From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 83CDF21F100 for ; Mon, 24 Feb 2014 02:20:48 -0800 (PST) Received: from compute4.internal (compute4.nyi.mail.srv.osa [10.202.2.44]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 2CCF720EBA; Mon, 24 Feb 2014 05:20:46 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 24 Feb 2014 05:20:46 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=imap.cc; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=hfiqgS4lZ4Q8W7QwKXugDAQb s20=; b=jamvZc4R7olUfNth+wgSctfIqjhu6RYJIvLCMdztV8fC6sag364bBI9H OpHD+b33IVlTu0CBo6I/4XjMhxfBfqNsD0JbGdBQ9UckosRQovLdZHjof1AjKSqb CpwAYkPSR8WmxQ1mwQ708Yu7yQhNP8KXP4/ScqLJz8s791TSD2o= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=hfiq gS4lZ4Q8W7QwKXugDAQbs20=; b=XdKII55A3qHAzp4pQ3W4Loi4c23ygq+jG+q/ 54kXFmONoZWNTnfAgja5kcGBgALysjMb4kSB2/84nsHVVTBTLD7dplg2212fR0Lo QpVxV34ClLtvLgKh2hprsEglwZm0J+QYap9M5znRsI25O3wZXhInzL8iQiGOnLh7 JV+hCWU= X-Sasl-enc: HscqIwfioS2CYLsKFffswDzlbhxy2P1Jg7hCMUwBSM81 1393237245 Received: from [172.30.42.8] (unknown [2.96.55.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 76DE8C007B3; Mon, 24 Feb 2014 05:20:45 -0500 (EST) Message-ID: <530B1C8C.90100@imap.cc> Date: Mon, 24 Feb 2014 10:18:52 +0000 From: Fred Stratton User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Vincent Frentzel , Sebastian Moeller , cerowrt-devel@lists.bufferbloat.net References: <20140223172140.GB24483@lists.bufferbloat.net> <530A4791.8080903@ashtonfam.org> <128185AE-918F-4944-BB45-B5D20A1AD1E5@gmx.de> In-Reply-To: Content-Type: multipart/alternative; boundary="------------040808080109080804000602" Subject: Re: [Cerowrt-devel] saner defaults for config/firewall X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 10:20:50 -0000 This is a multi-part message in MIME format. --------------040808080109080804000602 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I suggest you read the cero wiki. This details the original design decisions. On the router, ssh in, and use mtd -r erase fs_data to recover to defaults. See http://wiki.openwrt.org/doc/techref/mtd If you ever have used BB daily builds, you can type this in your sleep. On 24/02/14 10:05, Vincent Frentzel wrote: > > > > I could be totally out for lunch here, but shouldn't that > be se00 (secure ethernet) instead of eth0.1? At least on > 3.10.28-14 neuter "ifconfig" nor /etc/config/network mentions > eth0.1 at all. Could you post both of these (so the result of > calling ifconfig on a terminal on the router and the content of > /etc/config/network ;), I am sure you know what I meant, just > dying to be verbose for the sake of people stumbling over the > archive of the mailing list) > > > > Hi Sebastian, > > Understood. I will come back to you with the ifconfig. > > For info, I did try both se00 and eth0.1. The reason I stuck with > eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with > vlan enabled (eth0.1 appears in Luci in cerowrt). So in cero I just > reenabled the vlan and used a type "bridge" on the network section (I > renamed this section se99 instead of se00). > > I then added se99 it to the "lan" zone of the firewall. In the > wireless config I specified network as "se99" instead of sw10 and > sw00. I confirmed that the setup was correct in the web interface > where eth0.1 sw00 and sw10 appeared under the new bridged interface ( > there was the nice icon with the iface in brackets). > > I went on to modify the dhcp config of se00 and changed se00 > occurences for se99 and commented out entries for sw10/sw00. --> this > would give me dhcp running on my new bridge. > > After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with > interface se99. (I was expecting to see br-se99 but maybe that file is > alias aware, could be wrong here). > > After a network restart I lost connectivity on cable. Wireless was > working. > > I played a tad more and eventually lost wifi as well and had to > reflash the router via tftp/factory image (maybe there is a reset > trick you could give me to avoid this step). > > Are you running cerowrt in bridge mode? If yes could you share your > network/firewall/dhcp config? Is there another file I should have > edited and missed? > > Cheers, > V > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel --------------040808080109080804000602 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit I suggest you read the cero wiki. This details the original design decisions. On the router,

ssh in, and use

mtd -r erase fs_data

to recover to defaults. See

http://wiki.openwrt.org/doc/techref/mtd

If you ever have used  BB daily builds, you can type this in your sleep.




On 24/02/14 10:05, Vincent Frentzel wrote:



        I could be totally out for lunch here, but shouldn't that be se00 (secure ethernet) instead of eth0.1? At least on 3.10.28-14 neuter "ifconfig" nor /etc/config/network mentions eth0.1 at all. Could you post both of these (so the result of calling ifconfig on a terminal on the router and the content of /etc/config/network ;), I am sure you know what I meant, just dying to be verbose for the sake of people stumbling over the archive of the mailing list)


Hi Sebastian,

Understood. I will come back to you with the ifconfig.

For info, I did try both se00 and eth0.1. The reason I stuck with eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So in cero I just reenabled the vlan and used a type "bridge" on the network section (I renamed this section se99 instead of se00).

I then added se99 it to the "lan" zone of the firewall. In the wireless config I specified network as "se99" instead of sw10 and sw00. I confirmed that the setup was correct in the web interface where eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was the nice icon with the iface in brackets).

I went on to modify the dhcp config of se00 and changed se00 occurences for se99 and commented out entries for sw10/sw00. --> this would give me dhcp running on my new bridge.

After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I was expecting to see br-se99 but maybe that file is alias aware, could be wrong here).

After a network restart I lost connectivity on cable. Wireless was working.

I played a tad more and eventually lost wifi as well and had to reflash the router via tftp/factory image (maybe there is a reset trick you could give me to avoid this step).

Are you running cerowrt in bridge mode? If yes could you share your network/firewall/dhcp config? Is there another file I should have edited and missed?

Cheers,
V


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--------------040808080109080804000602--