--- In Jim Jackson <> wrote:
>
>
>
>
> On Thu, 27 May 2010, j.chitte wrote:
>
> > Hi,
> >
> > I've been battling to connect by 7250 to WAN via linux desktop machine
> > and an ADSL modem/router.
> >
> > The desktop has its own apache running on port80 to I set up the SBC
> > server on 8080.
> >
> > The routers NAT sends both 80 and 8080 traffic to the desktop, which has
> > a minimalistic iptables to DNAT 8080 to the ARM.
>
> Just out of curiosity why don't you configure the routewr to send 8080
> direct to the SBC?
>
> > I had this working with one fs and 2.6.29 without iptables but I bit need
> > to tighten security before exposing it to the net.
> >
> > Now I have a kernel built with iptables and I cannot get the arm to
> > respond over the net. LAN connection still works fine.
> >
> > The fs image is basically the same but rebuilt and with several small
> > version updates so there's scope for a critical change here though
> > iptables in empty on the arm.
> >
> > There would seem to be some difference in the responce from the new
> > config that is preventing replies from being sent back out by the desktop
> > machine.
> >
> > Any suggestions on how I can diagnose what's wrong.
>
> If your SBC is in the same subnet as the desktop, then you probably don't
> want to be NAT to it from the desktop - that would be 2 NATs and one trying
> to NAT within a subnet. Not a situation I'd want to debug.
>
> If you really must send the traffic to the desktop first, you need to run
> a TCP redirector of somesort on the desktop. This works at the TCP layer
> not the network layer and can be a lot easier to set up.
>
> This is one such
>
> http://sammy.net/~sammy/hacks/redir-2.2.1.tar.gz
>
> I've used one of these sorts of programs before, a long time ago. It was
> easy to setup.
>
Hi Jim, thanks for the reply.
I should have more fully explained the topography.
The router is next door with a wifi link on the desktop machine. The SBC is ,
of course, on a different subnet.
I will get the SBC connected with wifi later this was supposed to be a "quick"
solution to get it connected.
I'll look into the TCP solution you suggested but I would have thought this was
exactly the sort of thing that iptables NAT can do. I'm probably overlooking
something obvious.
Thanks for your help.
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|