No subject


Tue Jan 17 15:36:28 EST 2012


>type 10.10.160.18, I get my SME server's home page.
>
>Would I be right in thinking this setup is working reasonably ? Or is there 
>something I'm completely missing ?
>

Ok, your close now. So the problem is that you have a config that allows 
your private segment to do what it wants (good!) but you can't allow 
anything on the second public 10.10.0.0 segment to get into your private 
segment, except through the port forwarding you have set up (bad).

If you think about the firewall the WRT is setting up, it will be open from 
the private side ( let's everything through) and only allows the ports you 
have forwarded through from the public side. Any URL you are entering is not 
going through because of two things:

1. routing - There is nothing telling your laptop or other machines on the 
10.10.0.0 net that the WRT is the gateway for the 192.x addresses.

2. firewall - even if you set up routes or set the default route to use the 
WRT as a gateway for 192.x the firewall on the default firmware will block 
any initiated request from that side of the device (i.e. the public side)

As a further experiment try turning of the firewall on the WRT and setting 
it as the default route on your laptop. You should then be able to get 
through toyour private segment ( and possibly beyond).

To get to a workable solution you are going to need to go beyond the default 
firmware. You will need to either run a different firewall on it or 
add/change the IPtable rules.

The default firmware doesn't use any firewall package but sets up the IP 
tables rules in c code by building a restore file out of the discrete chains 
it sets up and the restoring the file it just built.

If you put openWRT on your WRT you should be able to configure it the way 
you want.



To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message




---------------------------------
Find local movie times and trailers on Yahoo! Movies.

--0-636592380-1112934623=:64073
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<DIV>Thanks for the reply Ash But,</DIV>
<DIV>&nbsp;</DIV>
<DIV>I dont want someone (anyone) on the WLAN side of my system, to be able to view see or sue any of my private LAN except the ports as I have forwarded them.</DIV>
<DIV>&nbsp;</DIV>
<DIV>In a sense, I want to firewall anyone from seeing or using my private LAN and my aDSL service.</DIV>
<DIV>&nbsp;</DIV>
<DIV>From what your saying, I think what I've done is about right for my needs.</DIV>
<DIV>&nbsp;</DIV>
<DIV>Anyone else have any thoughts ?</DIV>
<DIV>&nbsp;</DIV>
<DIV>Phil NodeHPL.</DIV>
<DIV><BR><B><I>David Ashburner &lt;d_ashburner at hotmail.com&gt;</I></B> wrote:</DIV>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR><BR>&gt;My Linksys WRT54GS (default Firmware) is 192.168.0.2 (LAN) and 10.10.160.18 <BR>&gt;(WAN) with port forwarding 25,80,110 and 443 to 192.168.0.10 (my SME <BR>&gt;server)<BR>&gt;<BR>&gt;I plugged the Linksys Routers WAN port to my cheap Switch which links all <BR>&gt;the wireless side of my network, including a Senao AP currently set to <BR>&gt;10.10.160.19 and my Laptop (for testing atm) set to 10.10.160.20<BR>&gt;<BR><BR>&gt;From the Laptop, If I type any URL (outside 10.x.x.x), I get nothing, If I <BR>&gt;type 10.10.160.18, I get my SME server's home page.<BR>&gt;<BR>&gt;Would I be right in thinking this setup is working reasonably ? Or is there <BR>&gt;something I'm completely missing ?<BR>&gt;<BR><BR>Ok, your close now. So the problem is that you have a config that allows <BR>your private segment to do what it wants (good!) but you can't allow <BR>anything on t!
he second
 public 10.10.0.0 segment to get into your private <BR>segment, except through the port forwarding you have set up (bad).<BR><BR>If you think about the firewall the WRT is setting up, it will be open from <BR>the private side ( let's everything through) and only allows the ports you <BR>have forwarded through from the public side. Any URL you are entering is not <BR>going through because of two things:<BR><BR>1. routing - There is nothing telling your laptop or other machines on the <BR>10.10.0.0 net that the WRT is the gateway for the 192.x addresses.<BR><BR>2. firewall - even if you set up routes or set the default route to use the <BR>WRT as a gateway for 192.x the firewall on the default firmware will block <BR>any initiated request from that side of the device (i.e. the public side)<BR><BR>As a further experiment try turning of the firewall on the WRT and setting <BR>it as the default route on your laptop. You should then be able to get <BR>through toyour private segmen!
t ( and
 possibly beyond).<BR><BR>To get to a workable solution you are going to need to go beyond the default <BR>firmware. You will need to either run a different firewall on it or <BR>add/change the IPtable rules.<BR><BR>The default firmware doesn't use any firewall package but sets up the IP <BR>tables rules in c code by building a restore file out of the discrete chains <BR>it sets up and the restoring the file it just built.<BR><BR>If you put openWRT on your WRT you should be able to configure it the way <BR>you want.<BR><BR><BR><BR>To unsubscribe: send mail to majordomo at wireless.org.au<BR>with "unsubscribe melbwireless" in the body of the message<BR><BR></BLOCKQUOTE><p><br><hr size=1>
Find local movie times and trailers on <a href="http://au.rd.yahoo.com/mail/tagline/*http://au.movies.yahoo.com" target=_blank><b>Yahoo! Movies.</b></a><br>
--0-636592380-1112934623=:64073--

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list