Greetings,


Do we have an echo where it would be appropriate to ask networking type questions?

---
Regards,

Rick // Nitro

--- Mystic BBS v1.12 A46 2020/05/17 (Windows/64)
* Origin: Abacus BBS! ---> bbs.abon.us:2323 (1:340/202)

On 09 Jun 20 21:22:03, Rick Smith said the following to All:

Do we have an echo where it would be appropriate to ask networking type questions?

Why not here?

Nick

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (1:229/426)

Do we have an echo where it would be appropriate to ask networking type questions?

IP_CONNECT ?

--- DB4 - May 18 2020
* Origin: Black Olives Matter (2:292/854)

Greetings Nick!

10 Jun 20 01:18, you wrote to me about an urgent matter!:

Do we have an echo where it would be appropriate to ask networking
type questions?

Why not here?

I agree but always wise to ask I suppose, here is what I am trying to do or accomplish I will try to describe it accurately..

So my setup is as follows..

Fiber - gig service internet with a block of 5 static IP's (IPv4 or IPv6) currently configured IPv4.

Century link modem configured with the static IP's, three machines hooked directly to that modem and all have static public IP's. A fourth connection goes to an ASUS router that is hard wired to other mesh access points through out the house. while the asus has a public ip from the centurylink modem it assigns private IP's to other devices and machines in the house.

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip address's a public and private? Or am I thinking about that wrong? One of the main reasons I thought about this is that I have setup an exsi server that will only have a private ip but I would like to reach it from machines that have a public ip.

Any help appreciated





----
Rick Smith (Nitro)

... TAGLINE A bad day BBSing is better than a good day at school!
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)

Re: Networking echo?
By: Rick Smith to All on Tue Jun 09 2020 21:22:03

Do we have an echo where it would be appropriate to ask networking
type questions?

what type of networking?

eg: LAN, internet, FTN, QWK, interBBS, other


)\/(ark
--- SBBSecho 3.11-Linux
* Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)

Hello Rick,

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip
address's a public and private? Or am I thinking about that wrong?
One of the main reasons I thought about this is that I have setup an
exsi server that will only have a private ip but I would like to reach
it from machines that have a public ip.

You can access BBSs or mailers on your lan with their private IPs, like I have an MBSE BBS on my lan I can access anywhere on my lan with 192.168.0.11. That address only works for local access within the lan.

Is that what you mean?

Ttyl :-),
Al

--- GoldED+/LNX
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)

Hello, Rick Smith.
On 10/06/20 06:07 you wrote:

Why not here?

Century link modem configured with the static IP's, three machines
hooked directly to that modem and all have static public IP's. A
fourth connection goes to an ASUS router that is hard wired to
other mesh access points through out the house. while the asus has
a public ip from the centurylink modem it assigns private IP's to
other devices and machines in the house.

Short answer: you can't.

Complete answer: the asus router does pat (port address translation, a kind of nat) from the private lan to the public lan, so all the connections started from the hosts on the private lan can access the public lan or internet, the reverse is impossible because all the private ip adresses of the private lan are translated over the single public ip assigned to the asus router.

Workaround: Your public lan adresses could be routed locally to the private lan addresses because the traffic is local and not through internet. To do this, IMHO, you should change your router because I think that the asus appliance doesn't has the conditional nat functionality.
For example, on cisco routers you can use an access list to deny the nat/pat if the destination ip address is in a network denied to the nat service.

--
Ciao.
Fabio.
--- Hotdoged/2.13.5/Android
* Origin: ]\/[imac Boss Android Point (2:335/364.3)

Rick Smith wrote to Nick Andre <=-

Century link modem configured with the static IP's, three machines
hooked directly to that modem and all have static public IP's. A fourth connection goes to an ASUS router that is hard wired to other mesh
access points through out the house. while the asus has a public ip
from the centurylink modem it assigns private IP's to other devices and machines in the house.

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip address's
a public and private? Or am I thinking about that wrong? One of the
main reasons I thought about this is that I have setup an exsi server
that will only have a private ip but I would like to reach it from machines that have a public ip.

We could use a place for home internet/networking discussions - I think we would get a good amount of traffic there. Sysops, typically, do things a little differently than Joe Facebook, so it'd be interesting to have a user base specific to our hobby. In the meantime, this echo may do nicely.

That sounds like a nice setup - you have a place where you can put publicly accessible systems on a public IP without needing to deal with NAT, and a private area protected from the internet for your household systems.

As for accessing the private areas from the public systems, that opens up
some concerns. When you have systems accessible from the outside world,
you'd want all communication to go from the inside out, and not allow any traffic the other way.

Do you just want to manage the ESXi server web interface from the public
IPs, or run services on VMs and access them from the public IPs?


... Curious ideas wait for stranger times
--- MultiMail/XT v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)

Re: Networking echo?
By: Rick Smith to Nick Andre on Wed Jun 10 2020 06:07 am

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip address's a public and private? Or am I thinking about that wrong? One of the main

If you can control/configure all the devices (sounds like you can), and the one that has a public ip and gives out private IPs can route (sounds like it does), then from you other public IP systems, you would just configure a network route.

ip route <private network> via <public "x">

(switch for the appropriate route command on the public hosts.)

...ëîåï

... The things most people want to know are usually none of their business.
--- SBBSecho 3.11-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (3:633/509)

On 10 Jun 20 06:07:58, Rick Smith said the following to Nick Andre:

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip address's a public and private? Or am I thinking about that wrong? One of the main reasons I thought about this is that I have setup an exsi server that will only have a private ip but I would like to reach it from machines that

have

public ip.

Your setup sounds close to mine. If you want to save yourself a tremendous amount of frustration with this, ditch that Asus router. It will not be up to snuff to handle your expectations. You need something commercial-grade.

Since you have an EXSI server (like me), I strongly recommend setting up a Pfsense instance with a simple LAN and WAN interface. The LAN should trunk
to a simple gig-switch. Cisco makes good ones. Reduce the Asus router to
just acting as a Wifi access point.

I guarantee you will notice an immediate improvement when you have Pfsense handle routing and your Asus just handles the Wifi.

Eliminate the Century Link modem entirely if possible. Connect the WAN of Pfsense direct to the Fiber connection and use the appropriate Vlan and PPPOE settings that the modem provisions. It is worth researching as I did the same thing with my Bell Canada Fibe connection. Bell insisted on this rediculous gateway "modem" which caused me a great deal of problems with running a reliable network until I went the Pfsense route.

Regardless if you take away the modem, Pfsense will give you a MUCH more robust, scalable router and home network not to mention all the plugins/goodies you can get, VPN capabilities, etc.

Nick

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (1:229/426)

On 06-10-20 06:07, Rick Smith wrote to Nick Andre <=-

My question is can I access private ip devices or machines from my BBS computers that have public IP's? So can my my nic have two ip address's
a public and private? Or am I thinking about that wrong? One of the
main reasons I thought about this is that I have setup an exsi server
that will only have a private ip but I would like to reach it from machines that have a public ip.

Yes, you can have multiple IPs on a NIC and I actually do. I probably take it to the extreme, because I have:

A conventional VDSL connection with a single public IPv4. The router also hands out private IPs to devices configured for DHCP.

A /28 of public IPs routed via APANA.

A /25 of 44.x AMPRnet Ips for ham radio yse.

And finally, my ISP also gives me a /56 of natibe IPv6, so I can run IPv6 in a totally conventional pattern.

Several machines have public IPv4 addresses, and a different subset also have 44net addresses.

Anything requiring something other than a standard private IPv4 and SLAAC IPv6 needs to be configured statially. Sometimes, routing considerations may require policy routing to make everything work, but you should be fine by the sounds of it.


... Logic and practical information do not seem to apply here.
=== MultiMail/Win v0.51
--- SBBSecho 3.10-Linux
* Origin: Freeway BBS Bendigo,Australia freeway.apana.org.au (3:633/410)

Nick Andre wrote to Rick Smith <=-

Since you have an EXSI server (like me), I strongly recommend setting
up a Pfsense instance with a simple LAN and WAN interface. The LAN
should trunk to a simple gig-switch. Cisco makes good ones. Reduce the Asus router to just acting as a Wifi access point.

I'm tempted to ditch my Linksys router (running DD-WRT) and replace it
with a pfSense box we decomissioned at work. It's some older dual-core
Intel box, but it's got 4 NICs in it.

Eliminate the Century Link modem entirely if possible. Connect the WAN
of Pfsense direct to the Fiber connection and use the appropriate Vlan
and PPPOE settings that the modem provisions. It is worth researching
as I did the same thing with my Bell Canada Fibe connection. Bell
insisted on this rediculous gateway "modem" which caused me a great
deal of problems with running a reliable network until I went the
Pfsense route.

Good to know, I'm considering moving to AT&T Fiber, assume they're
going to want to do the same thing.

Regardless if you take away the modem, Pfsense will give you a MUCH
more robust, scalable router and home network not to mention all the plugins/goodies you can get, VPN capabilities, etc.

Nick

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (1:229/426)

... The exception also declares the rule
--- MultiMail/XT v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)

Hello Kurt!

11 Jun 20 08:24, Kurt Weiske wrote to Nick Andre:

I'm tempted to ditch my Linksys router (running DD-WRT) and replace
it with a pfSense box we decomissioned at work.

Comparing pfSense and OPNsense these days, I see hardly any reason to use the former.


Regards,
Gerrit

... 6:01PM up 144 days, 7:58, 7 users, load averages: 0.22, 0.36, 0.41

--- Msged/BSD 6.1.2
* Origin: We are a nation (2:240/12)

On 11 Jun 20 08:24:00, Kurt Weiske said the following to Nick Andre:

I'm tempted to ditch my Linksys router (running DD-WRT) and replace it
with a pfSense box we decomissioned at work. It's some older dual-core Intel box, but it's got 4 NICs in it.

I've played with DD-WRT and Tomato and concluded that its not a good idea to try to make a residential router do more than what its designed to do. You cannot guarantee uptime/stability and generally Pfsense appliances or virtual machines do a far better job.

insisted on this rediculous gateway "modem" which caused me a great deal of problems with running a reliable network until I went the Pfsense route.

Good to know, I'm considering moving to AT&T Fiber, assume they're
going to want to do the same thing.

I'll bet they will; the logic being that they cannot offer proper tech-support unless the customer uses their equipment. I kinda see things from the telco's perspective. But in my case, that residential gateway was just pure crap.

Nick

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (1:229/426)

On 11 Jun 20 18:01:26, Gerrit Kuehn said the following to Kurt Weiske:

I'm tempted to ditch my Linksys router (running DD-WRT) and replace it with a pfSense box we decomissioned at work.

Comparing pfSense and OPNsense these days, I see hardly any reason to use former.

I use and recommend what works for me. I get Netmails, emails, BBS caller feedback about what tech stuff I use to keep things reliable and stable......

......... knock on wood.

Nick

--- Renegade vY2Ka2
* Origin: Joey, do you like movies about gladiators? (1:229/426)

Greetings Kurt!

11 Jun 20 08:24, you wrote to Nick Andre about an urgent matter!:

Nick Andre wrote to Rick Smith <=-

Since you have an EXSI server (like me), I strongly recommend
setting up a Pfsense instance with a simple LAN and WAN
interface. The LAN should trunk to a simple gig-switch. Cisco
makes good ones. Reduce the Asus router to just acting as a Wifi
access point.

I'm tempted to ditch my Linksys router (running DD-WRT) and replace it with a pfSense box we decomissioned at work. It's some older dual-core Intel box, but it's got 4 NICs in it.

Eliminate the Century Link modem entirely if possible. Connect
the WAN of Pfsense direct to the Fiber connection and use the
appropriate Vlan and PPPOE settings that the modem provisions. It
is worth researching as I did the same thing with my Bell Canada
Fibe connection. Bell insisted on this rediculous gateway "modem"
which caused me a great deal of problems with running a reliable
network until I went the Pfsense route.

Good to know, I'm considering moving to AT&T Fiber, assume they're
going to want to do the same thing.

Ive run this fiber setup without their modem, I used to run it on the asus. It was only when I got the block of static ip's I had to switch to their modem because the asus would not deal with 5 static ip's for some reason. I am very interested in this pfsense since it was mentioned. Unfortunately my networking knowledge beyond basics is very limited I may have to hire some help.

Regards,


----
Rick Smith (Nitro)

... TAGLINE A BBS addict is hooked when: you consider BBSing better than chocolat
--- GoldED+/LNX 1.1.5-b20180707
* Origin: ----> Abacus Sysop Point --->>>>bbs.abon.us:2323 (1:340/202.1)