[MLB-WIRELESS] A Netgear, A Linksys, RIP and Routing.

Rob roberts at dcsi.net.au
Sat Apr 9 20:44:55 EST 2005 

I think what Brenton is saying is that you can use NAT to access the other node, they cant access your computers on the inside and he has used it before  

<g>

Rob.
  ----- Original Message ----- 
  From: Brenton D 
  To: Zoi Jones ; David Ashburner 
  Cc: mlbwireless 
  Sent: Saturday, April 09, 2005 2:47 PM
  Subject: RE: [MLB-WIRELESS] A Netgear, A Linksys, RIP and Routing.


  You can use NAT so that your computer can access other node but they can access your computers on the inside. I used this before before i setup routing on my node.

  Zoi Jones <zoiqq at yahoo.com.au> wrote: 
    Thanks for the reply Ash But,

    I dont want someone (anyone) on the WLAN side of my system, to be able to view see or sue any of my private LAN except the ports as I have forwarded them.

    In a sense, I want to firewall anyone from seeing or using my private LAN and my aDSL service.

    From what your saying, I think what I've done is about right for my needs.

    Anyone else have any thoughts ?

    Phil NodeHPL.

    David Ashburner <d_ashburner at hotmail.com> wrote:


      >My Linksys WRT54GS (default Firmware) is 192.168.0.2 (LAN) and 10.10.160.18 
      >(WAN) with port forwarding 25,80,110 and 443 to 192.168.0.10 (my SME 
      >server)
      >
      >I plugged the Linksys Routers WAN port to my cheap Switch which links all 
      >the wireless side of my network, including a Senao AP currently set to 
      >10.10.160.19 and my Laptop (for testing atm) set to 10.10.160.20
      >

      >From the Laptop, If I type any URL (outside 10.x.x.x), I get nothing, If I 
      >type 10.10.160.18, I get my SME server's home page.
      >
      >Would I be right in thinking this setup is working reasonably ? Or is there 
      >something I'm completely missing ?
      >

      Ok, your close now. So the problem is that you have a config that allows 
      your private segment to do what it wants (good!) but you can't allow 
      anything on t! ! he second public 10.10.0.0 segment to get into your private 
      segment, except through the port forwarding you have set up (bad).

      If you think about the firewall the WRT is setting up, it will be open from 
      the private side ( let's everything through) and only allows the ports you 
      have forwarded through from the public side. Any URL you are entering is not 
      going through because of two things:

      1. routing - There is nothing telling your laptop or other machines on the 
      10.10.0.0 net that the WRT is the gateway for the 192.x addresses.

      2. firewall - even if you set up routes or set the default route to use the 
      WRT as a gateway for 192.x the firewall on the default firmware will block 
      any initiated request from that side of the device (i.e. the public side)

      As a further experiment try turning of the firewall on the WRT and setting 
      it as the default route on your laptop. You should then be able to get 
      through toyour private! segmen! t ( and possibly beyond).

      To get to a workable solution you are going to need to go beyond the default 
      firmware. You will need to either run a different firewall on it or 
      add/change the IPtable rules.

      The default firmware doesn't use any firewall package but sets up the IP 
      tables rules in c code by building a restore file out of the discrete chains 
      it sets up and the restoring the file it just built.

      If you put openWRT on your WRT you should be able to configure it the way 
      you want.



      To unsubscribe: send mail to majordomo at wireless.org.au
      with "unsubscribe melbwireless" in the body of the message






----------------------------------------------------------------------------
    Find local movie times and trailers on Yahoo! Movies.



  Brenton (iViLe)
  Access node fut from the web, live stats. http://211.28.235.187:6111
  ivile01 at yahoo.com.au ivile at bur.st
  www.ivile.tk
  www.waveguides.tk
  MW NODE: FUT, FUU




------------------------------------------------------------------------------
  Find local movie times and trailers on Yahoo! Movies.



------------------------------------------------------------------------------


  No virus found in this incoming message.
  Checked by AVG Anti-Virus.
  Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 7/04/2005
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20050409/a6192ac6/attachment.html>

More information about the Melbwireless mailing list