[Cerowrt-devel] saner defaults for config/firewall

Fred Stratton fredstratton at imap.cc
Mon Feb 24 07:45:55 EST 2014 

There are no button presses to bring the box back, as you can with some 
TP-Link routers.

You could use a serial lead if you opened the case. No one has mentioned 
trying this with cero on the list.

So far, all bridging attempts with cero have been unproductive. However 
sound the theoretical approach, they have not worked in practice.

As you would expect, subnetting a /48 works. DT has got subnetting 
working with a /60 in the last 2 weeks.

That is the current state of play.

6relayd  on OpenWRT is very difficult to configure. dnsmasq tends to be 
simpler.

Perhaps Kelley has something to say about configuration with, say, a /64 
provided by free.fr

I know of only one ISP which provides a /48 to customers.



On 24/02/14 11:35, Vincent Frentzel wrote:
> I am familiar with that command :) Was wondering if there was 
> something I could do when I cannot ssh into the router. As mentioned 
> above, when trying to configure the bridge I hit a point where I could 
> nt get in the router anymore.
>
> I understand the design decisions of the project and far from me the 
> idea of challenging them :) I was simply trying to provide an 
> alternative config with a standard bridge ethernet + wifi for 
> reference. I believe that in the case mentioned by Sebastian 
> (multiple, mobile, devices accessing resources across segments) 
> bridging is a simple way forward.
>
> In my particular case, correct route propagation is a problem on IPV6 
> (im not running babel) and I have only 2 wifi clients... Bridging has 
> never shown any perf issues in the past so I 'd like to switch back to 
> this simpler setup. I can picture that this might not fit the bill for 
> more intensive use cases.
>
>
> On Mon, Feb 24, 2014 at 12:03 PM, Fred Stratton <fredstratton at imap.cc 
> <mailto:fredstratton at imap.cc>> wrote:
>
>     So much for memory
>
>     mtd -r erase rootfs_data
>
>     is the correct invocation.
>
>
>
>     On 24/02/14 10:18, Fred Stratton wrote:
>>     I suggest you read the cero wiki. This details the original
>>     design decisions. On the router,
>>
>>     ssh in, and use
>>
>>     mtd -r erase fs_data
>>
>>     to recover to defaults. See
>>
>>     http://wiki.openwrt.org/doc/techref/mtd
>>
>>     If you ever have used  BB daily builds, you can type this in your
>>     sleep.
>>
>>
>>
>>
>>     On 24/02/14 10:05, Vincent Frentzel wrote:
>>>
>>>
>>>
>>>                 I could be totally out for lunch here, but shouldn't
>>>         that be se00 (secure ethernet) instead of eth0.1? At least
>>>         on 3.10.28-14 <tel:3.10.28-14> neuter "ifconfig" nor
>>>         /etc/config/network mentions eth0.1 at all. Could you post
>>>         both of these (so the result of calling ifconfig on a
>>>         terminal on the router and the content of
>>>         /etc/config/network ;), I am sure you know what I meant,
>>>         just dying to be verbose for the sake of people stumbling
>>>         over the archive of the mailing list)
>>>
>>>
>>>
>>>     Hi Sebastian,
>>>
>>>     Understood. I will come back to you with the ifconfig.
>>>
>>>     For info, I did try both se00 and eth0.1. The reason I stuck
>>>     with eth0.1 was that barrier breaker usually uses eth0.1 for
>>>     br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So
>>>     in cero I just reenabled the vlan and used a type "bridge" on
>>>     the network section (I renamed this section se99 instead of se00).
>>>
>>>     I then added se99 it to the "lan" zone of the firewall. In the
>>>     wireless config I specified network as "se99" instead of sw10
>>>     and sw00. I confirmed that the setup was correct in the web
>>>     interface where eth0.1 sw00 and sw10 appeared under the new
>>>     bridged interface ( there was the nice icon with the iface in
>>>     brackets).
>>>
>>>     I went on to modify the dhcp config of se00 and changed se00
>>>     occurences for se99 and commented out entries for sw10/sw00. -->
>>>     this would give me dhcp running on my new bridge.
>>>
>>>     After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line
>>>     with interface se99. (I was expecting to see br-se99 but maybe
>>>     that file is alias aware, could be wrong here).
>>>
>>>     After a network restart I lost connectivity on cable. Wireless
>>>     was working.
>>>
>>>     I played a tad more and eventually lost wifi as well and had to
>>>     reflash the router via tftp/factory image (maybe there is a
>>>     reset trick you could give me to avoid this step).
>>>
>>>     Are you running cerowrt in bridge mode? If yes could you share
>>>     your network/firewall/dhcp config? Is there another file I
>>>     should have edited and missed?
>>>
>>>     Cheers,
>>>     V
>>>
>>>
>>>     _______________________________________________
>>>     Cerowrt-devel mailing list
>>>     Cerowrt-devel at lists.bufferbloat.net  <mailto:Cerowrt-devel at lists.bufferbloat.net>
>>>     https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>>     _______________________________________________
>>     Cerowrt-devel mailing list
>>     Cerowrt-devel at lists.bufferbloat.net  <mailto:Cerowrt-devel at lists.bufferbloat.net>
>>     https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>     _______________________________________________
>     Cerowrt-devel mailing list
>     Cerowrt-devel at lists.bufferbloat.net
>     <mailto:Cerowrt-devel at lists.bufferbloat.net>
>     https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20140224/a8c41d35/attachment-0002.html>

More information about the Cerowrt-devel mailing list