This is a real beginner question I guess: when I connect to the "administrative console" through the WAN port, at the indicated address and port number, I can see most of the things for the node I am connected to (not including OLSR). But if I click any link that goes outside the gateway node, it does not work. I suspect that is because the domain name service of the mesh is not available to connections made through the WAN port. Is it possible to access other mesh nodes through the gateway? One specific example would be web cam on a non-gateway node. It has a link which brings up the camera on locally-connected PC's, but not on ones connected through the gateway. Can this be done? What exactly would I have to do?
Thanks
Ken
There's an open ticket to add this feature...
http://bloodhound.aredn.org/products/AREDN/ticket/42
Excellent!
This would make it some option in the GUI.
I suppose really knowledgeable individuals could go in with puTTY and manually put in the required routing instructions .... is it hard?
this does not address the DNS issue, but it some research indicates that one could put some 'redirect' rule into
/etc/config.router/firewall.user
that might allow accessing things inside the mesh from the wan port of the router.
I'm going to take a step back here and start at some basics so that way everyone who comes across this thread will understand why this isn't doable.
The mesh network uses an IP network range (method of identifying computers) in the 10.0.0.0-10.255.255.255 range and the 172.16.0.0-172.31.255.255 range. These ranges of IP's are known as non routeable private ip addresses (RFC 1918 addresses for the geeks in the room).
These addresses are free to use in autonomous systems (indvidual networks) but they can not cross network barriers like fully routable public ip addresses. This is by design and is why we can allocate them to the mesh network without having to call everyone in the world to make sure they are not using it.
Most home networks use the same setup where the home network is in a private address range and the internet is assigend to one device, the router or modem in most house cases. This is known as the wide area network (WAN) connection and the home network is known as the LAN connection.
Mesh nodes behave the same way, we have a WAN connection, which wh ile its normally connected to your home network, to us its a "public" network that we don't control and we can't dictate rules on so it behaves like a WAN to us and we treat it as such.
The Mesh network is inside the control barrier, we (by means of the standards defined) control this network to have allocations a certain way and for everyone to be able to talk to each other just like your home LAN network would be.
Now on a home network internet users cant get from the internet into your home network without you poking holes through the router which says 'send this connection to this computer" (Port forwarding) the same is true on the mesh network, even if you have the PC name, and even if you know how to get to it you can't cross that barrier without explicit permission and configuration.
There is also good reason behind this, many have pushed for the mesh to be moved to the routeable AMPERNET space (44.x) however there are serious downsides with being in the routeable space for part 97 operations. One of the big ones I can think of is that obscene content reguarly flaots on the internet, if you have a public routeable address you can't stop this data from coming in, you can ignore it when it gets to its destination, but you can't stop it from the destination. This means many nodes may forward content from nonhams that violates part 97 rules and be liable for the violation while the person sending the content since they are on a network that permits content of that nature would not be breaking any rules or regulations.
This will be still true even when this feature is implemented, but it will be a much smaller access window, and the person forwarding the connection will be taking responsibility for the actions of users they forward through.
If you keep your mesh all within part-15 then you could consider routing and AMPRNet, etc. But part-15 has well-known limitations.
In my original posting, I was asking to get data via the wan port - data that has already traversed the part-97 mesh network. As you point out, it's data going the *other* way that poses a problem. In my case this data is mostly instructions to pan, zoom, tilt, etc. Even if I put this on the internet, not much can be done there (and it's password protected) .....of course each person's application will be different.
Ken
Disclosure: I am not a lawyer nor do I play one on TV
Sorry forgot to put in my post that those reasons are why name resolution didn't really matter (because it couldn't be direct) Ya forwarding through as the feature ticket says will match your request than and be able to get to items like a camera and control.
Nice step back - very helpful - THANKS
Vance Nelson, KC8RGO
Just to correct the above: The proper place to add "redirects" - which are essentially port forwarding instructions - is this file:
/etc/config.mesh/firewall
73
Ken
I you want to have access to your home lan just work from inside you mesh lan! The firewall is liberal and NAT works upstream. It's a hassl and not what nat dose by defalt. Nubs lookup BGP! I would never want to merge the traffic on the 2 networks, so I have 2 cat5e cables run to my laptop and i switch between them when I need too physically.
I don't want to start a discussion about 44.net here but I find a problem in your statement that 44.net traffic might carry non related ham related traffic over a nodes.
"There is also good reason behind this, many have pushed for the mesh to be
moved to the routeable AMPERNET space (44.x) however there are serious
downsides with being in the routeable space for part 97 operations. One
of the big ones I can think of is that obscene content reguarly flaots on the
internet, if you have a public routeable address you can't stop this data
from coming in, you can ignore it when it gets to its destination, but you
can't stop it from the destination. This means many nodes may forward
content from nonhams that violates part 97 rules and be liable for the
violation while the person sending the content since they are on a network
that permits content of that nature would not be breaking any rules or
regulations."
Would the mods break this off.
I'm having trouble understanding "Would the mods break this off."
Are you asking for the content to be removed or are you asking for a new subject to be created for further discussion on this topic?
because im going to change the subject ...