From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ve0-x22e.google.com (mail-ve0-x22e.google.com [IPv6:2607:f8b0:400c:c01::22e]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id D444621F1E0 for ; Mon, 24 Feb 2014 02:05:08 -0800 (PST) Received: by mail-ve0-f174.google.com with SMTP id oy12so874704veb.5 for ; Mon, 24 Feb 2014 02:05:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=CFVDYK7XAO9LmnVqGc0nO80cWT2keKdY8d2QqI8owvw=; b=MwpFko/YSVlLZqqh3+x2FrtuaTjjAaWz9u/CA2fCnHUTwGwnq0MbWd/0XWlMEDhza5 gyLcFBNVJLo9cZiWEb3GXS2iEjV4OlvhwzUZfgnVbHBqTu8IeuUX5fR6MgbK3S/cyjyp SRefD1HI5LZ+v295RPFHWO85UhHwTNqRT/lsekq5VyShagVMckbY8oW1hl0FZHDH/PI2 56kcmfk2AI6b93KsW4Js+CuGZh0VeMhYWxa3xQLZwJ5LJmHYP3zyS/bW860rcImh5Y8+ imdrxbPt8e5j37yf3YqR7/hy1Ds4ghTyg86PrObBC52+Dkivr7L3oNCETqzrqiOw3TUv 7pHA== MIME-Version: 1.0 X-Received: by 10.52.186.230 with SMTP id fn6mr10225149vdc.14.1393236307459; Mon, 24 Feb 2014 02:05:07 -0800 (PST) Sender: c3reszcecc22@gmail.com Received: by 10.220.196.210 with HTTP; Mon, 24 Feb 2014 02:05:07 -0800 (PST) In-Reply-To: <128185AE-918F-4944-BB45-B5D20A1AD1E5@gmx.de> References: <20140223172140.GB24483@lists.bufferbloat.net> <530A4791.8080903@ashtonfam.org> <128185AE-918F-4944-BB45-B5D20A1AD1E5@gmx.de> Date: Mon, 24 Feb 2014 11:05:07 +0100 X-Google-Sender-Auth: VWHXlyGdvcUyj4r1bwD3zcGq2Hk Message-ID: From: Vincent Frentzel To: Sebastian Moeller Content-Type: multipart/alternative; boundary=bcaec54858ca31c42a04f3241b2b Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] saner defaults for config/firewall X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 10:05:09 -0000 --bcaec54858ca31c42a04f3241b2b Content-Type: text/plain; charset=UTF-8 > I could be totally out for lunch here, but shouldn't that be se00 > (secure ethernet) instead of eth0.1? At least on 3.10.28-14 neuter > "ifconfig" nor /etc/config/network mentions eth0.1 at all. Could you post > both of these (so the result of calling ifconfig on a terminal on the > router and the content of /etc/config/network ;), I am sure you know what I > meant, just dying to be verbose for the sake of people stumbling over the > archive of the mailing list) > Hi Sebastian, Understood. I will come back to you with the ifconfig. For info, I did try both se00 and eth0.1. The reason I stuck with eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So in cero I just reenabled the vlan and used a type "bridge" on the network section (I renamed this section se99 instead of se00). I then added se99 it to the "lan" zone of the firewall. In the wireless config I specified network as "se99" instead of sw10 and sw00. I confirmed that the setup was correct in the web interface where eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was the nice icon with the iface in brackets). I went on to modify the dhcp config of se00 and changed se00 occurences for se99 and commented out entries for sw10/sw00. --> this would give me dhcp running on my new bridge. After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I was expecting to see br-se99 but maybe that file is alias aware, could be wrong here). After a network restart I lost connectivity on cable. Wireless was working. I played a tad more and eventually lost wifi as well and had to reflash the router via tftp/factory image (maybe there is a reset trick you could give me to avoid this step). Are you running cerowrt in bridge mode? If yes could you share your network/firewall/dhcp config? Is there another file I should have edited and missed? Cheers, V --bcaec54858ca31c42a04f3241b2b Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable



=C2=A0 =C2=A0 =C2=A0 =C2=A0 I could be totally out for lunch here, but shou= ldn't that be se00 (secure ethernet) instead of eth0.1? At least on 3.1= 0.28-14 neuter "ifconfig" nor /etc/config/network mentions eth0.1= at all. Could you post both of these (so the result of calling ifconfig on= a terminal on the router and the content of /etc/config/network ;), I am s= ure you know what I meant, just dying to be verbose for the sake of people = stumbling over the archive of the mailing list)


Hi Sebastian,

=
Understood. I will come back to you with the ifconfig.

For info, I did try both se00 and eth0.1. The reason I stuck with eth0.1= was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled = (eth0.1 appears in Luci in cerowrt). So in cero I just reenabled the vlan a= nd used a type "bridge" on the network section (I renamed this se= ction se99 instead of se00).

I then added se99 it to the "lan" zone of the firewall. In th= e wireless config I specified network as "se99" instead of sw10 a= nd sw00. I confirmed that the setup was correct in the web interface where = eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was t= he nice icon with the iface in brackets).

I went on to modify the dhcp config of se00 and changed se00= occurences for se99 and commented out entries for sw10/sw00. --> this w= ould give me dhcp running on my new bridge.

After a dnsma= sq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I = was expecting to see br-se99 but maybe that file is alias aware, could be w= rong here).

After a network restart I lost connectivity on cable. Wirele= ss was working.

I played a tad more and eventually lost w= ifi as well and had to reflash the router via tftp/factory image (maybe the= re is a reset trick you could give me to avoid this step).

Are you running cerowrt in bridge mode? If yes could you sha= re your network/firewall/dhcp config? Is there another file I should have e= dited and missed?

Cheers,
V
--bcaec54858ca31c42a04f3241b2b--