[Cerowrt-devel] slowly moving to deploy 3.3.8-6
mcr at sandelman.ca
Sun Jun 24 17:10:44 EDT 2012
>>>>> "Dave" == Dave Taht <dave.taht at gmail.com> writes:
Dave> 1) we have a fq_codel enabled build for ubuntu 12.4
Dave> contributed by kamal mostafa on:
It took me a few reads to get why this mattered... this is for my wife's
Dave> 2) There are multiple things about vlan behavior in cerowrt
Dave> and with AQMs that you could explore. I'm not really sure if
Dave> the default cerowrt ifconfig script is going to work right on
Dave> multiple vlans. (see /etc/hotplug.d/iface/00-debloat) for one
Dave> 3) if you enable the vlan on the switch, each port can indeed
Dave> be a different network.
Good. I'm not entirely sure that I care actually, given that I can
create vlans... assuming I can get Gigabit to somehow work directly with
my Cisco switch.
Dave> 4) My intent with the se00 and ge00 naming scheme was to come
Dave> up with a clean way to write difficult firewall rules, using a
Dave> "s+" or "g+" pattern match, rather than having to write
Dave> O(network interface) rules.
I agree with it.
Dave> This concept doesn't play well with the conventional vlan
Dave> se00.XXX naming scheme but I do note that names can be changed
Dave> on creation to match some sort of guest/secure split while
Dave> preserving the capability for + semantics. That said, the
Dave> default openwrt firewall (as cerowall is unfinished) doesn't
Dave> use +, uses .XXX, and YMMV.
well, my firewall rules/policy are somewhat more complex than just
lan/guest. I will have:
trusted (very few incomng ports open, only from known places)
service (many incoming ports open, few outgoing open)
wireless ("sw", gets access to printer)
guest ("gw", outgoing only, probably NATed)
Dave> Delighted you are making progress with a real world and
Dave> wife-compatible installation.
Dave> Are you using qos-scripts or the simple_qos script yet?
My laptop now spends most days at home in it's docking station, as
"desktop", and I have transitioned to a desktop computer at CREDIL, but
I ssh to home to run xemacs+mhe... and *I* sure notice bufferbloat.
(I also run sshfs in both directions at the same time, plus have a 7
year old that would spend all day on youtube if we let him...)
This is despite my ISP having put some QoS at their end.... I have some
very clear smokeping pictures. I hope that codel at my end will help.
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr at sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 307 bytes
Desc: not available
More information about the Cerowrt-devel