No subject

>type 10.10.160.18, I get my SME server's home page.
>
>Would I be right in thinking this setup is working reasonably ? Or is there 
>something I'm completely missing ?
>

Ok, your close now. So the problem is that you have  a config that allows 
your private segment to do what it wants (good!) but you can't allow 
anything on the second public 10.10.0.0  segment to get into your private 
segment, except through the port forwarding you have set up (bad).

If you think about the firewall the WRT is setting up, it will be open from 
the private side ( let's everything through) and only allows the ports you 
have forwarded through from the public side. Any URL you are entering is not 
going through because of two things:

1. routing - There is nothing telling your laptop or other machines on the 
10.10.0.0 net that the WRT is the gateway for the 192.x addresses.

2. firewall - even if you set up routes or set the default route to use the 
WRT as a gateway for 192.x the firewall on the default firmware will block 
any initiated request from that side of the device (i.e. the public side)

As a further experiment  try turning of the firewall on the WRT and setting 
it as the default route on your laptop.  You should then be able to get 
through toyour private segment ( and possibly beyond).

To get to a workable solution you are going to need to go beyond the default 
firmware. You will need to either run a different firewall on it or 
add/change the IPtable rules.

The default firmware doesn't use any firewall package but sets up the IP 
tables rules in c code by building a restore file out of the discrete chains 
it sets up and the restoring the file it just built.

If you put openWRT on your WRT you should be able to configure it the way 
you want.



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message