"Port forwarding is taking an inbound connection to a port from the WiFi or WAN interface and forwarding it to an IP address on the LAN. The port number need not be the same. If you have hosts on the LAN that provide services you want to make available to the mesh all it takes is a Port Forwarding rule to make that happen.
If you want to forward a range of ports, the Outside Port will accept a range in the form "2000-3000". Use a hyphen to separate the low and high values. When doing this, set the Inside Port to the low value of the port range. When forwarding a port range the outside and inside ports must be the same, moving them will not work.
...
Example:
On the LAN of a mesh node called ad5oo-mobile is an IP camera that is running its own web server. The address of that camera is 172.27.0.240. I want to make that camera available to everyone on the mesh so I set up a port forwarding rule on the WiFi interface whose outside port is 8100, IP address is 172.27.0.240, and inside port is 80. This takes all connections to port 8100 on ad5oo-mobile and redirects them to port 80 on 172.27.0.240. In a web browser on a computer connected to a different node you would go to http://ad5oo-mobile:8100 and would be connected to the IP camera.
...
Advertised Services
When you want to let others know about services you are providing, the Advertised Services will appear on the Mesh Status page of all other nodes on the mesh. All advertised services need a name, and no services can be advertised until at least one port forwarding rule or a DMZ server has been defined.
If the service is one that is accessible through a web browser, such as a web or ftp server, you can make the name appear as a clickable link by checking the Link box. All links need two parameters: a protocol and a port number. Web servers use the http protocol and ftp servers use the ftp protocol. Other servers may use other protocols. The port number should be the one used as the Outside Port in the forwarding rule through which the service can be accessed. In the last field you can enter an optional link suffix to give the link a more specific path if needed, such as the name of a specific page on a web server, or a directory or file on an ftp server."
Okay, a few ID10T questions 
I see that I can pick IP addresses on my house network (192.168.1.xxx) and port 80 for http, and some number (say 8060) for the outside port. Okay, what do I do on the computer at the selected IP address? And maybe my router (a linksys RV082)? Somewhere I need to tell something what port 8060 goes to or means? And I'd need to specify somewhere the path (C:\hamwebpage\webpagehtmlcode.htm) . This is probably IT101, but I'm currently clueless... 
thanks in advance 73s
I spent some time doing this today, with the same frustration you had on finding the right steps. Here's what I did, assuming you want a web server running on your internal network (on the 192.168.1.xxx network) to present a web server at your node (i.e. 10.1.x.x) on the mesh.
1. Figure out what internal 192.168.1 IP address is open for you to use. I have been using 192.168.1.254 or another high number like that (and reserving it in my router so it does not allocate that number to another computer!).
2. I am configuring my AREDN node to run in NAT mode. This is found on the "setup page" in the center column. In the IP address, I type in: 192.1681.254 (or your favorite), mask of 255.255.255.0. I also turn off DHCP (because my internal router, at 192.168.1.1, already provides DHCP to my computers).
3. Next, I go to "Port Forwarding" on the AREDN setup page. I add a service, passing TCP packets to/from PORT 80 (which is the web server), from the computer you have the web server running on, (say 192.168.1.12). This will now mean that when people go to yournode.local.mesh:80 (or http://yournode.local.mesh by default) they will really see 192.168.1.12:80 (your web server). Some web servers might be on 8080.
4. On the "Advertised Servers", I add the following service: Name is "web", prefix is "http://" port is "80" and nothing for the path -- unless you have a specific page you want available only (ie 192.168.1.12:80/~myusername )
5. Now, from another node, they ought to see your node with a web server at port 80.
Hope that helps (and works for you... that's the short version).
Ben
KK6FUT
(now, if I can only get name resolution working consistently after doing that I personally will be happy --equally obtuse in the docs for those of us who don't do this all day;-)
There is a 6th option available - Install another nic card in the computer and put it directly on the node on the 10 network. Make it a static address but advertise it as a service on the node, as well as configuring a link to it on the node.
Or, depending on the OS involved, and possibly the availability of a vlan capable switch, a vlan can be configured on the pc which talks directly to the node. This is doable in Debian Jessie and perhaps other linux distros using Network Manager.
This keeps removes the need for any routing or other games between the home network and the mesh network. And, it keeps your home network free from prying eyes....
73, Mark, N2MH
There are 2 scenarios here, and maybe we are all thinking of different use cases? Which one is this question about?
1) There is a web server on a computer this is connected on the home network--the computer has a 192.168.x.x address. You'd like to access this web server from computers on the mesh network.
2) There is a web server on a computer that is connected to the LAN of a mesh node--the computer has a 10.x.x.x address. This mesh node is also connected to your home network. You'd like to access this web server from your home network (or even the internet). You'd like to advertise this web server to the reset of the mesh (so the link shows up in mesh status).
There's actually a 3rd scenario here, but not implemented out-of-box AREDN (although a linux iptables person could manually hack the config files):
3) There is a web server on a computer somewhere in the middle of the mesh network--this computer has a 10.x.x.x address and the mesh node is not connected directly to a home network or the internet. You'd like to access this web server from a computer on your home network or on the internet. (the mesh node port forwarding options in the UI, configured on a gateway mesh node, does not give this option today.)
The above could replace "web server" with "ipCam", "Voip phone", ...
Joe AE6XE
1) There is a web server on a computer this is connected on the home network--the computer has a 192.168.x.x address. You'd like to access this web server from computers on the mesh network.
For now, as a test I'm attempting to, as a service. allow access to an APC metered rack power strip that is connected to my home network, at 192.168.1.231
Yes, it's a boring service, but I'm using that as a learning tool. From my home network, I can access its web page by typing into firefox 192.168.1.231:80
My aredn node is connected to my home network via its WAN connector with an IP of 192.168.1.97:8080 and as I use the switch part of this Linksys wrt54GS router to feed additional home network computers the LAN IP is 192.168.1.75 (strangely enough it works). I have the WAN connection looped back to a port on the LAN, and another LAN connection goes to my main router 192.168.1.1 (as if the WAN directly sees my main router thru the local switch). I have a tunnel client running and it's happy like this.
My aredn's wifi IP is 10.234.55.251 with a mask of 255.0.0.0 its LAN IP is 192.168.1.75 with NAT enabled, mask 255.255.255.0 and DHCP is disabled (my main router does the DHCP in the house). The aredn node's WAN IP is 192.168.1.97 with a mask of 255.255.255.0 and gateway of 192.168.1.1 and mesh gateway disabled.
I though of placing a web page file xxxx.htm inside the aredn node, but I haven't figured out where in its directory structure. I though maybe in the same folder where its main web page is, but couldn't find that.
73s
I couldn't find a /www folder in my node. Do I need to create it?
Here's a screengrab of a putty session:
And I need to find a program that does SCP? clueless here...
This is not common to directly connect both the LAN-NAT and the WAN of a mesh node to your home network. This mode gets very little, if any, testing by our community in the beta cycles or in production--at least that I've run into in the last 2.5 years. This LAN-NAT mode has been in BBHN/AREDN since the very early days. (Anyone using LAN-NAT that can validate usage -- also if using forwarding and service advertisement with DHCP turned on?)
I don't believe you will be able to advertise a service on a 192.168.1.x computer using LAN-NAT when the DHCP is turned off on this mesh node. The mesh network has no direct knowledge of the hostname and IP addresses that are on the home network and as such wouldn't have the choice options in setup to create forwards (from the mesh to the LAN-NAT) and to do the service advertisement. You'd have to be an iptables expert to hack the config files directly in linux.
Expounding on Darryl's idea, copy up abc.html to /www and then access by "http://name-of-node/abc.html" and create a service advertisement as such.
If you only connect your home network via the WAN interface, this would work with no forwards necessary. But with constraints:
1) you'd have advertise your node as a gateway to access from other mesh nodes on the mesh network
2) If a mesh node found another gateway, they can't access.
3) no provision in the UI to advertise services outside the mesh on the other side of the WAN
4) if DNS on your home network had a hostname entry for this 192.168.x.x machine, the mesh network would resolve and find it to (but not during condition #2).
Joe AE6XE
to see it, just:
cd /www
ls
So it sounds like any services I might want to make available needs to be on the node's LAN, having an IP of 10.81.191.217-222
Trying to make sense of how to use PSCP. The help files are a little too thin for me
They have an example:
"So it sounds like any services I might want to make available needs to be on the node's LAN, having an IP of 10.81.191.217-222":
Yes, this is the normal approach. Give it a try to advertise a service from the mesh node, where the service is on 10.81.191.2xx . The address the computer receives is first 'reserved' in the setup page, so that it always obtains this same address. Then add in the service name, IP of the computer, port #, and save to advertise it. This is my least favorite UI screen and I'll all be really glad when we re-write it :) .
here's an example pscp command line with the right syntax. Best practice is to not burden down the mesh node from its core function to route traffic, but one will be fine if simple html pages are copied up, then advertised.
pscp -scp c:\documents\mywebpage.html root@mynodename.local.mesh:/www
substitute the path and "mywebpage.html" with the name of your file. Substitute "mynodename" with the name you've assigned the mesh node.
you will get a message about security and have to say 'y' it's OK. Then you will get a prompt for the node's root password.
Joe AE6XE
(sorry, i use cmdline scp and don't know pscp)
It seems to figure it out:
C:\Users\joe\Downloads>pscp -scp c:\users\joe\Downloads\pscp.exe root@localnode:/tmp/
root@localnode's password:
pscp.exe | 350 kB | 350.9 kB/s | ETA: 00:00:00 | 100%
and showing that default of port 22 does not work:
C:\Users\joe\Downloads>pscp -P 22 -scp c:\users\joe\Downloads\pscp.exe root@localnode:/tmp/
Fatal: Network error: Connection refused
But if anyone does have any issues:
pscp -P 2222 -scp c:\users\joe\Downloads\pscp.exe root@localnode:/tmp/
1. Go to your node's status page
2. Click "Setup" and enter your username and password
3. Click on "Port Forwarding, DHCP and Services"
4. Add a new interface with the following:
Interface: "Wifi" Type: "Both" Outside Port: "80" LAN IP: 192.168.1.231 Lan Port: 80
All the other info you offered up really doesn't matter...
Under "Advertised Services"
Name "UPS" , Link, "http:" Port 80, blank
Save it all...
you should then be able to go to:
http://10.234.55.251:80 (and see your UPS web page).
I don't know why you'd upload a web page or anything to your node in this case, as you're just exporting the UPS server's active web server page to your node. Did I get that correct?
(you can scp stuff to your node... if you needed to.. with pscp for Windows ).
here is what I've used, as a low-cost/entry-level approach:
http://www.tim-yvonne.com/ham/mesh/
scroll down and click on "NAS Installation"
Got it to work! At least it looks like it.
Here's my ID10T guide:
Yes, it lives inside the node, but it's small. Also I added another link, a simple web page with a gif file to show how to build a 2m Jpole fed by a TV balun. Every other Jpole page on the 'net uses 50 ohm coax as a feedline direct.
Found a program called SmarTTY, and after I downloaded a zip file of it and associated files (that was an adventure, as I tried using an msi file, which would just give me a list of options but do nothing else) and releasing and renewing ipconfig on this PC (also connecting the PC to the node's LAN) was able to get into the node to upload the html file I wanted to provide as a service. Found that to see the www folder you must say "ls /" and not just "ls". duh... As for the smarTTY program I found a zip file to download here:http://smartty.sysprogs.com/portable/ and then use an unzip program and extract it to some convenient location. This was my workaround of the msi trouble I had. This program will let you upload files into your node. You enter the node's IP and the 2222 port address xxx.xxx.x.xxx:2222 and user name is root and the password you set for your node. Once you're in, do a ls / and you should see about twelve items, one should be www. Do a cd /www and then do another ls
and you should see an htm file. Then mouse over to the SCP item on the top of the smarTTY window, and you can select "upload file". This opens another small window to ask for the location and the file you want to upload, and the destination is probably filled in for you already. Watch the space limitation, keep the files very small, like a few K's. (Image files are to be avoided, as they'd hog the space. Though a simple GIF diagram may be better than a bunch of html character codes, as those render differently on different browsers. Keep it a small file size, also it would load faster.) Then do another ls and you should see your uploaded files there. Then you can close out of smarTTY.
Next step is to open your node's web site. Go to "setup", and then to "Port forwarding, DHCP, and Servives". Once there, this is where you tell your node to advertise your service. In the "Port fowarding" part, select Both for interface, or WAN if you don't get a choice. "Type" pick TCP or both. For teh outside port, I picked the same port you need to use to get into the node's web pages, usually 8080. LAN IP select "localnode" as what you are going to advertise exists inside the node (any security issues here?), and LAN port set to 8080 click "ADD" and "save changes" it. Next thing to do is the advertised services section. For "name" use whatever you want the service to be called in the "Mesh Status" page. Put a checkmark in "link" and http in the box. The URL will be filled in already with your node's name, but you need to add the port number 8080. In the box to the right of the / you put the name of your htm file (include the suffix, like jople.htm click "ADD" and do a "Save changes". Now it should be available to mesh users. To see it listed, go to "node status" and then to "mesh status". and you should bee your service under the local node area. And you should(!) be able to click on the service and then see your web page.
If you can get into the tunnel that WU2S is a part of, you should be able to see my service and click on the link and actually have it work. It's a small web page where you can do LC circuit calculations: inductance, capacitence, reactance and frequency. Specify 2 of these and the other 2 will be calculated. Not a big whoop, but hopefully useful.
I should write an India Delta One Oscar Tango guide to making this happen... Edited this post to add this above..
The port forward can be removed. This is already a default in the node's configuration so that mesh status and access is allowed from the WAN interface side. This is one of the very few ports that is allowed access to the mesh node from the WAN by default. When a new .html page is added under the web server's top level directory, this page is also accessible by default.
Only the service advertisement is needed to let others on the mesh network know the new page is there.
Joe AE6XE
Next step for me is to figure out how to advertise html files on an actual computer connected to a DHCP enabled node. Namely the path to the file, I'd figure I'd need to specify the path like C:\folder\file.htm ?
The computer would need to have a web server program installed and configured. (Some Windows version have this as an option install for IIS. Linux could be something like 'Apache'.)
The html file would be accessible across the mesh network using a browser with a URL format (where this URL link is clicked on from mesh status). Typically, once you install a web server on a computer, it has a top level directory, e.g. /www or C:\something and any html file you put there is then accessed with http://computername/the_file.html .
Joe AE6XE
free space
/tmp = 15128 KB
memory = 13084 KB