[Cerowrt-devel] Isn't right with the configuration script

Development issues regarding the cerowrt test router project
 help / color / mirror / Atom feed

* [Cerowrt-devel] Isn't right with the configuration script
@ 2014-09-22 23:51 Eric S. Johansson
  2014-09-23 10:56 ` Rich Brown
  0 siblings, 1 reply; 3+ messages in thread
From: Eric S. Johansson @ 2014-09-22 23:51 UTC (permalink / raw)
  To: cerowrt-devel

I changed the internal subnet and it looks like everything changes 
correctly but what happens is the interface comes up and I can ping it. 
I see IPv6 traffic coming from it (I believe) but there's no IPv4 
response .I should see if I can set up my Linux machine as IPv6 and see 
if I can access any of the services there. IPv6 is new terrain for me so 
helpful pointers would be quite welcome.

I would also appreciate any pointers to documentation explaining why all 
the little subnets and why so many network interfaces.

My goal in this reconfiguration is to create a /24 subnet and give all 
the interfaces ethernet, Wi-Fi access to the subnet. I'm also going to 
put in a VPN so that outside consultants can have access to the subnet.

I think I can improve the configuration script so that it can "fix" what 
is breaking the IPv4 services and hopefully, increase flexibility. I 
would like to be able to change the entire network configuration for 
different subnet sizes etc. but in order to do that, I will need a much 
better understanding of what the network architecture is supposed to be.

I would also like to fix the configuration script so that you don't need 
to know the starting IP address/network. I should be able to just change 
the desired IP address and rerun the script and have it work. Again, 
with the knowledge, I'm going to put in the effort to make this happen.

For some reason, every time I work on a firewall project, I get stuck 
with IP address management. :-)

--- eric

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Cerowrt-devel] Isn't right with the configuration script
  2014-09-22 23:51 [Cerowrt-devel] Isn't right with the configuration script Eric S. Johansson
@ 2014-09-23 10:56 ` Rich Brown
  2014-09-23 23:03   ` Eric S. Johansson
  0 siblings, 1 reply; 3+ messages in thread
From: Rich Brown @ 2014-09-23 10:56 UTC (permalink / raw)
  To: Eric S. Johansson; +Cc: cerowrt-devel

[-- Attachment #1: Type: text/plain, Size: 2061 bytes --]

Hi Eric,

> I changed the internal subnet and it looks like everything changes correctly but what happens is the interface comes up and I can ping it. I see IPv6 traffic coming from it (I believe) but there's no IPv4 response .I should see if I can set up my Linux machine as IPv6 and see if I can access any of the services there. IPv6 is new terrain for me so helpful pointers would be quite welcome.
> 
> I would also appreciate any pointers to documentation explaining why all the little subnets and why so many network interfaces.

This is mostly to isolate various kinds of traffic so the slowest (2.4GHz abg) doesn't interfere with 5GHz wireless or 100mbps Ethernet. There's more info at:

http://www.bufferbloat.net/projects/cerowrt/wiki/Default_network_numbering and
http://www.bufferbloat.net/projects/cerowrt/wiki/Changing_your_cerowrt_ip_addresses

Rich

> My goal in this reconfiguration is to create a /24 subnet and give all the interfaces ethernet, Wi-Fi access to the subnet. I'm also going to put in a VPN so that outside consultants can have access to the subnet.
> 
> I think I can improve the configuration script so that it can "fix" what is breaking the IPv4 services and hopefully, increase flexibility. I would like to be able to change the entire network configuration for different subnet sizes etc. but in order to do that, I will need a much better understanding of what the network architecture is supposed to be.
> 
> I would also like to fix the configuration script so that you don't need to know the starting IP address/network. I should be able to just change the desired IP address and rerun the script and have it work. Again, with the knowledge, I'm going to put in the effort to make this happen.
> 
> For some reason, every time I work on a firewall project, I get stuck with IP address management. :-)
> 
> --- eric
> 
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel


[-- Attachment #2: Message signed with OpenPGP using GPGMail --]
[-- Type: application/pgp-signature, Size: 496 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Cerowrt-devel] Isn't right with the configuration script
  2014-09-23 10:56 ` Rich Brown
@ 2014-09-23 23:03   ` Eric S. Johansson
  0 siblings, 0 replies; 3+ messages in thread
From: Eric S. Johansson @ 2014-09-23 23:03 UTC (permalink / raw)
  To: Rich Brown; +Cc: cerowrt-devel


On 9/23/2014 6:56 AM, Rich Brown wrote:
> Hi Eric,
>
>> I changed the internal subnet and it looks like everything changes correctly but what happens is the interface comes up and I can ping it. I see IPv6 traffic coming from it (I believe) but there's no IPv4 response .I should see if I can set up my Linux machine as IPv6 and see if I can access any of the services there. IPv6 is new terrain for me so helpful pointers would be quite welcome.
>>
>> I would also appreciate any pointers to documentation explaining why all the little subnets and why so many network interfaces.
> This is mostly to isolate various kinds of traffic so the slowest (2.4GHz abg) doesn't interfere with 5GHz wireless or 100mbps Ethernet. There's more info at:

make more sense.  on my "stock" cerowrt box my My routing table looks 
like below. I don't get the line for 172.3.42.0/24 with the flag of '1' 
and an asterisk for the interface.

root@mars:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         73.38.246.1     0.0.0.0         UG        0 0          0 
ge00
73.38.246.0     0.0.0.0         255.255.254.0   U         0 0          0 
ge00
172.30.42.0     0.0.0.0         255.255.255.224 U         0 0          0 
se00
172.30.42.0     0.0.0.0         255.255.255.0   !         0 0          0 *
172.30.42.64    0.0.0.0         255.255.255.224 U         0 0          0 
sw00
172.30.42.96    0.0.0.0         255.255.255.224 U         0 0          0 
sw10
root@mars:~#

When I turn on the VPN, I get:

root@mars:~# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
0.0.0.0         73.38.246.1     0.0.0.0         UG        0 0          0 
ge00
10.42.66.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.1.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.2.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.3.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.4.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.5.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.6.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.7.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.8.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.9.0       10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.10.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.11.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.12.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.13.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.14.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.43.15.0      10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.199.188.0    10.199.188.193  255.255.255.0   UG        0 0          0 
tun0
10.199.188.193  0.0.0.0         255.255.255.255 UH        0 0          0 
tun0
73.38.246.0     0.0.0.0         255.255.254.0   U         0 0          0 
ge00
172.30.42.0     0.0.0.0         255.255.255.224 U         0 0          0 
se00
172.30.42.0     0.0.0.0         255.255.255.0   !         0 0          0 *
172.30.42.64    0.0.0.0         255.255.255.224 U         0 0          0 
sw00
172.30.42.96    0.0.0.0         255.255.255.224 U         0 0          0 
sw10
192.168.9.0     10.199.188.193  255.255.255.0   UG        0 0          0 
tun0


Yes, my work network has lots and lots of test subnets.

Since I can hit any of my work networks from the 3800 but not from my 
lan, I suspect I'm missing some firewall rules.

one important question: Is there a way to define a named constant or 
indirect reference to value in UCI instead of the literal.

dhcp:           option ip '172.30.42.1'
network:        option 'ipaddr' '172.30.42.1'

becomes
dhcp:           option ip @internal_gateway
network:        option 'ipaddr' @internal_gateway

and internal_gateway is defined on one place


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-09-23 23:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-22 23:51 [Cerowrt-devel] Isn't right with the configuration script Eric S. Johansson
2014-09-23 10:56 ` Rich Brown
2014-09-23 23:03   ` Eric S. Johansson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox