I think what Brenton is saying is that you can use
> NAT to access the other node, they cant access your
> computers on the inside and he has used it before  
> 
> <g>
> 
> Rob.
>   ----- Original Message ----- 
>   From: Brenton D 
>   To: Zoi Jones ; David Ashburner 
>   Cc: mlbwireless 
>   Sent: Saturday, April 09, 2005 2:47 PM
>   Subject: RE: [MLB-WIRELESS] A Netgear, A Linksys,
> RIP and Routing.
> 
> 
>   You can use NAT so that your computer can access
> other node but they can access your computers on the
> inside. I used this before before i setup routing on
> my node.
> 
>   Zoi Jones <zoiqq at yahoo.com.au> wrote: 
>     Thanks for the reply Ash But,
> 
>     I dont want someone (anyone) on the WLAN side of
> my system, to be able to view see or sue any of my
> private LAN except the ports as I have forwarded
> them.
> 
>     In a sense, I want to firewall anyone from
> seeing or using my private LAN and my aDSL service.
> 
>     From what your saying, I think what I've done is
> about right for my needs.
> 
>     Anyone else have any thoughts ?
> 
>     Phil NodeHPL.
> 
>     David Ashburner <d_ashburner at hotmail.com> wrote:
> 
> 
>       >My Linksys WRT54GS (default Firmware) is
> 192.168.0.2 (LAN) and 10.10.160.18 
>       >(WAN) with port forwarding 25,80,110 and 443
> to 192.168.0.10 (my SME 
>       >server)
>       >
>       >I plugged the Linksys Routers WAN port to my
> cheap Switch which links all 
>       >the wireless side of my network, including a
> Senao AP currently set to 
>       >10.10.160.19 and my Laptop (for testing atm)
> set to 10.10.160.20
>       >
> 
>       >From the Laptop, If I type any URL (outside
> 10.x.x.x), I get nothing, If I 
>       >type 10.10.160.18, I get my SME server's home
> page.
>       >
>       >Would I be right in thinking this setup is
> working reasonably ? Or is there 
>       >something I'm completely missing ?
>       >
> 
>       Ok, your close now. So the problem is that you
> have a config that allows 
>       your private segment to do what it wants
> (good!) but you can't allow 
>       anything on t! ! he second public 10.10.0.0
> segment to get into your private 
>       segment, except through the port forwarding
> you have set up (bad).
> 
>       If you think about the firewall the WRT is
> setting up, it will be open from 
>       the private side ( let's everything through)
> and only allows the ports you 
>       have forwarded through from the public side.
> Any URL you are entering is not 
>       going through because of two things:
> 
>       1. routing - There is nothing telling your
> laptop or other machines on the 
>       10.10.0.0 net that the WRT is the gateway for
> the 192.x addresses.
> 
>       2. firewall - even if you set up routes or set
> the default route to use the 
>       WRT as a gateway for 192.x the firewall on the
> default firmware will block 
>       any initiated request from that side of the
> device (i.e. the public side)
> 
>       As a further experiment try turning of the
> firewall on the WRT and setting 
>       it as the default route on your laptop. You
> should then be able to get 
>       through toyour private! segmen! t ( and
> possibly beyond).
> 
>       To get to a workable solution you are going to
> need to go beyond the default 
>       firmware. You will need to either run a
> different firewall on it or 
>       add/change the IPtable rules.
> 
>       The default firmware doesn't use any firewall
> package but sets up the IP 
>       tables rules in c code by building a restore
> file out of the discrete chains 
>       it sets up and the restoring the file it just
> built.
> 
>       If you put openWRT on your WRT you should be
> able to configure it the way 
>       you want.
> 
> 
> 
>       To unsubscribe: send mail to
> majordomo at wireless.org.au
>       with "unsubscribe melbwireless" in the body of
> the message
> 
> 
> 
> 
> 
> 
>
----------------------------------------------------------------------------
>     Find local movie times and trailers on Yahoo!
> Movies.
> 
> 
> 
>   Brenton (iViLe)
>   Access node fut from the web, live stats.
> http://211.28.235.187:6111
>   ivile01 at yahoo.com.au ivile at bur.st
>   www.ivile.tk
>   www.waveguides.tk
>   MW NODE: FUT, FUU
> 
> 
> 
> 
>
------------------------------------------------------------------------------
>   Find local movie times and trailers on Yahoo!
> Movies.
> 
> 
> 
>
------------------------------------------------------------------------------
> 
> 
>   No virus found in this incoming message.
>   Checked by AVG Anti-Virus.
>   Version: 7.0.308 / Virus Database: 266.9.5 -
> Release Date: 7/04/2005
>  

Brenton (iViLe)
Access node fut from the web, live stats. http://211.28.235.187:6111
ivile01 at yahoo.com.au ivile at bur.st
www.ivile.tk
www.waveguides.tk
MW NODE: FUT, FUU

Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list