|
|
AirPort Express and SSH Redux
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
Some time ago I asked how to get traffic on certain ports to forward through my AP Express.
Originally Posted by ghporter
You set fixed IPs IN THE COMPUTER. The APX (and any other DHCP server) will assign addresses to anything that requests addresses-and a computer won't do that if it has a fixed address already set.
Setting a fixed IP on the LAN client allowed me to use port forwarding correctly. That has been working like a charm for a year now. But I just noticed that the client with the fixed IP can not reach the outside world. I can log into it on the forwarded port, but I can't connect to a remote web server for example.
Here are the settings:
• AP Express set to use NAT and DHCP (10.0.1.x addresses)
• one LAN client has manual TCP settings: IP 10.0.1.250, same subnet as it had with DHCP, router IP 10.0.1.1 (the LAN IP of the AP Express)
• port forwarding set to forward 22 to 10.0.1.250
So logging in externally with ssh works as it should. But from the client you can't connect to anything outside the LAN. All the other clients using DHCP can however. I checked that 10.0.1.250 was not being used elsewhere. I must have missed something. Ideas?
(
Last edited by Simon; Nov 11, 2006 at 05:04 AM.
)
|
•
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
Could it be that I would have to set the fixed IP to something outside of the 10.0.1.x range the AP Express DHCP uses?
|
•
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Definitely set your fixed IPs outside of the DHCP pool. If there is any possible overlap that could be Bad-IP conflicts tend to be sticky when it comes to anything other than plain-jane surfing, and especially when you're dealing with any sort of secure protocol. It's also a good idea to limit your DHCP pool to prevent the odd hitchhiker on your network, so take a look at what the Admin Utility gives you in the way of controlling your DHCP range to make sure it's just big enough, and also so you know exactly what that range is.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
The Airport admin utility let's you set the range to 10.0.1.x nubmers. For the client with the fixed IP, are you suggesting I use something like 10.255.255.x instead?
|
•
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
I'm suggesting that you limit the DHCP pool to "10.0.1.1 through 10.0.1.50" and then assign your fixed IP as something ABOVE that range. I'm not sure whether the Admin Utility lets you make that particular selection easily or not, but that's what's needed to keep the fixed and automatic addresses separate.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
Umm, no, the AP admin utility lets me pick 10.0.1.1 to 10.0.1.255 so I guess the fixed IP has to be form an entirely different range. I was going to try 10.255.255.1 instead.
|
•
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
I'm digging up this old thread because in the meantime I have come up with a solution to the original problem.
In order to set the IP of an Airport client manually, you have to not only set the router IP to 10.0.1.1, but also the DNS! Once the DNS has the base station's LAN IP it works just like it should.
|
•
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Huh. That's all it took? Wow. I have my wired computers set to use my router as both gateway and DNS because it works, whether it just forwards the DNS requests to the real DNS from my ISP or does the lookup itself-I don't care. But all those headaches were over a DNS issue? I'm very surprised!
Congratulations on fixing the pain in the butt!
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
Originally Posted by ghporter
Huh. That's all it took? Wow.
Yeah, that was exactly my reaction too. I was reading some stuff on the internet about DMZs and port forwarding to LAN clients when some guy mentioned that the DNS IP should be set to the router's LAN IP when you set up a LAN client manually. So I logged in onto my manually set up Mac and set it back to what it used to be. I was able to duplicated the issue. I then added my router's LAN IP (10.0.1.1) to the DNS field and boom. Finished.
Actually, I should have noticed much earlier that it must be some kind of DNS issue. Connections from the WAN to the manually set up client always worked. It just wasn't possible to load web pages on the client. Had I tried an IP instead of something like google.com I would have noticed it's a DNS problem. And what else than the router's LAN IP could you try as a DNS IP? So yeah, I'm an idiot. I should have caught that one.
|
•
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|