I have run K7FPV's MeshChat for a year or so on a Raspberry Pi-3b that is connected to the LAN of one of my hAP nodes at home. It has worked just fine this way. Of course I have to run the MeshChat api on the hAP - and remember to reinstall it after every node firmware update :) .
Today in order to improve security, I moved the RasPi running MeshChat to another LAN so that it is behind a firewall. At the moment I only have port 80 forwarded from the AREDN LAN to the internal LA with the RasPi. Outbound traffic from the internal LAN to the AREDN LAN is unrestricted - similar concept to how the typical home LAN firewall is setup (if you were running a web server running on your home LAN) - you can get out to the internet, but only port 80 and reply traffic can get back in.
This works for everything EXCEPT the sync traffic between MeshChat nodes. My outbound sync is working (as expected), but the MeshChat on the RasPi is not getting the sync from the MeshChat api running on the hAP. I assume I need to open a port (or multiple ports) in the firewall to allow that traffic to reach the RasPi. Does anyone know what port or ports need to be opened in my firewall? Or is there something else I need to open up?
Today in order to improve security, I moved the RasPi running MeshChat to another LAN so that it is behind a firewall. At the moment I only have port 80 forwarded from the AREDN LAN to the internal LA with the RasPi. Outbound traffic from the internal LAN to the AREDN LAN is unrestricted - similar concept to how the typical home LAN firewall is setup (if you were running a web server running on your home LAN) - you can get out to the internet, but only port 80 and reply traffic can get back in.
This works for everything EXCEPT the sync traffic between MeshChat nodes. My outbound sync is working (as expected), but the MeshChat on the RasPi is not getting the sync from the MeshChat api running on the hAP. I assume I need to open a port (or multiple ports) in the firewall to allow that traffic to reach the RasPi. Does anyone know what port or ports need to be opened in my firewall? Or is there something else I need to open up?
Jim, meshchatsync is the process that runs on the Rpi and calls the API on the node defined in the $local_meshchat_node variable of the Rpi's meshchatconfig.pm file. I'm pretty sure it defaults to port 8080, but you could watch for the actual port using tcpdump or wireshark when meshchatsync calls the API on the node. The call is initiated by the Rpi, so the return message should be allowed -- as long as the node has a route back to the Rpi in the other LAN.
update: I looked at Trevor's github site and see the meshchatlib.pm function to get the node list has the port hardcoded to 8080. It uses curl on this URL:
"http://$local_meshchat_node:8080/cgi-bin/meshchat?action=meshchat_nodes&zone_name=$zone_name"
I think you just nailed the issue. And I must have been too damn tired to think of it. The node has no way of knowing how to reach the 192.168.15.nnn LAN. Now to see if I can add a route to the node...
Below is a simplified drawing of the important parts of this connection:
I thought meshchat gets a list of services from 'localnode' and scans for {$pi_zone} in meshchatconfig.pm .
Then queries those neighbor nodes for messages and shares new messages.
If true and your RPi can no longer query 'localnode.local.mesh', then this may fail.
I hope this helps, Chuck
I'm not running Raspbian but using a fanless miniPC with Linux. I have "localnode.local.mesh" in meshchatconfig.pm and it resolves just fine. Whatever the $local_meshchat_node variable is set to is brought over exactly by the pi_node_list() function in meshchatlib.pm, and the port is hardcoded to 8080. You could probably have the actual node name (kc0euw-sxt5.local.mesh) or even an IP address and it should work as designed.