I am currently working to utilize the broadband mesh as a conduit to take Internet service to my repeater site for my EchoIRLP node. I configured one node as a mesh gateway in direct mode. The second node is set to NAT with port forwarding to the EchoIRLP node.

With the node configured for EchoIRLP attached directly to my cable modem and set as a mesh gateway everything works great. Turning the mesh gateway off on this node and moving it to the repeater site with a link from the first node, I can still get Internet access for my web browser and the EchoIRLP allows outbound traffic but restricts inbound ports. 

If I am understanding the direct-5 host setting, the connection between the WiFi/Wan should be seamless with no fire walling. Does anyone know what I am doing wrong?

Thank you,

Keith

If I am getting this right, you got everything working and then moved a node to the repeater site that has an internet connection? Or are you linking out to the repeater site with only RF? I am a little confused. It sounds like you are linking everything to the repeater site via RF – correct me if I am wrong.

It sounds like you may have some port forwarding to turn on... Pay attention to TCP or UDP. Or just make it “both” and be done with it. The only one that needs the internet gateway turned on is the one in your shack. And even then, your internet router may need to have some ports forwarded on to your internet gateway mesh router address.

Think of the link as a double chain – one in one direction, the other in the other direction. If one link in that chain aint right, it won't work! But luckily you have a logical path to debug...

The WAN port wants to be plugged into some OTHER network other than the 10.x.x.x addresses your mesh uses to communicate. Be it your 192.168.x.x network or the internet. The LAN ports all want to talk to your 10.x.x.x addresses and devices. Is your EchoIRLP node on a 10.x.x.x address? Is it reserved? Do you have all the ports forwarded to it that it needs?

I'll admit, I have never done anything with IRLP – yet. I've done LOTS of other stuff though!

Just trying to ask the right questions here – I know how frustrating it can be when you are sitting there going “This SHOULD work!” but it doesn't... My racks are FULL of stuff I spent a heck of a lot of time figuring out how to forward all those ports! And I even had to UPGRADE my Internet router to be able to handle all the different ports I needed to forward for all my “stuff”... The standard Linksys didn't even come close to handling it all and I had to move up to DDWRT on it. It also allowed me to enter addresses for port forwarding that my internet router did not hand out via DHCP!

Your setup is much simpler – and I will bet that whatever is standing in your way is something simple...  There's a bunch of guys on here who have done what you are doing - it will only be a matter of time 'till one of them pipes up and maybe hands you a clue... :)  I will be interested to see what they have to say.

Bill – N5MBM

www.n5mbm.net

http://n5mbm.net:8084/cgi-bin/mesh <--- take a peek

Bill,

Thanks for your reply! Yes, everything was working correctly until I added additional nodes into the mix and moved the node providing Internet to my EchoIRLP to the repeater site. The network is as follows:

• Node 1 is at my QTH and is the node currently configured as my mesh gateway. This node is configured as a default mesh node with the only customization being the mesh gateway. The modem providing Internet to this is an Actel Verizon Fios modem with a static IP set for DMZ for Node 1. The IP address is a 192.x.x.x . This is plugged directly to the WAN port on Node 1. Just as a test, I also tried this on at Arris cable modem set to bridge mode with the same end results.
• Nodes 2-7 are at various locations between my home, business, and repeater site. There is nothing particularly special about them and each shares some services from IP cameras, chat servers, file servers, etc. All have Internet access via Node 1. Note that I have only used this access for brief browsing or email and not anything requiring specific port forwarding.
• Node 8 is now at the repeater site providing remote control of my repeater controller from within the mesh and is where I am now attempting to provide Internet access to my EchoIRLP. This node was originally configured as a standard direct 5 host node though when the forwarding failed I reconfigured it as a NAT node and built more detailed routing tables. All outbound traffic works but inbound, other than general web browsing, fails. Because this node is now in NAT mode the IPs are in the 172.x.x.x family. I have reserved one for the EchoIRLP node for all the forwarding that is taking place. Prior to attempting the NAT solution, I had reserved in the 10.X.X.X range and done the same.

Forwarding on Node is a blend of UDP and TCP based on the info provided at the IRLP.net and Echolink.org websites. I have selected both WiFi and WAN as the source points for the forwarding. All nodes are built on the Linksys platform with all new equipment being the Ubiquiti products.

Thanks,

Keith – AI6BX

I have absolutely no idea if this has anything to do with your plight, but HamNet uses 172.x.x.x addresses for tunneling and I know when my tunneling became active, by default, it blocks internet bi-directional traffic across the mesh. Simply because, once the mesh grows past your little network, having 12 different internet paths can get mighty confusing! 172.x.x.x addresses are setup for VPN tunneling to remote nodes on BBHN – so far as I know.

Now that I know this isn't two nodes trying to talk to each other directly – but a chain of them with node hops in between them across multiple routers I see the same port forwarding scenario I ran into a while back. I was told, at the time, that in order to port forward from my internet router to like “node 8 “ in your scenario I would have to port forward on every router in the chain to get that traffic where it needed to go. I am not SURE this is your problem but it seems similar to a problem I had a while back.

Which is why I ended up upgrading my internet router to DDWRT so I could put a port forwarding entry using an IP address the router didn't hand out via DHCP. It allowed me to configure a 10. address several hops away on the mesh and it worked!

But first I would attack the 172.x.x.x problem and kick back to a 10. address range. I think this may be ONE problem but more knowledgeable people are out there! Don't take this as the gosphel. But you may want to leave this like they intended if you ever want to do any tunneling in the future to join a wider mesh via the Internet. There's a lot of stuff out there and it is growing every day.

Second, you may need the internet router capability that DDWRT software provides in being able to be more flexible with the port forwarding addresses... Again, I think this may be one of your problems but there are more knowledgeable people out there than I!

I have made a few mistakes and learned from them. I just try to hand that experience along... I have ended up with a LOT of stuff hanging off of my nodes, and with that comes a LOT of chances to screw stuff up! :)

But you are “This Close” (Maxwell Smart voice) to making it all work... You are DAMN close! Congrats on making it further than a LOT of folks! :)

Be sure and post your resolution so other people can learn too!

Bill – N5MBM

For anyone trying to crack the code to port forwarding across multiple nodes, following is what worked for me in creating the ability to forward from a mesh gateway, across multiple nodes to the node hosting my Echo/IRLP node.

#Node Port Monitor

iptables -A input_wan -p tcp --dport 8088 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 8088 -j DNAT --to 10.7.55.202:8088

iptables -A forwarding_wan -p tcp --dport 8088 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 8088 --to-source 10.212.63.152

#Echo Ports

iptables -A input_wan -p tcp --dport 5198 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 5198 -j DNAT --to 10.7.55.202:5198

iptables -A forwarding_wan -p tcp --dport 5198 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 5198 --to-source 10.212.63.152

iptables -A input_wan -p tcp --dport 5199 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 5199 -j DNAT --to 10.7.55.202:5199

iptables -A forwarding_wan -p tcp --dport 5199 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 5199 --to-source 10.212.63.152

iptables -A input_wan -p tcp --dport 5200 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 5200 -j DNAT --to 10.7.55.202:5200

iptables -A forwarding_wan -p tcp --dport 5200 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 5200 --to-source 10.212.63.152

#IRLP Control

iptables -A input_wan -p tcp --dport 15425 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 15425 -j DNAT --to 10.7.55.202:15425

iptables -A forwarding_wan -p tc --dport 15425 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 15425 --to-source 10.212.63.152

iptables -A input_wan -p tcp --dport 15426 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 15426 -j DNAT --to 10.7.55.202:15426

iptables -A forwarding_wan -p tcp --dport 15426 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 15426 --to-source 10.212.63.152

iptables -A input_wan -p tcp --dport 15427 -j ACCEPT

iptables -t nat -A prerouting_wan -p tcp --dport 15427 -j DNAT --to 10.7.55.202:15427

iptables -A forwarding_wan -p tcp --dport 15427 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p tcp -d 10.7.55.202 -j SNAT -dport 15427 --to-source 10.212.63.152

#IRLP Traffic

iptables -A input_wan -p udp --dport 2074 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2074 -j DNAT --to 10.7.55.202:2074

iptables -A forwarding_wan -p udp --dport 2074 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2074 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2075 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2075 -j DNAT --to 10.7.55.202:2075

iptables -A forwarding_wan -p udp --dport 2075 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2075 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2076 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2076 -j DNAT --to 10.7.55.202:2076

iptables -A forwarding_wan -p udp --dport 2076 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2076 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2077 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2077 -j DNAT --to 10.7.55.202:2077

iptables -A forwarding_wan -p udp --dport 2077 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2077 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2078 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2078 -j DNAT --to 10.7.55.202:2078

iptables -A forwarding_wan -p udp --dport 2078 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2078 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2079 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2079 -j DNAT --to 10.7.55.202:2079

iptables -A forwarding_wan -p udp --dport 2079 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2079 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2080 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2080 -j DNAT --to 10.7.55.202:2080

iptables -A forwarding_wan -p udp --dport 2080 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2080 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2081 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2081 -j DNAT --to 10.7.55.202:2081

iptables -A forwarding_wan -p udp --dport 2081 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2081 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2082 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2082 -j DNAT --to 10.7.55.202:2082

iptables -A forwarding_wan -p udp --dport 2082 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2082 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2083 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2083 -j DNAT --to 10.7.55.202:2083

iptables -A forwarding_wan -p udp --dport 2083 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2083 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2084 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2084 -j DNAT --to 10.7.55.202:2084

iptables -A forwarding_wan -p udp --dport 2084 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2084 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2085 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2085 -j DNAT --to 10.7.55.202:2085

iptables -A forwarding_wan -p udp --dport 2085 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2085 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2086 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2086 -j DNAT --to 10.7.55.202:2086

iptables -A forwarding_wan -p udp --dport 2086 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2086 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2087 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2087 -j DNAT --to 10.7.55.202:2087

iptables -A forwarding_wan -p udp --dport 2087 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2087 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2088 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2088 -j DNAT --to 10.7.55.202:2088

iptables -A forwarding_wan -p udp --dport 2088 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2088 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2089 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2089 -j DNAT --to 10.7.55.202:2089

iptables -A forwarding_wan -p udp --dport 2089 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2089 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2090 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2090 -j DNAT --to 10.7.55.202:2090

iptables -A forwarding_wan -p udp --dport 2090 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2090 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2091 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2091 -j DNAT --to 10.7.55.202:2091

iptables -A forwarding_wan -p udp --dport 2091 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2091 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2092 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2092 -j DNAT --to 10.7.55.202:2092

iptables -A forwarding_wan -p udp --dport 2092 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2092 --to-source 10.212.63.152

iptables -A input_wan -p udp --dport 2093 -j ACCEPT

iptables -t nat -A prerouting_wan -p udp --dport 2093 -j DNAT --to 10.7.55.202:2093

iptables -A forwarding_wan -p udp --dport 2093 -d 10.7.55.202 -j ACCEPT

iptables -t nat -A postrouting_wan -p udp -d 10.7.55.202 -j SNAT -dport 2093 --to-source 10.212.63.152

#EchoIRLP ╨ Kkasin 03-15-15