From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lb0-x22b.google.com (mail-lb0-x22b.google.com [IPv6:2a00:1450:4010:c04::22b]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id ED41321F1CB for ; Sat, 4 Oct 2014 19:54:56 -0700 (PDT) Received: by mail-lb0-f171.google.com with SMTP id z12so2731685lbi.2 for ; Sat, 04 Oct 2014 19:54:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HnUtnxGZ1UWvcdFm3d2gnPW8pCon+2o/tuT6dHIpv+g=; b=UA2OKfQsbM3B/udjPtCrOJCwkF8cHUZ/nKulNf7enlotqL4fpWIjEsJYbPBeu1BvNk VS/bA2G6KLeQ2+eVUeXm5F8AbO+V2aWhz0wi+VDlmZ2arRDk6Nd+JdOk6qUHbwK2AbTw 4VrnnL0TxuOZs2pki3VFk5uGMkZy42Q3UPZfSyN0Fg48lofNXlc2nAUhfGmIG193lFXa +6W7qagaq+fQIrybaWPFloId8CJHm7P2Whx+nT0+LPnkOfunjIpAfFTcYG524VpkZoBg gmcMpTzLOpQiiUKuExcdu7Wm+e4gbQVo2G0mHS9t7kHJ1yyWjYJi1OTDfWRG8cIjIGhn QHZA== MIME-Version: 1.0 X-Received: by 10.112.164.203 with SMTP id ys11mr110901lbb.83.1412477693824; Sat, 04 Oct 2014 19:54:53 -0700 (PDT) Received: by 10.25.126.207 with HTTP; Sat, 4 Oct 2014 19:54:53 -0700 (PDT) In-Reply-To: <20141005020748.63A5F1B1@taggart.lackof.org> References: <20141005020748.63A5F1B1@taggart.lackof.org> Date: Sat, 4 Oct 2014 22:54:53 -0400 Message-ID: From: Nathan To: Matt Taggart Content-Type: multipart/alternative; boundary=001a1133be8a3194600504a41742 Cc: cerowrt-devel@lists.bufferbloat.net Subject: Re: [Cerowrt-devel] default zones including interfaces and babel X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2014 02:55:25 -0000 --001a1133be8a3194600504a41742 Content-Type: text/plain; charset=UTF-8 Known GUI bug. The firewall display is incorrect. See this message from a few weeks ago: https://lists.bufferbloat.net/pipermail/cerowrt-devel/2014-September/003543.html On Sat, Oct 4, 2014 at 10:07 PM, Matt Taggart wrote: > Hi cerowrt-devel, > > In a default 3.10.50-1 install on the Network->Firewall->General settings > page, there are some default zones for wan, lan, guest. > > They don't appear to have any interfaces assigned to them, I am guessing > the intent is: > > ge00: wired wan port, should be 'wan' zone > gw00, gw10: guest 2.4/5 wireless, should be 'guest' zone > se00: wired switch ports, should be 'lan' zone > sw00, sw10: secure 2.4/5 wireless, ? zone > gw01, gw11: babel 2.4/5 wireless, ? zone > > 0) shouldn't the interfaces be assigned to zones? > > 1) If the intent is that se00, sw00, sw10 can all communicate freely, maybe > the zone name should be 'private' or 'secure' (rather than 'lan') and they > should all be part of that? > > 2) What zone should the babel devices be in, what do they need to be able > to do? > > This is maybe a good segway into some other questions I have: > > * is there a good description of how the babel stuff works? > I found this > http://www.bufferbloat.net/projects/cerowrt/wiki/Mesh > which explains configuring, but I guess I would like something like a walk > through of how a wireless client connects to an interior router and how > things make it to the internet and back. > > * if I need to secure both my guest wireless and secure wireless networks, > what does that mean for security of the babel networks and what (if > anything) stops someone from using them? given that I haven't set > credentials anywhere on the routers to make it work, I am guessing nothing. > I think the last time I wirelessly connected two routers it was using the > old Linksys WDS and it used credentials somehow... > > Thanks, > > -- > Matt Taggart > matt@lackof.org > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > --001a1133be8a3194600504a41742 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Known GUI bug. The firewall display is incorrect. See this= message from a few weeks ago:=C2=A0https://lists.bufferb= loat.net/pipermail/cerowrt-devel/2014-September/003543.html

On Sat, Oct 4, 2014 at 10:0= 7 PM, Matt Taggart <matt@lackof.org> wrote:
Hi cerowrt-devel,

In a default 3.10.50-1 install on the Network->Firewall->General sett= ings
page, there are some default zones for wan, lan, guest.

They don't appear to have any interfaces assigned to them, I am guessin= g
the intent is:

ge00: wired wan port, should be 'wan' zone
gw00, gw10: guest 2.4/5 wireless, should be 'guest' zone
se00: wired switch ports, should be 'lan' zone
sw00, sw10: secure 2.4/5 wireless, ? zone
gw01, gw11: babel 2.4/5 wireless, ? zone

0) shouldn't the interfaces be assigned to zones?

1) If the intent is that se00, sw00, sw10 can all communicate freely, maybe=
the zone name should be 'private' or 'secure' (rather than = 'lan') and they
should all be part of that?

2) What zone should the babel devices be in, what do they need to be able to do?

This is maybe a good segway into some other questions I have:

* is there a good description of how the babel stuff works?
I found this
=C2=A0 http://www.bufferbloat.net/projects/cerowrt/wiki/Mesh which explains configuring, but I guess I would like something like a walk<= br> through of how a wireless client connects to an interior router and how
things make it to the internet and back.

* if I need to secure both my guest wireless and secure wireless networks,<= br> what does that mean for security of the babel networks and what (if
anything) stops someone from using them? given that I haven't set
credentials anywhere on the routers to make it work, I am guessing nothing.=
I think the last time I wirelessly connected two routers it was using the old Linksys WDS and it used credentials somehow...

Thanks,

--
Matt Taggart
matt@lackof.org


_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.= bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

--001a1133be8a3194600504a41742--