From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <toke@toke.dk>
Received: from mail2.tohojo.dk (mail2.tohojo.dk [IPv6:2a01:4f8:200:3141::101])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 3955421F1B8
	for <cerowrt-devel@lists.bufferbloat.net>;
	Wed, 19 Mar 2014 15:32:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at example.com
In-Reply-To: <CAA93jw5o4sqykTXmGa1OB1gtwVn83g13Gs9TQ1LRPKWn7r7gUA@mail.gmail.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=toke.dk; s=201310;
	t=1395268308; bh=aBFhwjwXe1whEvOsACNqnEji0j6Lu/3wrMg8/SOO4ek=;
	h=References:Subject:From:Date:To:CC;
	b=KKBRyANKTId61O6MTb2Vcum7VhFBq57t347iFbpwTYOu0uBTUAgDo4abueVr60JE5
	wJJeFLblTYQryynodkbA5Qh3EROM2U5vOC9L4qX7zZh2+dSWcIhtQZR+CPCDPEm+5v
	ATkDzWYvJrTmuxCaKR6xUj8auON396W/dHqvH5BY=
References: <87txataord.fsf@toke.dk>
	<CAA93jw5o4sqykTXmGa1OB1gtwVn83g13Gs9TQ1LRPKWn7r7gUA@mail.gmail.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain;
 charset=UTF-8
From: =?ISO-8859-1?Q?Toke_H=F8iland-J=F8rgensen?= <toke@toke.dk>
Date: Wed, 19 Mar 2014 23:31:47 +0100
To: Dave Taht <dave.taht@gmail.com>,"jow@openwrt.org" <jow@openwrt.org>
Message-ID: <a67be057-8eb0-4902-9072-59ddee357667@email.android.com>
Cc: "cerowrt-devel@lists.bufferbloat.net" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] BCP38 implementation
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Wed, 19 Mar 2014 22:32:00 -0000

On 19 March 2014 22:44:06 CET, Dave Taht <dave.taht@gmail.com> wrote:
> wow, thx. I was just about to give up and declare cero "baked enough".

Haha, well, felt like hacking on something new, and thought this might be appropriate :)

> the core problem remaining is ensuring dhcp request and renew work
> even
> with double-nat and that state is retained across a network and
> firewall reload.

Right. Well an easy fix could be to just omit the OUTPUT rule, so packets sent from the router itself are not blocked at all... But for double-nat, the actual traffic also needs to be allowed, I suppose.

Otherwise the documentation mentions hotplug scripts when an interface joins a firewall zone. That might be a suitable place to pick up addressing information? Storing it in the config shouldn't be a problem, but there probably needs to be some way for the user to override wrong auto-detection.

What source and dest ip does dhcp use?

-Toke