From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dave.taht@gmail.com>
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com
	[IPv6:2607:f8b0:4003:c06::232])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 8BDD121F3AF
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 31 Aug 2014 08:33:47 -0700 (PDT)
Received: by mail-oi0-f50.google.com with SMTP id u20so2902740oif.9
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 31 Aug 2014 08:33:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type;
	bh=3FC8/+mHqLAPKn5+ss5Ggduf5M11bV4qkcCPdG0uBh0=;
	b=ayA4N9ubsQyxGMz8vPRhgFkT2KiXCba0ylYkAYkqmZvNZ7zKssRIK9Cyz3r2EGHI0h
	8TzSd8QopyrmzMK+figL0k3t85Vj6yOTwx1zViWOB+hzxF7ZU//c3tp4H6toI54ygM3v
	TISbbpl9oZqGEXbggKZT4zdQnXIx0sHdW5v07r0FGpHtAhzZo3DDkR+sNL5pKpvLbKcH
	yf6eCRE0RBTIZULzXRcnYwIhIagBtlwIRyIa1QFvr183+DIVoNmkumvikRzhnnNgxax/
	Etacq+4TdBUocl/ExeFxZQSV59EcokqHO4G1Qt7rzXuDJ6CTZbURTHyJH64KVSuccFb1
	SlaA==
MIME-Version: 1.0
X-Received: by 10.202.190.84 with SMTP id o81mr21942oif.105.1409499226546;
	Sun, 31 Aug 2014 08:33:46 -0700 (PDT)
Received: by 10.202.227.76 with HTTP; Sun, 31 Aug 2014 08:33:46 -0700 (PDT)
Received: by 10.202.227.76 with HTTP; Sun, 31 Aug 2014 08:33:46 -0700 (PDT)
In-Reply-To: <CAKiAkGT2K6gm7YN9tM8_o-fMCEfCPzDw0kRXcHsYjY5iAjg0Ew@mail.gmail.com>
References: <CAKiAkGT2K6gm7YN9tM8_o-fMCEfCPzDw0kRXcHsYjY5iAjg0Ew@mail.gmail.com>
Date: Sun, 31 Aug 2014 08:33:46 -0700
Message-ID: <CAA93jw68b8McLEPSWQ1U-96Vw8Pjcjp1j1yFuOZjfdShuTjsnQ@mail.gmail.com>
From: Dave Taht <dave.taht@gmail.com>
To: =?UTF-8?Q?Joel_Wir=C4=81mu_Pauling?= <joel@aenertia.net>
Content-Type: multipart/alternative; boundary=001a113ddda4b5ae490501ee9cbc
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Bug in Toronto release
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 31 Aug 2014 15:33:47 -0000

--001a113ddda4b5ae490501ee9cbc
Content-Type: text/plain; charset=UTF-8

It doesn't show in the gui but we use a pattern match to put stuff in zones.

Gw+ matches all the guest wireless interfaces and lives in the guest zone
with limited access to the other zones.
Hi all,

I just spent an hour scratching my head.

I have a fairly easy setup, a vpn a 6in4 tun devices and seperated
networks for 2.4 5 and wired networks.

I just flashed the toronto released. And everything seemed to be
working, but I kept getting connection refused for non http(s) and DNS
.

After poking iptables with explicit rules etc.

I released that for some reason the SE00 and GW01 devices etc are not
in the LAN firewall zone by default. Having no zone means certain
white-listed things in the WAN firewall zone were allowed through
(useful services).

Someone might want to patch the configs so others don't encounter the
same config bug.

-Joel
@aenertia
http://gplus.to/aenertia
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--001a113ddda4b5ae490501ee9cbc
Content-Type: text/html; charset=UTF-8

<p dir="ltr">It doesn&#39;t show in the gui but we use a pattern match to put stuff in zones.</p>
<p dir="ltr">Gw+ matches all the guest wireless interfaces and lives in the guest zone with limited access to the other zones.</p>
<div class="gmail_quot&lt;blockquote class=" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>
<br>
I just spent an hour scratching my head.<br>
<br>
I have a fairly easy setup, a vpn a 6in4 tun devices and seperated<br>
networks for 2.4 5 and wired networks.<br>
<br>
I just flashed the toronto released. And everything seemed to be<br>
working, but I kept getting connection refused for non http(s) and DNS<br>
.<br>
<br>
After poking iptables with explicit rules etc.<br>
<br>
I released that for some reason the SE00 and GW01 devices etc are not<br>
in the LAN firewall zone by default. Having no zone means certain<br>
white-listed things in the WAN firewall zone were allowed through<br>
(useful services).<br>
<br>
Someone might want to patch the configs so others don&#39;t encounter the<br>
same config bug.<br>
<br>
-Joel<br>
@aenertia<br>
<a href="http://gplus.to/aenertia" target="_blank">http://gplus.to/aenertia</a><br>
_______________________________________________<br>
Cerowrt-devel mailing list<br>
<a href="mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.bufferbloat.net</a><br>
<a href="https://lists.bufferbloat.net/listinfo/cerowrt-devel" target="_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
</div>

--001a113ddda4b5ae490501ee9cbc--