You are here

Off mesh access to on mesh devices

8 posts / 0 new
Last post
kg9dw's picture
Off mesh access to on mesh devices

I have a mesh node that is connected to a VLAN capable switch. That node has the mesh gateway box checked and shares this internet connection out to other members of the mesh. 

Using port forwarding on that mesh node, I can connect to the status page remotely and check on the mesh while I'm away. How do I, or can I, access a service on a more distant node?

So say that node a is the gateway, and node b is on the mesh with a camera attached. How do I configure node a to forward traffic on say port 22200 to node b? 

Not at this time

This is not yet possible with the current user interface. There is an open feature request ticket for it, but it hasn't yet received enough call from users to make it a high priority and wont make it into 3.1.0.

Reference AREDN->ticket:42  


kg9dw's picture
Anyone else have this use case?

Does anyone else want in on this? Would be good to hear from the community if this is something we should spend time on. My use case is for cameras located at remote sites that will be used for monitoring evacuation routes and for basic weather condition spotting. Certainly not a replacement for people on the ground, but may be a reason to get the local emergency management team to pony up some funds to help build out the mesh.

For what its worth, I want to

For what its worth, I want to see it in.

Development seems to be moving quicker and more efficiently these days from what I was use to over the past year, so that always brings hope that more projects and tickets will get done quicker

tunneling vs port forwarding

What if you set up a tunnel between your traveling device (laptop?) and your mesh node, thus making your laptop a node on the mesh network? Then you could remotely access anything on the mesh network without having to manually set up ad-hoc routes or port forwarding.

If you've got Linux on your laptop, natively or in a virtual machine, you should have all the tunneling tools you need. You can even run olsrd on your laptop and become a full-fledged routing member of the mesh network, though you might not want to do this on a link where you have to pay by the byte; all those olsr HELLO packets every 2 seconds can add up.

I use Remote Desktop Protocol

I use Remote Desktop Protocol on one the the machines behind the mesh. I have the ISP router port forward to the gateway where it hits the firewall. I also have 8080 port forwarded to the Gateway. If I need to administer the mesh remotely, I log into the gateway router and have it forward the RDP ports to the node. I then use the RDP to log into the computer. I like to keep as much shut down as possible, so this allows me o keep the RDP ports behind the firewall until needed. If you really need to get into another node for configuration you can forward port 8080 to another node, but it takes modifying the the firewall.user file through SSH. 

I agree a simple solution would be a good thing to be able to administer the network remotely.

It appears the me that the AREDN Development team is working hard to make things much easier to deploy, and administer, with the Beta Firmware allowing remote firmware upgrade and native tunnel capabilities. I am really liking what I am seeing here. 

kg9dw's picture
to be clear

So you are using RDP on a node that is locally connected to the mesh node that is also the internet gateway? If so, I see what you did there. :-)

Makes sense.

Yes, you can actually use the

Yes, you can actually use the RDP to get access to any node on the mesh. You have to edit the firewall.user config file in the gateway node to forward the port the ip of the RDP server. So it does not require you to have the physical connection to the gateway.

The easiest way to do this is to make the entry into the config file, then put the pound symbol in front of it. Then you can SSH into the gateway and remove the # sign. It is a little more difficult this way, but will allow you to keep the RDP server behind the gateway firewall when its not needed. Not as easy as the GUI option, but would still work. I would love the ability to be able to manually pick an IP from the GUI instead fo behind locked to just local LAN addresses. 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer