From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id A131321F1DB for ; Mon, 24 Feb 2014 04:47:50 -0800 (PST) Received: from compute1.internal (compute1.nyi.mail.srv.osa [10.202.2.41]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 7D5BC208DD; Mon, 24 Feb 2014 07:47:49 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute1.internal (MEProxy); Mon, 24 Feb 2014 07:47:49 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=imap.cc; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type; s=mesmtp; bh=aUBQMx/Wq+J23x9hZ9C1RE75 qJM=; b=YAj7zG1WOO7L7f6JF97TPYbgv9NbkxGGFWsk/XwdXGYaxama2nMxZYkE FQcV3z6Kgg77RAIhSiQqhyM1uZq3GXLi5L/WJyebqWmAk+y+Q4fqRH26vxi8upCk eGZOR/hEl09DHymoPt3jWTLRxjZsHspU0MdcPxADfJYL17gNk+M= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type; s=smtpout; bh=aUBQ Mx/Wq+J23x9hZ9C1RE75qJM=; b=VDKQxmwAnfHOunqlcxqn2CvUP81gzNXbSlXF A/LE9ikLv8IqVf4MNYveBxD7tc75GOk0W5Xi7sYjxGICkcOKDF2b2c3ObXXuWoeQ gTuWgWt2no6yWli7feXUNF5H4+XomfiWLs3VevHj5ImNBz7ROVZ5d4hpoxTj6E0R C/+FSjk= X-Sasl-enc: 97UxN6XZR16cVnpMfbkohrd1C5VzezzPVrdPSiKeazpz 1393246069 Received: from [172.30.42.8] (unknown [2.96.55.93]) by mail.messagingengine.com (Postfix) with ESMTPA id A85E0C007AA; Mon, 24 Feb 2014 07:47:48 -0500 (EST) Message-ID: <530B3F03.4010208@imap.cc> Date: Mon, 24 Feb 2014 12:45:55 +0000 From: Fred Stratton User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Vincent Frentzel , Sebastian Moeller , cerowrt-devel@lists.bufferbloat.net References: <20140223172140.GB24483@lists.bufferbloat.net> <530A4791.8080903@ashtonfam.org> <128185AE-918F-4944-BB45-B5D20A1AD1E5@gmx.de> <530B1C8C.90100@imap.cc> <530B2703.3000505@imap.cc> In-Reply-To: Content-Type: multipart/alternative; boundary="------------060303020808030904090904" Subject: Re: [Cerowrt-devel] saner defaults for config/firewall X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 12:47:51 -0000 This is a multi-part message in MIME format. --------------060303020808030904090904 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit There are no button presses to bring the box back, as you can with some TP-Link routers. You could use a serial lead if you opened the case. No one has mentioned trying this with cero on the list. So far, all bridging attempts with cero have been unproductive. However sound the theoretical approach, they have not worked in practice. As you would expect, subnetting a /48 works. DT has got subnetting working with a /60 in the last 2 weeks. That is the current state of play. 6relayd on OpenWRT is very difficult to configure. dnsmasq tends to be simpler. Perhaps Kelley has something to say about configuration with, say, a /64 provided by free.fr I know of only one ISP which provides a /48 to customers. On 24/02/14 11:35, Vincent Frentzel wrote: > I am familiar with that command :) Was wondering if there was > something I could do when I cannot ssh into the router. As mentioned > above, when trying to configure the bridge I hit a point where I could > nt get in the router anymore. > > I understand the design decisions of the project and far from me the > idea of challenging them :) I was simply trying to provide an > alternative config with a standard bridge ethernet + wifi for > reference. I believe that in the case mentioned by Sebastian > (multiple, mobile, devices accessing resources across segments) > bridging is a simple way forward. > > In my particular case, correct route propagation is a problem on IPV6 > (im not running babel) and I have only 2 wifi clients... Bridging has > never shown any perf issues in the past so I 'd like to switch back to > this simpler setup. I can picture that this might not fit the bill for > more intensive use cases. > > > On Mon, Feb 24, 2014 at 12:03 PM, Fred Stratton > wrote: > > So much for memory > > mtd -r erase rootfs_data > > is the correct invocation. > > > > On 24/02/14 10:18, Fred Stratton wrote: >> I suggest you read the cero wiki. This details the original >> design decisions. On the router, >> >> ssh in, and use >> >> mtd -r erase fs_data >> >> to recover to defaults. See >> >> http://wiki.openwrt.org/doc/techref/mtd >> >> If you ever have used BB daily builds, you can type this in your >> sleep. >> >> >> >> >> On 24/02/14 10:05, Vincent Frentzel wrote: >>> >>> >>> >>> I could be totally out for lunch here, but shouldn't >>> that be se00 (secure ethernet) instead of eth0.1? At least >>> on 3.10.28-14 neuter "ifconfig" nor >>> /etc/config/network mentions eth0.1 at all. Could you post >>> both of these (so the result of calling ifconfig on a >>> terminal on the router and the content of >>> /etc/config/network ;), I am sure you know what I meant, >>> just dying to be verbose for the sake of people stumbling >>> over the archive of the mailing list) >>> >>> >>> >>> Hi Sebastian, >>> >>> Understood. I will come back to you with the ifconfig. >>> >>> For info, I did try both se00 and eth0.1. The reason I stuck >>> with eth0.1 was that barrier breaker usually uses eth0.1 for >>> br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So >>> in cero I just reenabled the vlan and used a type "bridge" on >>> the network section (I renamed this section se99 instead of se00). >>> >>> I then added se99 it to the "lan" zone of the firewall. In the >>> wireless config I specified network as "se99" instead of sw10 >>> and sw00. I confirmed that the setup was correct in the web >>> interface where eth0.1 sw00 and sw10 appeared under the new >>> bridged interface ( there was the nice icon with the iface in >>> brackets). >>> >>> I went on to modify the dhcp config of se00 and changed se00 >>> occurences for se99 and commented out entries for sw10/sw00. --> >>> this would give me dhcp running on my new bridge. >>> >>> After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line >>> with interface se99. (I was expecting to see br-se99 but maybe >>> that file is alias aware, could be wrong here). >>> >>> After a network restart I lost connectivity on cable. Wireless >>> was working. >>> >>> I played a tad more and eventually lost wifi as well and had to >>> reflash the router via tftp/factory image (maybe there is a >>> reset trick you could give me to avoid this step). >>> >>> Are you running cerowrt in bridge mode? If yes could you share >>> your network/firewall/dhcp config? Is there another file I >>> should have edited and missed? >>> >>> Cheers, >>> V >>> >>> >>> _______________________________________________ >>> Cerowrt-devel mailing list >>> Cerowrt-devel@lists.bufferbloat.net >>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > --------------060303020808030904090904 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit There are no button presses to bring the box back, as you can with some TP-Link routers.

You could use a serial lead if you opened the case. No one has mentioned trying this with cero on the list.

So far, all bridging attempts with cero have been unproductive. However sound the theoretical approach, they have not worked in practice.

As you would expect, subnetting a /48 works. DT has got subnetting working with a /60 in the last 2 weeks.

That is the current state of play.

6relayd  on OpenWRT is very difficult to configure. dnsmasq tends to be simpler.

Perhaps Kelley has something to say about configuration with, say, a /64 provided by free.fr

I know of only one ISP which provides a /48 to customers.



On 24/02/14 11:35, Vincent Frentzel wrote:
I am familiar with that command :) Was wondering if there was something I could do when I cannot ssh into the router. As mentioned above, when trying to configure the bridge I hit a point where I could nt get in the router anymore.

I understand the design decisions of the project and far from me the idea of challenging them :) I was simply trying to provide an alternative config with a standard bridge ethernet + wifi for reference. I believe that in the case mentioned by Sebastian (multiple, mobile, devices accessing resources across segments) bridging is a simple way forward.

In my particular case, correct route propagation is a problem on IPV6 (im not running babel) and I have only 2 wifi clients... Bridging has never shown any perf issues in the past so I 'd like to switch back to this simpler setup. I can picture that this might not fit the bill for more intensive use cases.


On Mon, Feb 24, 2014 at 12:03 PM, Fred Stratton <fredstratton@imap.cc> wrote:
So much for memory

mtd -r erase rootfs_data

is the correct invocation.



On 24/02/14 10:18, Fred Stratton wrote:
I suggest you read the cero wiki. This details the original design decisions. On the router,

ssh in, and use

mtd -r erase fs_data

to recover to defaults. See

http://wiki.openwrt.org/doc/techref/mtd

If you ever have used  BB daily builds, you can type this in your sleep.




On 24/02/14 10:05, Vincent Frentzel wrote:



        I could be totally out for lunch here, but shouldn't that be se00 (secure ethernet) instead of eth0.1? At least on 3.10.28-14 neuter "ifconfig" nor /etc/config/network mentions eth0.1 at all. Could you post both of these (so the result of calling ifconfig on a terminal on the router and the content of /etc/config/network ;), I am sure you know what I meant, just dying to be verbose for the sake of people stumbling over the archive of the mailing list)


Hi Sebastian,

Understood. I will come back to you with the ifconfig.

For info, I did try both se00 and eth0.1. The reason I stuck with eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So in cero I just reenabled the vlan and used a type "bridge" on the network section (I renamed this section se99 instead of se00).

I then added se99 it to the "lan" zone of the firewall. In the wireless config I specified network as "se99" instead of sw10 and sw00. I confirmed that the setup was correct in the web interface where eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was the nice icon with the iface in brackets).

I went on to modify the dhcp config of se00 and changed se00 occurences for se99 and commented out entries for sw10/sw00. --> this would give me dhcp running on my new bridge.

After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I was expecting to see br-se99 but maybe that file is alias aware, could be wrong here).

After a network restart I lost connectivity on cable. Wireless was working.

I played a tad more and eventually lost wifi as well and had to reflash the router via tftp/factory image (maybe there is a reset trick you could give me to avoid this step).

Are you running cerowrt in bridge mode? If yes could you share your network/firewall/dhcp config? Is there another file I should have edited and missed?

Cheers,
V


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel




_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel



--------------060303020808030904090904--