[Cerowrt-devel] saner defaults for config/firewall

Sebastian Moeller moeller0 at gmx.de
Mon Feb 24 08:29:23 EST 2014 

Hi Vincent,


On Feb 24, 2014, at 11:05 , Vincent Frentzel <zcecc22 at c3r.es> wrote:

> 
> 
> 
>         I could be totally out for lunch here, but shouldn't that be se00 (secure ethernet) instead of eth0.1? At least on 3.10.28-14 neuter "ifconfig" nor /etc/config/network mentions eth0.1 at all. Could you post both of these (so the result of calling ifconfig on a terminal on the router and the content of /etc/config/network ;), I am sure you know what I meant, just dying to be verbose for the sake of people stumbling over the archive of the mailing list)
> 
> 
> Hi Sebastian,
> 
> Understood. I will come back to you with the ifconfig.
> 
> For info, I did try both se00 and eth0.1.

	Ah, okay, so I was out for lunch then ;)

> The reason I stuck with eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt).

	Why do you need vlan at all for bridging (honest question, I really do not know whether that is requirement in current openwrt or not)?

> So in cero I just reenabled the vlan and used a type "bridge" on the network section (I renamed this section se99 instead of se00). 
> 
> I then added se99 it to the "lan" zone of the firewall. In the wireless config I specified network as "se99" instead of sw10 and sw00. I confirmed that the setup was correct in the web interface where eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was the nice icon with the iface in brackets).
> 
> I went on to modify the dhcp config of se00 and changed se00 occurences for se99 and commented out entries for sw10/sw00. --> this would give me dhcp running on my new bridge.
> 
> After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I was expecting to see br-se99 but maybe that file is alias aware, could be wrong here).
> 
> After a network restart I lost connectivity on cable. Wireless was working.

	Did you confirm that both radios are bridged now?

> 
> I played a tad more and eventually lost wifi as well and had to reflash the router via tftp/factory image (maybe there is a reset trick you could give me to avoid this step).

	Caveat, I am a simple cerowrt user, so don't expect too much; I have found o alternative to the tftp method if the router can not be reached over any of the interfaces anymore.

> 
> Are you running cerowrt in bridge mode?

	No, I stick to the default routed mode. I fully bought not Dave's reasoning here and hope that we end up being able to make all essential services work over routing ;) (At home I have a smb-server on the wired segment and two notebooks that occasionally want to reach that server, running samba server on the router is sufficient for name resolution to work, mind you the notebooks are both macs so I have no idea whether that would work with windows clients...)

> If yes could you share your network/firewall/dhcp config? Is there another file I should have edited and missed?

	Sorry, I have no idea.

Best Regards
	Sebastian

> 
> Cheers,
> V

More information about the Cerowrt-devel mailing list