Problem: You have LocustWorld subscribers, on private
IP addresses, who needs to run a server of some type that needs to be accessed
from the public Internet.
Detailed Example Setup:
LocustWorld Mesh AP: 65.201.93.122 (1st Cell ID: 137)
Deliberant SM (WAN IP): 192.168.137.225
Deliberant SM (LAN IP): 192.168.3.10
Server IP (on the LAN): 192.168.3.11
Port: For this example, we will set up a web server on port 80Public IP address to map to host: 65.201.93.220*
Note: If you have a LocustWorld gateway, device, this should be done in the gateway device. If you have your Mesh APs functioning as gateways, you will configure these settings in the actual AP. This does not need to be configured in repeaters along the route.
*You will also have to, of course, have extra public IP addresses to use in the host mapping.
Solution: Configure LocustWorld to map a public IP
address to a customer who needs to allow access to an application or server of
some type. In this case, the customer uses a Deliberant SM.
LocustWorld reserves a block of IP addresses for static host mapping. This range is 220 to 240.
With that in mind, assign a static ip address to the WAN side of the Deliberant. This static IP address will be 192.168.x.y., where x is the first cell ID of the Mesh AP, and y is a range of 220 to 240 (Tip: If the Deliberant was on DHCP, just look at its assigned IP address, and then change it to a static IP address in the same range, only change the last octet to a range between 220 - 240).
 |
|
Next, you will need to configure the Deliberant to forward specific incoming traffic to the correct IP address on the LAN, and the correct port. In this case, we will forward all port 80 traffic on the WAN IP address of 192.168.137.225, to the web server on the LAN (192.168.3.11 port 80).
Next we will need to configure LocustWorld to forward traffic from the public IP address 65.201.93.66.220 to 192.168.137.225
You will do this by entering the public IP address into LocustWorld's Host mapping settings, in this manner:
65.201.93.220 137 192.168.137.255
Where 65.201.93.220 equals the public IP address you have assigned for this customer, and 137 equals the 1st Cell ID of the Mesh AP/gateway, and 192.168.137.255 equals the Deliberant's WAN IP address.
After configuring the above Host mappings, click "make changes." When changes have been applied, SSH into the Mesh AP and force it to update its settings.
Testing your Host Map
Open up a web browser and type in the public IP address you assigned the customer. Assuming the web server was up and running correctly, if using our example IP addresses, typed in http://65.201.93.220, the web browser should pull up pages served by the web server.
Note: If you are having trouble with a certain application and can't determine if the problem is with the Host mappings, a firewall, or there is a tiny, incredibly easy to configure, web server that can easily be configured to run on any port. Use this tiny web server to easily test connectivity problems. (Full instructions for this tiny test are located here).
Multiple IP addresses mapped to multiple customers:
If multiple host mappings are needed, repeat the above steps by assigning a different public IP address to a different customer (each customer must have a unique public IP address) and mapping to the WAN IP address of the customer's deliberant SM. Be very careful not to set duplicate static IP addresses on the WAN side of the Deliberant SMs.
Other Important Notes:
- Hostmapping is only supported in tobuild25dev42 onwards.
- Remote node gateway type is IP and not PPP
- Cell IP does not conflict with any others (wiana will warn you) Local wired side of the remote meshbox does not conflict with elsewhere on the mesh. It can be changed to a specific range, changing the "X" quoted above.
- Ranges should be 1-120 for that part of the subnet. - this only applies if the remote device is connected via the remote meshbox ethernet or if an AP is connected to that Ethernet that the remote device is then connected to wirelessly.
Potential Problems:
Deliberant Association to the Mesh AP
While in most circumstances this shouldn't be an issue, keep in mind that -- and this assumes you have your gateways in the actual Mesh APs and not in a gateway box -- if there are multiple APs the Deliberant can associate with, the host mappings will only work when the Deliberant is associated with the AP in which the host mappings were configured. This is one benefit of having a gateway box.
One LocustWorld user noted:
You can map a public IP address out to someone, but it's not exactly perfect. The reason I say that is that all OUTGOING traffic is masqueraded under the IP address of the gateway box, but the INCOMING traffic is what gets routed to the client's computer. The only time I have encountered an issue with this was a commercial client that had a mail server with a static IP. Other mail servers detected the difference in IP addresses and flagged his server.
LocustWorld also states:
If you screw up the public address you could end up with a meshbox which loses all its's ethernet or wireless capability - hard to reset etc If you screw up the remote ip you could knock out parts of the mesh or take out the gateway's internet connection If you screw up the cell number then you'll route your data to the wrong place or not at all. Be careful with the settings as invalid ones are not handled very well at the moment.
Deliberant WebGUI issues:
If you leave WAN access to the Deliberant WebGUI, it will pull up if anyone happens to type in the public IP address mapped to the Deliberant. Either WAN access to the Deliberant's WebGUI needs to be disabled, or the unit should be password protected (which it should be, anyway).
Also, if the LocustWorld customer actually wanted to run a web server, there will be a conflict with the Deliberant's WebGUI, which is basically a web server running on port 80.
Related Links: