I have absolutely no idea if this has anything to do with your plight, but HamNet uses 172.x.x.x addresses for tunneling and I know when my tunneling became active, by default, it blocks internet bi-directional traffic across the mesh. Simply because, once the mesh grows past your little network, having 12 different internet paths can get mighty confusing! 172.x.x.x addresses are setup for VPN tunneling to remote nodes on BBHN – so far as I know.

Now that I know this isn't two nodes trying to talk to each other directly – but a chain of them with node hops in between them across multiple routers I see the same port forwarding scenario I ran into a while back. I was told, at the time, that in order to port forward from my internet router to like “node 8 “ in your scenario I would have to port forward on every router in the chain to get that traffic where it needed to go. I am not SURE this is your problem but it seems similar to a problem I had a while back.

Which is why I ended up upgrading my internet router to DDWRT so I could put a port forwarding entry using an IP address the router didn't hand out via DHCP. It allowed me to configure a 10. address several hops away on the mesh and it worked!

But first I would attack the 172.x.x.x problem and kick back to a 10. address range. I think this may be ONE problem but more knowledgeable people are out there! Don't take this as the gosphel. But you may want to leave this like they intended if you ever want to do any tunneling in the future to join a wider mesh via the Internet. There's a lot of stuff out there and it is growing every day.

Second, you may need the internet router capability that DDWRT software provides in being able to be more flexible with the port forwarding addresses... Again, I think this may be one of your problems but there are more knowledgeable people out there than I!

I have made a few mistakes and learned from them. I just try to hand that experience along... I have ended up with a LOT of stuff hanging off of my nodes, and with that comes a LOT of chances to screw stuff up! :)

But you are “This Close” (Maxwell Smart voice) to making it all work... You are DAMN close! Congrats on making it further than a LOT of folks! :)

Be sure and post your resolution so other people can learn too!

Bill – N5MBM

Bill,

Thanks for your reply! Yes, everything was working correctly until I added additional nodes into the mix and moved the node providing Internet to my EchoIRLP to the repeater site. The network is as follows:

• Node 1 is at my QTH and is the node currently configured as my mesh gateway. This node is configured as a default mesh node with the only customization being the mesh gateway. The modem providing Internet to this is an Actel Verizon Fios modem with a static IP set for DMZ for Node 1. The IP address is a 192.x.x.x . This is plugged directly to the WAN port on Node 1. Just as a test, I also tried this on at Arris cable modem set to bridge mode with the same end results.
• Nodes 2-7 are at various locations between my home, business, and repeater site. There is nothing particularly special about them and each shares some services from IP cameras, chat servers, file servers, etc. All have Internet access via Node 1. Note that I have only used this access for brief browsing or email and not anything requiring specific port forwarding.
• Node 8 is now at the repeater site providing remote control of my repeater controller from within the mesh and is where I am now attempting to provide Internet access to my EchoIRLP. This node was originally configured as a standard direct 5 host node though when the forwarding failed I reconfigured it as a NAT node and built more detailed routing tables. All outbound traffic works but inbound, other than general web browsing, fails. Because this node is now in NAT mode the IPs are in the 172.x.x.x family. I have reserved one for the EchoIRLP node for all the forwarding that is taking place. Prior to attempting the NAT solution, I had reserved in the 10.X.X.X range and done the same.

Forwarding on Node is a blend of UDP and TCP based on the info provided at the IRLP.net and Echolink.org websites. I have selected both WiFi and WAN as the source points for the forwarding. All nodes are built on the Linksys platform with all new equipment being the Ubiquiti products.

Thanks,

Keith – AI6BX

If I am getting this right, you got everything working and then moved a node to the repeater site that has an internet connection? Or are you linking out to the repeater site with only RF? I am a little confused. It sounds like you are linking everything to the repeater site via RF – correct me if I am wrong.

It sounds like you may have some port forwarding to turn on... Pay attention to TCP or UDP. Or just make it “both” and be done with it. The only one that needs the internet gateway turned on is the one in your shack. And even then, your internet router may need to have some ports forwarded on to your internet gateway mesh router address.

Think of the link as a double chain – one in one direction, the other in the other direction. If one link in that chain aint right, it won't work! But luckily you have a logical path to debug...

The WAN port wants to be plugged into some OTHER network other than the 10.x.x.x addresses your mesh uses to communicate. Be it your 192.168.x.x network or the internet. The LAN ports all want to talk to your 10.x.x.x addresses and devices. Is your EchoIRLP node on a 10.x.x.x address? Is it reserved? Do you have all the ports forwarded to it that it needs?

I'll admit, I have never done anything with IRLP – yet. I've done LOTS of other stuff though!

Just trying to ask the right questions here – I know how frustrating it can be when you are sitting there going “This SHOULD work!” but it doesn't... My racks are FULL of stuff I spent a heck of a lot of time figuring out how to forward all those ports! And I even had to UPGRADE my Internet router to be able to handle all the different ports I needed to forward for all my “stuff”... The standard Linksys didn't even come close to handling it all and I had to move up to DDWRT on it. It also allowed me to enter addresses for port forwarding that my internet router did not hand out via DHCP!

Your setup is much simpler – and I will bet that whatever is standing in your way is something simple...  There's a bunch of guys on here who have done what you are doing - it will only be a matter of time 'till one of them pipes up and maybe hands you a clue... :)  I will be interested to see what they have to say.

Bill – N5MBM

www.n5mbm.net

http://n5mbm.net:8084/cgi-bin/mesh <--- take a peek

I am currently working to utilize the broadband mesh as a conduit to take Internet service to my repeater site for my EchoIRLP node. I configured one node as a mesh gateway in direct mode. The second node is set to NAT with port forwarding to the EchoIRLP node.

With the node configured for EchoIRLP attached directly to my cable modem and set as a mesh gateway everything works great. Turning the mesh gateway off on this node and moving it to the repeater site with a link from the first node, I can still get Internet access for my web browser and the EchoIRLP allows outbound traffic but restricts inbound ports. 

If I am understanding the direct-5 host setting, the connection between the WiFi/Wan should be seamless with no fire walling. Does anyone know what I am doing wrong?

Thank you,

Keith

[Accidental Double Post]

I am having that same problem right now. I have my ham buddy who is interested in getting some nodes up but he has yet to buy any hardware to get started. So as of now I am a lone wolf. I just checked out the terrain map as well. It would definitely require a lot of planning and testing to communicate between that unforgiving terrain. I have only ever been out on the race in the middle of the night (got stuck on those shifts) and I couldn't actually make out how bad the terrain is out there.

Dylan KK6NEI

Openwrt should have a built in NTP client/server http://wiki.openwrt.org/doc/howto/ntp.client 

You could point all your nodes at an NTP server on your laptop and make sure its go the correct time.

Another option if you are handy with a soldering iron is you could connect a serial port to one of your WRT nodes and attach a gps receiver.  This could be used as an accurate time source for a local ntp server on the node. Set the rest of the nodes to use the server as their time source and you "should" have them all on the correct time.

Info on serial ports here: http://www.rwhitby.net/projects/wrt54gs

Yep - but remember, if you are using Windoze, you will have to poke a hole in the Windoze fiewall to let it accept NTP requests!

I don't know about the setting of a node up as an NTP server.  Why would you want to if it didn't have a way of getting a good time signal anyway?

But I felt the same way - I wanted my nodes times to all be correct...  There's one holdout on my network, and I am still trying to figure out why it refuses to synch up...

Bill - N5MBM

www.n5mbm.net

In my case, I never intend to connect this mesh network to the real internet.  Other computers connected to the network could setup a pointer to my laptop as the NTP server and I'm sure that would work.

My questions are:

1) Do the WRT54GLs need to know the correct time?  I suspect not.  Maybe I'm being fussy since one of the  screens shows the system time, and I want it to be correct.

2) Can the WRT54GLs be setup as NTP servers?

Thanks, and 73,

Andy KB1OIQ

If you are looking for a switch to share the single ethernet port on a Ubiquiti node so it can do both WAN and LAN then yes, a cisco switch would let you do the vlans for that. You just need to get your head round vlans & Cisco IOS. The netgear switch config details are here: http://ae5ca.com/?p=49

As Bill has said, for tunnelling you will need to look at v3.0.1 of the firmware and setup vtun. More info here: http://www.aredn.org/node/25

I am looking at the possibility of using one of my Raspberry Pi nodes or the laptop I have that thinks its a node to setup a tunnel to Bill.

Jon

@W8ISS - You are going to need a router...  Something with Vtun capability and something that can deal with different port definitions and NAT redirection.

The Ubiquiti and the linksys units kind of work like little Linux boxes all on their own.   But they don't have a lot of memory to play with.  I can't tell you too much about how the vtun works on these as I have just started tinkering with them myself.

However, it would be interesting to see if we can get the RasberryPi folks and the Linux folks to come up with a way to do all this without linksys boxes.  They work, but they aren't all that and a bag of chips...  My Ubiquiti gear responds MUCH faster and pumps more data than those little Linksys boxes can.

I am no programmer but it is easy to see that with memory constraints, features become sparse!

Bill - N5MBM

www.n5mbm.net

OK!

Would Cisco 3524xl switches work for this? Have two that I got to 'tinker' with for when I start my cisco classes next semester for my network admin degree.

Like I said previously, I still have a lot to learn and what better way for me to start putting what I am 'supposedly' learning to good use?

So what do I need to do now to start 'tunnelling' to help Bill waste more bandwitdh? :} Any documentation I can refer to here?

James W8ISS

Once you setup one of your nodes as an internet gateway, all your nodes are supposed to find the NTP servers out on the internet and will automagically set their time...

However, I setup tunneling on my little mesh...  Once I did that, nobody could find the internet based NTP servers.  So I setup all of mine to find one locally that I setup on a local PC that sees the mesh AND the internet...  I edited that file and pointed them all to one Windoze 7 box acting as a local NTP server.

All of them worked - except for ONE, and I am STILL trying to figure that one out...

Bill - N5MBM

www.n5mbm.net

Thanks Darryl! I am gonna have to find me some of those managed switches to play with the Uniquiti units... Suggestions?

Bill - N5MBM

@K3MEB – The rocket modules are designed to hook up to their 2 port diversity dual polarity antennas... So that answer to your question is NO, if you use THEIR antennas made for the units.

Bill – N5MBM

@WB6TAE – Good info to know! I wish the WRT54Gx's didn't have the Ethernet bug – I sure would like to KILL all the RF flying around my shack between 4 routers! Direct Ethernet linking isn't an option here. I tried it, and BRICKED all four routers...

Yeah, I aint doin' THAT again anytime soon!

Bill – N5MBM