<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I think what Brenton is saying is that you can use
NAT to access the other node, they cant access your computers on the
inside and he has used it before </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2><g></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Rob.</FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=ivile01@yahoo.com.au href="mailto:ivile01@yahoo.com.au">Brenton D</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=zoiqq@yahoo.com.au
href="mailto:zoiqq@yahoo.com.au">Zoi Jones</A> ; <A
title=d_ashburner@hotmail.com href="mailto:d_ashburner@hotmail.com">David
Ashburner</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=melbwireless@wireless.org.au
href="mailto:melbwireless@wireless.org.au">mlbwireless</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, April 09, 2005 2:47
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [MLB-WIRELESS] A Netgear, A
Linksys, RIP and Routing.</DIV>
<DIV><BR></DIV>
<DIV>You can use NAT so that your computer can access other node but they can
access your computers on the inside. I used this before before i setup
routing on my node.<BR><BR><B><I>Zoi Jones <<A
href="mailto:zoiqq@yahoo.com.au">zoiqq@yahoo.com.au</A>></I></B> wrote:
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">
<DIV>Thanks for the reply Ash But,</DIV>
<DIV> </DIV>
<DIV>I dont want someone (anyone) on the WLAN side of my system, to be able
to view see or sue any of my private LAN except the ports as I have
forwarded them.</DIV>
<DIV> </DIV>
<DIV>In a sense, I want to firewall anyone from seeing or using my private
LAN and my aDSL service.</DIV>
<DIV> </DIV>
<DIV>From what your saying, I think what I've done is about right for my
needs.</DIV>
<DIV> </DIV>
<DIV>Anyone else have any thoughts ?</DIV>
<DIV> </DIV>
<DIV>Phil NodeHPL.</DIV>
<DIV><BR><B><I>David Ashburner <d_ashburner@hotmail.com></I></B>
wrote:</DIV>
<BLOCKQUOTE class=replbq
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR><BR>>My
Linksys WRT54GS (default Firmware) is 192.168.0.2 (LAN) and 10.10.160.18
<BR>>(WAN) with port forwarding 25,80,110 and 443 to 192.168.0.10 (my
SME <BR>>server)<BR>><BR>>I plugged the Linksys Routers WAN port
to my cheap Switch which links all <BR>>the wireless side of my
network, including a Senao AP currently set to <BR>>10.10.160.19 and my
Laptop (for testing atm) set to 10.10.160.20<BR>><BR><BR>>From the
Laptop, If I type any URL (outside 10.x.x.x), I get nothing, If I
<BR>>type 10.10.160.18, I get my SME server's home
page.<BR>><BR>>Would I be right in thinking this setup is working
reasonably ? Or is there <BR>>something I'm completely missing
?<BR>><BR><BR>Ok, your close now. So the problem is that you have a
config that allows <BR>your private segment to do what it wants (good!)
but you can't allow <BR>anything on t! ! he second public 10.10.0.0
segment to get into your private <BR>segment, except through the port
forwarding you have set up (bad).<BR><BR>If you think about the firewall
the WRT is setting up, it will be open from <BR>the private side ( let's
everything through) and only allows the ports you <BR>have forwarded
through from the public side. Any URL you are entering is not <BR>going
through because of two things:<BR><BR>1. routing - There is nothing
telling your laptop or other machines on the <BR>10.10.0.0 net that the
WRT is the gateway for the 192.x addresses.<BR><BR>2. firewall - even if
you set up routes or set the default route to use the <BR>WRT as a gateway
for 192.x the firewall on the default firmware will block <BR>any
initiated request from that side of the device (i.e. the public
side)<BR><BR>As a further experiment try turning of the firewall on the
WRT and setting <BR>it as the default route on your laptop. You should
then be able to get <BR>through toyour private! segmen! t ( and possibly
beyond).<BR><BR>To get to a workable solution you are going to need to go
beyond the default <BR>firmware. You will need to either run a different
firewall on it or <BR>add/change the IPtable rules.<BR><BR>The default
firmware doesn't use any firewall package but sets up the IP <BR>tables
rules in c code by building a restore file out of the discrete chains
<BR>it sets up and the restoring the file it just built.<BR><BR>If you put
openWRT on your WRT you should be able to configure it the way <BR>you
want.<BR><BR><BR><BR>To unsubscribe: send mail to
majordomo@wireless.org.au<BR>with "unsubscribe melbwireless" in the body
of the message<BR><BR></BLOCKQUOTE>
<P><BR>
<HR SIZE=1>
Find local movie times and trailers on <A
href="http://au.rd.yahoo.com/mail/tagline/*http://au.movies.yahoo.com"
target=_blank><B>Yahoo! Movies.</B></A><BR></BLOCKQUOTE></DIV><BR><BR>Brenton
(iViLe)<BR>Access node fut from the web, live stats.
http://211.28.235.187:6111<BR>ivile01@yahoo.com.au
ivile@bur.st<BR>www.ivile.tk<BR>www.waveguides.tk<BR>MW NODE: FUT, FUU
<P><BR>
<HR SIZE=1>
Find local movie times and trailers on <A
href="http://au.rd.yahoo.com/mail/tagline/*http://au.movies.yahoo.com"
target=_blank><B>Yahoo! Movies.</B></A><BR>
<P>
<HR>
<P></P>No virus found in this incoming message.<BR>Checked by AVG
Anti-Virus.<BR>Version: 7.0.308 / Virus Database: 266.9.5 - Release Date:
7/04/2005<BR></BLOCKQUOTE></BODY></HTML>