From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aenertia@aenertia.net>
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com
	[IPv6:2a00:1450:4010:c03::236])
	(using TLSv1 with cipher RC4-SHA (128/128 bits))
	(Client CN "smtp.gmail.com",
	Issuer "Google Internet Authority G2" (verified OK))
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 09DEE21F3B6
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 31 Aug 2014 07:05:19 -0700 (PDT)
Received: by mail-la0-f54.google.com with SMTP id b17so4923291lan.27
	for <cerowrt-devel@lists.bufferbloat.net>;
	Sun, 31 Aug 2014 07:05:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=aenertia.net; s=dkimaenertianet;
	h=mime-version:sender:from:date:message-id:subject:to:content-type;
	bh=HgBDaJPwQ8cDSx9xiubkHtPB3fl4IW0jKrRHYSmf9RQ=;
	b=Y+idgNBibL56cYkb62qxjYax2Av+fz1A5LorXHrrW/g1ETrCv32Jilt9QeZtuaHi4s
	rrFve3sVA1XKgqixH25kk4jfaiHNMZQvhu0ABk1BEwURiHFolWjuM9pt9UaGrpZ6z45O
	7Q9IhYe1XJ6ZDuWKV7AiHDF0EIyxFqKfZrWV4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:sender:from:date:message-id:subject
	:to:content-type;
	bh=HgBDaJPwQ8cDSx9xiubkHtPB3fl4IW0jKrRHYSmf9RQ=;
	b=ebrtKnoNEiy2O9S6V1KIMyjC0HRAqLrCPtvCSrfmN/KdyJqxRkiLP9dXxkMu5LlTzj
	JnNoCdQ7rjuuahcrqo6H4Xv6kFbYne2mWCJ4twVr94G5r+6o2WsJBGH9ezwqPhBPhjdI
	+2+W37eNT8cqHhY8Qy/AaxPb1DfS707UFBufgBscPwuotKytdaQ9Ly2m33/Zt1DRoHLn
	Q7xo5Pn/Tgz4uKPKrqYHBC9YtL5adyaweeLhZtAQURbyY/P96fb4Si9F6Ngr6YWECZlJ
	l+gxou4Ux8PnVJYDT7585PBDDCJ1YAwBFBSWuvAiPV5XVBVSGUKQGjKSV8ttJ+jQCgwu
	0h0A==
X-Gm-Message-State: ALoCoQkwAh8j+rIR9r6uj0Um95SdO+fd5WxeuCAF3EVVoJStAo6VMSMIdMmCuadFFfP3OQ31iq1P
X-Received: by 10.153.4.39 with SMTP id cb7mr22847445lad.19.1409493917001;
	Sun, 31 Aug 2014 07:05:17 -0700 (PDT)
MIME-Version: 1.0
Sender: aenertia@aenertia.net
Received: by 10.25.34.151 with HTTP; Sun, 31 Aug 2014 07:04:56 -0700 (PDT)
From: =?UTF-8?Q?Joel_Wir=C4=81mu_Pauling?= <joel@aenertia.net>
Date: Mon, 1 Sep 2014 02:04:56 +1200
X-Google-Sender-Auth: YwOfBV_3tMtm4puOffU8lzk7V_4
Message-ID: <CAKiAkGT2K6gm7YN9tM8_o-fMCEfCPzDw0kRXcHsYjY5iAjg0Ew@mail.gmail.com>
To: cerowrt-devel@lists.bufferbloat.net
Content-Type: text/plain; charset=UTF-8
Subject: [Cerowrt-devel] Bug in Toronto release
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Sun, 31 Aug 2014 14:05:20 -0000

Hi all,

I just spent an hour scratching my head.

I have a fairly easy setup, a vpn a 6in4 tun devices and seperated
networks for 2.4 5 and wired networks.

I just flashed the toronto released. And everything seemed to be
working, but I kept getting connection refused for non http(s) and DNS
.

After poking iptables with explicit rules etc.

I released that for some reason the SE00 and GW01 devices etc are not
in the LAN firewall zone by default. Having no zone means certain
white-listed things in the WAN firewall zone were allowed through
(useful services).

Someone might want to patch the configs so others don't encounter the
same config bug.

-Joel
@aenertia
http://gplus.to/aenertia