Thanks Anna, I'll just clarify;
I am working on UNESCO project where schools in a remote area are linked by a WAN (both wired and Wi-Fi bridges). Only one school is an "OLPC" school. Schools generally (not just OLPC) contribute to an online wiki environmental encyclopaedia . Content in any kind of format is uploaded to a local server where it is moderated and digitally processed if need be, by a trained "QA team" prior to upload to the online wiki. This is needed for reasons of integrity of content, traditional views on what content can be shared, etc. Lesson plans are developed to support schools in ways linked to the curriculum to access and create content for the wiki. Excitingly we can have the OLPC uploading Sugar formats like eToys, etc. Other schools will contribute text, images, audio and video. So the content will be locally uploaded to either the XS Moodle or the offline wiki as appropriate - reducing barriers to participation. I have the server running so that once you get access on a non-XO computer, you bring up the Moodle using http://schoolserver/moodle andthe wiki from http://schoolserver/wiki. It all works fine on the eth1 network (the "internal network"). I can also connect any PC and enter 172.18.0.1 to bring up the server Moodle page. It is NOT intended that XOs on the external network can register on the single XS. The only school with XOs has local access to the XS on the XS's eth1 network. The other schools only need to be able to access the XS Moodle and wiki. So my problem is that even with opening and forwarding port 80, or using DMZ Host mode, the server cannot see through the router and reply to requests. On the other hand, a PC can ping right through the router so I just need in simple terms, to know what I need to do with the apache config or hosts or other files so that the XS can be seen on port 80 from the external network. I don't care about jabber etc. Only access to web services. I am packing to go now, but will look again at your advice - many thanks. But if anyone can quite specifically give me advice on the router LAN settings to use, and any required changes to the XS networking and routing settings so that it is able to reply back to port 80 requests through the router, I would be most appreciative. David Leeming Solomon Islands Rural Link From: Anna [mailto:ascho...@gmail.com] Sent: Sunday, 31 October 2010 9:33 a.m. To: David Leeming Cc: XS Devel Subject: Re: [Server-devel] Bridging XS to another network David: I'm a little confused as to your setup. If you just have the one ethernet device on the XS, it can either get an IP address from your router (as eth0) or hand out DHCP addresses (as eth1). It can't be in both roles. I've played around with external access for the XS and it does involve some firewall stuff. I think I used lokkit to configure access to port 80 and the jabber port to my regular LAN. Then I opened up those ports on my router firewall for access from the rest of the internet. By way of example, here's a setup I've done in the past: Regular LAN: XS (eth0) 192.168.1.20 My Desktop 192.168.1.6 "XO A" 192.168.1.7 XS LAN: XS (eth1) 172.18.0.1 "XO B" 172.18.96.2 On the XS LAN, "XO B" can go to http://schoolserver or 172.18.0.1 and see the default Moodle homepage. It can also register to the XS and all that good stuff, cause it's getting its IP address from the XS's DHCP server. On the Regular LAN, my desktop and "XO A" can't see the Moodle homepage at 192.168.1.20 until I open port 80 in the firewall on the XS using lokkit (or edit iptables or whatever). Since "XO A" is not getting its IP address from the XS, it won't be able to register. If "XO A" wants to use the XS's Jabber server, that port needs to be opened in the XS firewall. "XO A" can now manually set the Jabber server to 192.168.1.20 and collaborate. If you want to use Moodle, not being able to register to the XS is a huge issue. Apache access works fine, though. I use ifcfg-eth0-local to set the static IP for eth0 on the XS. Here's my example: IPADDR=192.168.1.20 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 GATEWAY=192.168.1.254 To see what I need to put in there, I'll do this on another Linux box connected to my Regular LAN: a...@anna-desktop:~$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:0f:1f:80:0d:ea inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20f:1fff:fe80:dea/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1328780 errors:0 dropped:0 overruns:0 frame:0 TX packets:1018129 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1602636271 (1.6 GB) TX bytes:98891469 (98.8 MB) a...@anna-desktop:~$ netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 169.254..0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth0 If you're trying to have all the services available with just the single ethernet port, good luck. I'm no networking expert, but I don't see how it's possible. Anna Schoolfield Birmingham
_______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel