From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from complete.lackof.org (complete.lackof.org [198.49.126.79]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.lackof.org", Issuer "CAcert Class 3 Root" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 8DF1821F3B0 for ; Sat, 4 Oct 2014 19:07:51 -0700 (PDT) Received: from taggart.lackof.org (c-98-203-137-247.hsd1.wa.comcast.net [98.203.137.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "taggart.lackof.org", Issuer "CAcert Class 3 Root" (verified OK)) by complete.lackof.org (Postfix) with ESMTPS id 12C3333E00CE for ; Sat, 4 Oct 2014 20:07:49 -0600 (MDT) Received: by taggart.lackof.org (Postfix, from userid 1000) id 63A5F1B1; Sat, 4 Oct 2014 19:07:48 -0700 (PDT) Received: from zorak.home.bogus (localhost [127.0.0.1]) by taggart.lackof.org (Postfix) with ESMTP id 62AC8A7 for ; Sat, 4 Oct 2014 19:07:48 -0700 (PDT) X-Mailer: exmh version 2.8.0 04/21/2012 (debian 1:2.8.0~rc1-2) with nmh-1.5 From: Matt Taggart To: cerowrt-devel@lists.bufferbloat.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 04 Oct 2014 19:07:48 -0700 Message-Id: <20141005020748.63A5F1B1@taggart.lackof.org> X-Virus-Scanned: clamav-milter 0.98.1 at complete.lackof.org X-Virus-Status: Clean X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on complete.lackof.org Subject: [Cerowrt-devel] default zones including interfaces and babel X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2014 02:08:19 -0000 Hi cerowrt-devel, In a default 3.10.50-1 install on the Network->Firewall->General settings page, there are some default zones for wan, lan, guest. They don't appear to have any interfaces assigned to them, I am guessing the intent is: ge00: wired wan port, should be 'wan' zone gw00, gw10: guest 2.4/5 wireless, should be 'guest' zone se00: wired switch ports, should be 'lan' zone sw00, sw10: secure 2.4/5 wireless, ? zone gw01, gw11: babel 2.4/5 wireless, ? zone 0) shouldn't the interfaces be assigned to zones? 1) If the intent is that se00, sw00, sw10 can all communicate freely, maybe the zone name should be 'private' or 'secure' (rather than 'lan') and they should all be part of that? 2) What zone should the babel devices be in, what do they need to be able to do? This is maybe a good segway into some other questions I have: * is there a good description of how the babel stuff works? I found this http://www.bufferbloat.net/projects/cerowrt/wiki/Mesh which explains configuring, but I guess I would like something like a walk through of how a wireless client connects to an interior router and how things make it to the internet and back. * if I need to secure both my guest wireless and secure wireless networks, what does that mean for security of the babel networks and what (if anything) stops someone from using them? given that I haven't set credentials anywhere on the routers to make it work, I am guessing nothing. I think the last time I wirelessly connected two routers it was using the old Linksys WDS and it used credentials somehow... Thanks, -- Matt Taggart matt@lackof.org