From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com [209.85.212.169]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 84956200994 for ; Thu, 21 Jun 2012 15:21:08 -0700 (PDT) Received: by wibhn14 with SMTP id hn14so185342wib.4 for ; Thu, 21 Jun 2012 15:21:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Tnlu5OAGrnJcWHFJWQefP1MbVCfWqt+x2GmUNcNhKjE=; b=lzI1D8dyW/pseKfpSC9VSbYO5QCTnGMGgb9CLbZ+8Wc95bLqojEKe6WJ5YRsbtD5U0 66JXdeYrOlOrPruph5KyQ9cm9mUL3Co7ebGS6nJFOBMgSjrLaHfLoTtVpF5uXpab/KQu igHU4WQ9+xQmXTrxmlx/oJg5RW1j/VmvJhzny0z2dCWJ9PV6F7RxMjAFTOgKXHNPidL9 ngmsZRQOnY88TZuvbKrPGnmqX+ZEkNvoYBJ2pM8/yOhozHimyX3tD7ESQkpmeeqZ6dob YquiPRpFpZeDiocf7UUDtkTCmjzQ0gF0KIgHUVqiHdT3BobA9PeVhrZMhtlzRsWCKUam B/Rw== MIME-Version: 1.0 Received: by 10.216.202.22 with SMTP id c22mr12258643weo.10.1340317260127; Thu, 21 Jun 2012 15:21:00 -0700 (PDT) Received: by 10.223.103.199 with HTTP; Thu, 21 Jun 2012 15:21:00 -0700 (PDT) In-Reply-To: <13687.1340311380@marajade.sandelman.ca> References: <13687.1340311380@marajade.sandelman.ca> Date: Thu, 21 Jun 2012 18:21:00 -0400 Message-ID: From: Dave Taht To: Michael Richardson Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] slowly moving to deploy 3.3.8-6 X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2012 22:21:10 -0000 Comments: 1) we have a fq_codel enabled build for ubuntu 12.4 contributed by kamal mostafa on: https://launchpad.net/~kamalmostafa/+archive/bufferbloat Haven't been successful at building kernels for prior versions. As for wireless, YMMV. 2) There are multiple things about vlan behavior in cerowrt and with AQMs that you could explore. I'm not really sure if the default cerowrt ifconfig script is going to work right on multiple vlans. (see /etc/hotplug.d/iface/00-debloat) for one thing. 3) if you enable the vlan on the switch, each port can indeed be a different network. 4) My intent with the se00 and ge00 naming scheme was to come up with a clean way to write difficult firewall rules, using a "s+" or "g+" pattern match, rather than having to write O(network interface) rules. http://www.bufferbloat.net/projects/cerowrt/wiki/Device_naming_scheme This concept doesn't play well with the conventional vlan se00.XXX naming scheme but I do note that names can be changed on creation to match some sort of guest/secure split while preserving the capability for + semantics. That said, the default openwrt firewall (as cerowall is unfinished) doesn't use +, uses .XXX, and YMMV. 5) it sounds like you already did this... but the ge00 port has mss-clamping and nat turned on in /etc/config/firewall, you want those off - and if you want multicast dns to work across that interface, you need to allow ge00 to also broadcast mdns, so that's a line removed from /etc/avaha/* (do not allow more than than two of these to exist) Delighted you are making progress with a real world and wife-compatible installation. Are you using qos-scripts or the simple_qos script yet? On Thu, Jun 21, 2012 at 4:43 PM, Michael Richardson wrot= e: > > After our brief G+ Hangout, I hooked a 100Mb/s switch between my 3800 > running CeroWRT and my 24-port Cisco 203 "SOHO" switch. > Then I got layer-2 LINK, and low and behold things worked. > > My network currently looks like this in ASCII art: > > =A0 =A0 =A0| > =A0 =A0 =A0R-X > =A0 =A0 / \ > =A0 =A0| =A0 \ > =A0 =A0| =A0 =A0\ > =A0trusted =A0service > =A0 =A0| =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 wife > =A0me + =A0 =A0 |-wrt54gl<~~wireless~~>--+---+- > =A0 =A0| =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 wi= i > =A0.. + =A0 =A0 +-mail > =A0 =A0 =A0 =A0 =A0| > =A0 =A0 =A0 =A0 =A0+-www > > (X- dead, no longer used) > (R- NetBSD 5.0 machine, PII-400. upgraded to fanless low power PIII-600, > =A0 =A0which died, so back to PII-400) > wrt54gl is running kamizake, is in living room. > > > > =A0 =A0 =A0| > =A0 =A0 =A0R- > =A0 =A0 / \ > =A0(1| =A0 \2) > =A0 =A0| =A0 =A0\ > =A0trusted =A0service > =A0 =A0| =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 wife > =A0me + =A0 =A0 |-wrt54gl<~~wireless~~>--+---+- > =A0 =A0| =A0 =A0 | =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 wi= i > =A0 =A0+ =A0 =A0 +-mail > =A0 =A0|-38--| > =A0 =A0 =A0 =A0 =A0+-www > > > The Netgear 3800 is inserted between trusted and service right now. > So it's upstream is my trusted network, and downstream is my service > network, and current wireless. > > From some emails and IRC, I understood that I would not be able to > split the LAN ports on the 3800 into seperate LANs. =A0Maybe not true. > I am currently using VLAN tagging, which works. > > So, my switch has VLAN 470 as service already, and this is seen by > the 3800 as network "service" (device se00.470), and I can get v4 and v6 > traffic to it. > > The ge00 port of the 3800 is plugged into my trusted VLAN (which is VLAN > 1). =A0I can now ssh into the "WAN" side of the CeroWRT. > > I set up the cisco switch so that the untagged packets on the se00 > interface were placed into vlan 3800, which I exposed to my desktop as > tagged vlan 3800, so my desktop could be behind as well as on the > internet. > > (Oh, I have public IPv4s everywhere, btw. /25 at home) > > My plan is to sever the link (2) above, and remove the interface on R > for "service" and move that IP to the 3800. =A0Once I'm happy with that, > I'll promote the 3800 to replace R. > > My upstream is bridged DSL ("HSA"), so it looks like ethernet and has > a native IPv4 (/30) and native IPv6 (/64) on it. =A0No DHCPv6PD on that > link, alas. > > Depending upon the wireless strengh I see from the 3800 I may obsolete > the wrt54gl, or not. =A0(It's v4 and v6 *routed*, not bridged). > > This email isn't so much a query, as a point of documentation, and > partial success story. > > (Oh, wife's laptop often has flaky wifi, wrt54gl is bg only. > I am blaming Ubuntu oneiric kernel, since it worked great on Hardy. > She spends most days on wired on "trusted" network. Wife laptop is son's > youtube toy. =A0I will definitely see if I can move the laptop to 802.11a= , > where the 3800 will get a chance to AQM/codel it) > > -- > ] =A0 =A0 =A0 He who is tired of Weird Al is tired of life! =A0 =A0 =A0 = =A0 =A0 | =A0firewalls =A0[ > ] =A0 Michael Richardson, Sandelman Software Works, Ottawa, ON =A0 =A0|ne= t architect[ > ] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device d= river[ > =A0 Kyoto Plus: watch the video > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 then sign the petition. > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --=20 Dave T=E4ht http://www.bufferbloat.net/projects/cerowrt/wiki - "3.3.8-6 is out with fq_codel!"