Both Nodes are v1's with Node Type set to Mesh Node

N9MXQ-1 setup as a Mesh Gateway with Internet access plugged into the WAN port.. (no ports forwarded, IRC installed and running)

N9MXQ Laptop plugged in to a LAN port with it's built in WIFI off so the only path to the Interweb is via the MESH.

Is it now normal for the web to be accessible via the remote node?

I have unchecked the Mesh Gateway on N9MXQ-1 until I can sort this out.. I know I'm the only Mesher in my area, but why take chances...

'Mesh gateway" controls whether the WAN (internet) port is accessible to other mesh nodes.   The LAN ports on an individual mesh node will have access to the internet, no matter whether mesh gateway is checked or not.

I think you have to reboot the router for "mesh gateway" to take effect when you turn it on, but I don't think you have to reboot to turn it off.  Check for yourself, though.

Edit: Reboot is required in all cases.

i.e. turn off "mesh gateway" and (maybe) reboot if you don't want other mesh nodes to have access to the internet through your internet connection. 

The above assumes the WAN port is hooked to the internet.

There are basically three "networks" as seen by the router. Routing is different for each combination.

1) Wired WAN "internet" port.

2) Wired LAN port.

3) Wireless MESH connection. 

Maybe I'm still misunderstanding you.  

That sounds like the way it always worked, even on 0.4.3.   Plug one mesh node into the internet on the WAN port, turn on mesh gateway, and every node or PC connected to other mesh nodes can access the internet.

Is it now normal for the web to be accessible via the remote node?

By checking Mesh Gateway, you allow all other mesh nodes in the network to connect to the internet through that node that is plugged into the internet (through the WAN port) with Mesh Gateway checked. That's part of the normal operation.

But I didn't think I had any connectivity without port forwarding

That is correct. Before v1.0.0, you had to do some port forwarding for devices plugged into the LAN of the mesh node before you could connect to them or have them connect to something located somewhere else. Also, by checking Mesh Gateway, connected devices could have the internet made available to them. However, you had to forward ports for devices to be able to use the internet on those additional ports.

With v1.0.0, that is no longer the case with the new default mode being 5 Host Direct. In this mode, you can do nothing and it will talk across the LAN and WAN (if Mesh Gateway is checked on the node plugged into the internet), and/or you only need to link/host a service in order to see the device and advertise the service to the mesh network.

On 0.4.3, the LAN ports on the router were in "NAT" mode by default. 

In NAT (Network Address Translation) mode, devices on the LAN port get a "bogus" local (to the router) IP address that is not visible or accessible to devices on the mesh.  If you want a device on the LAN to be accessible to other mesh nodes or devices, you have to do port forwarding.  Without port forwarding, in NAT mode, devices plugged into your mesh node will only be visible to other devices plugged into the LAN on the same mesh node.

V 1.0.0 routers are in "Direct" mode by default.   Devices on the LAN port get an IP address that is visible to anything on the mesh. 

In general, you don't need to port forward on V 1.0.0.  Devices on the LAN ports are visible to the entire mesh. 

Note that devices on the LAN port can always see any devices that are "visible" on the mesh.  That's true whether you're on 0.4.3, 1.0.0, NAT, or direct mode.  The big difference is whether devices plugged into a LAN port are "visible" to other mesh nodes. 

Now for the extra confusion factors. 

A v1.0.0 mesh node can have its LAN port set to NAT mode and it will work like a 0.4.3 mode in terms of other devices accessing devices on the LAN port.   In NAT mode, port forwarding would be necessary if you want to run a server of some kind on a computer on the LAN port.

If you have devices plugged into a mesh node that you don't want to be accessible to others on the mesh, set the mesh node to "NAT" mode.

V 0.4.3 mesh nodes had a "DMZ" mode for the LAN.  I think this is like "Direct mode," to some extent at least.

All connections to the "internet" are NATed.  You can port forward from the "internet" (WAN) port to the wired LAN.  Port forwarding from internet to the mesh is NOT supported.

Also, the LAN can always "see" the network that the WAN port is connected to, even if "mesh gateway" is turned off.

Are you trying to make internet available to the mesh or are you trying to make sure no one can use your internet connection?  

If you plug the internet into the WAN port of a mesh node router and turn off "Mesh Gateway" on that mesh node, internet will NOT be available to any other mesh node.  Internet will only be available only on the wired LAN ports of that router.

If you turn on "Mesh Gateway," the internet will be available on every mesh node and on every LAN port of every mesh node.

I want to supply internet to the Mesh, it just caught me by surprise that it was wide open right off with no intervention on my part..

And since I own the only two nodes in radio range, I don't have to worry about what is going thru the mesh...hehe

I forget.  Does a freshly flashed router come up with Mesh Gateway enabled, or did you have to turn it on yourself?

You have to turn it on yourself.

I know this is an old thread but the discussion is one I am dealing with right now and trying to understand the mechanics of how it works.  What exactly happens "behind the scenes" when the "Gateway" box is checked, this is to say, how does the routing change across the mesh to route other remote mesh notes to the Internet connection on the router that has "Gateway" checked?  I've looked at the route tables in all of my mesh nodes and I see no changes in the routing that would tell those remote mesh nodes to route a call to www.google.com, for instance, across the mesh to the one node that has an Internet connection on its WAN and has the Gateway checked?  What exactly is the man behind the curtain doing on the Internet-connected mesh router to propagate it's Internet connection to the rest of the mesh?  I'm trying to fully understand how the routing changes when that is checked as I am trying to build a non-Internet Internet...I want to place a "fake" Internet on the WAN port of the one router with Gateway checked to do some testing.  So far it isn't working for me so I am clearly missing something in how the routing changes across the mesh when that magic "Gateway" box is checked.  Thanks.

73, Bill, N4SV

It would be best to open a new thread instead of reviving one that has been closed for a year, especially since the thread is a different topic.

It helps with avoiding sending notices to users whom do not need to see them and allows for better viewing in the forum.