You are here

Home » Forums » General discussion

Need clarification on node services

5 posts / 0 new
Log in or register to post comments
Last post
Sat, 01/26/2019 - 21:20
#1
AD8BS
AD8BS's picture
Need clarification on node services

Trying to understand how service traffic is routed between computers connected to the LAN connectors on AREDN nodes.

I have a pair of AirRouters with AREDN set up, each in 5-host direct mode. They see each other. Connected to the LAN port #1 of each is a computer. First I tried running a webserver (port 8081) on one computer and accessing it from the other but could not get any connection. I then tested it with nmap and got nothing that resembled the other computer. Rather, it seemed to be nmap-ing the node itself - its telnet server, its WWW server, etc. I am puzzled out to establish a connection with anything physically connected to the target node itself.

The computer also happened to have SSHd (port 22) and nmap did not see it through AREDN- not that I'd use it (Part 97).

As a control variable, when I tested with both on a wired LAN I was able to accurately nmap the ports of the other computer.

How do I actually make a service accessible?

Do the advertised services do anything beyond add a link on the node's page? Do they perform some sort of port forwarding?

Am I correct that the port forwarding feature on the node configuration is limited to connection requests over the WAN->LAN ports and not AREDN->LAN?

Top
Sun, 01/27/2019 - 02:12
AE6XE
AE6XE's picture
AD8BS,     The service needs
AD8BS,     The service needs to be advertised across the mesh.   On the mesh node, with the service on a device on the LAN of this mesh node, go into the "Port Forwarding, DHCP, and Services" page in Setup.    Once the IP address of the LAN device is reserved and advertised as a service,  the hostname you assigned and IP address is propagated around the mesh network to all nodes by OLSR protocol.     Any device on the mesh network can resolve the IP address by DNS from their local mesh node.  The nodes also have the LAN subnets of every node in the routing tables and know how to route traffic to the IP address of a device on the LAN of every node.  ssh is on port 2222 on the mesh nodes.   The nodes are layer 3 routers, broadcasts and other scanning won't cross through them.   Such things would flood the wireless links to all corners. 

Joe AE6XE
Top
Sun, 01/27/2019 - 15:26
AJ6GZ
Services
As Joe points out, you would need at a minimum to have a DHCP reservation to have a host resolvable by name over the mesh, and then service advertisement for a mesh list entry. You should be able to still access hosts via IP address across the mesh without an advertisement. It seems you might by hitting the node's IP address instead of your computers' IP addresses, since nmap is returning the node's native service ports. On the Port Forwarding... screen verify the IP that has been given to each computer. It will be in the subnet range shown in the LAN section of Basic Setup. Also check the basics of hosts' firewalls and such. Can you ping from one computer to the other?
Top
Sun, 01/27/2019 - 17:11
AE6XE
AE6XE's picture
In regards to, "the port
In regards to, "the port forwarding feature on the node configuration is limited to connection requests over the WAN->LAN ports and not AREDN->LAN?"

Port forward has meaning for traffic coming in on the mesh node's WAN (typically a home network) that is trying to reach resources on the mesh network.  This is a NAT masquerade setup similar to a home router/wifi is protected from the internet.   The mesh is protected from the home network the same.  The UI limits port forwarding from the WAN to the LAN device.  If the port forwarding was extended to devices across the mesh, then this brings in the issue of 3rd parties (non licensed individuals) with ability to trigger part 97 emissions. 

There is by default no NAT or port forwarding otherwise going through nodes on the mesh.  Port forward is not what is happening, rather they are just routing traffic.    There is one exception, a setting in basic setup for the LAN of a node to also have a NAT between the LAN and the rest of the mesh (AREDN->LAN), but not commonly and individually used.  

Joe AE6XE
 
Top
Sun, 01/27/2019 - 21:01
AD8BS
AD8BS's picture
Solved
Thanks, I think I get it now.

Once I came across the feature to assign computer IP addresses based on MAC, which then caused the dropdown to include those computers, it all sort of clicked. So direct mode pretty much is "direct" - The node grabs an address range off the mesh and uses DHCP to distribute it. The MAC mapping makes it persistent, then the service advertisement starts to make sense. Turns out I didn't have to mess with port forwarding at all.
Top

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer