[Cerowrt-devel] saner defaults for config/firewall

Sebastian Moeller moeller0 at gmx.de
Mon Feb 24 08:35:48 EST 2014


Hi Vincent,

On Feb 24, 2014, at 12:35 , Vincent Frentzel <zcecc22 at c3r.es> wrote:

> I am familiar with that command :) Was wondering if there was something I could do when I cannot ssh into the router. As mentioned above, when trying to configure the bridge I hit a point where I could nt get in the router anymore.
> 
> I understand the design decisions of the project and far from me the idea of challenging them :) I was simply trying to provide an alternative config with a standard bridge ethernet + wifi for reference. I believe that in the case mentioned by Sebastian (multiple, mobile, devices accessing resources across segments) bridging is a simple way forward.

	I agree it would be quite valuable to have a nice simple how to switch to bridged mode for cerowrt (just as openwrt has one for switch to routed mode)

> 
> In my particular case, correct route propagation is a problem on IPV6 (im not running babel) and I have only 2 wifi clients…

	I have similar issues, as secondary router cerowrt gets a working /64 address for itself and ping6 and friend work, and all downstream interfaces get valid ip6 addresses from the primary router's /56, but none of them gets a working (default-)route (and that only after switching ra and dhcp from server to hybrids in /etc/dhcp). Since I do not need ip6 for anything yet that is a low priority issue for me though (and nothing that would make abandon routing).

best regards
	Sebastian

> Bridging has never shown any perf issues in the past so I 'd like to switch back to this simpler setup. I can picture that this might not fit the bill for more intensive use cases.
> 
> 
> On Mon, Feb 24, 2014 at 12:03 PM, Fred Stratton <fredstratton at imap.cc> wrote:
> So much for memory
> 
> mtd -r erase rootfs_data
> 
> is the correct invocation.
> 
> 
> 
> On 24/02/14 10:18, Fred Stratton wrote:
>> I suggest you read the cero wiki. This details the original design decisions. On the router,
>> 
>> ssh in, and use
>> 
>> mtd -r erase fs_data
>> 
>> to recover to defaults. See 
>> 
>> http://wiki.openwrt.org/doc/techref/mtd
>> 
>> If you ever have used  BB daily builds, you can type this in your sleep.
>> 
>> 
>> 
>> 
>> On 24/02/14 10:05, Vincent Frentzel wrote:
>>> 
>>> 
>>> 
>>>         I could be totally out for lunch here, but shouldn't that be se00 (secure ethernet) instead of eth0.1? At least on 3.10.28-14 neuter "ifconfig" nor /etc/config/network mentions eth0.1 at all. Could you post both of these (so the result of calling ifconfig on a terminal on the router and the content of /etc/config/network ;), I am sure you know what I meant, just dying to be verbose for the sake of people stumbling over the archive of the mailing list)
>>> 
>>> 
>>> Hi Sebastian,
>>> 
>>> Understood. I will come back to you with the ifconfig.
>>> 
>>> For info, I did try both se00 and eth0.1. The reason I stuck with eth0.1 was that barrier breaker usually uses eth0.1 for br-lan with vlan enabled (eth0.1 appears in Luci in cerowrt). So in cero I just reenabled the vlan and used a type "bridge" on the network section (I renamed this section se99 instead of se00). 
>>> 
>>> I then added se99 it to the "lan" zone of the firewall. In the wireless config I specified network as "se99" instead of sw10 and sw00. I confirmed that the setup was correct in the web interface where eth0.1 sw00 and sw10 appeared under the new bridged interface ( there was the nice icon with the iface in brackets).
>>> 
>>> I went on to modify the dhcp config of se00 and changed se00 occurences for se99 and commented out entries for sw10/sw00. --> this would give me dhcp running on my new bridge.
>>> 
>>> After a dnsmasq restart dnsmasq.conf shows the dhcp ranges line with interface se99. (I was expecting to see br-se99 but maybe that file is alias aware, could be wrong here).
>>> 
>>> After a network restart I lost connectivity on cable. Wireless was working.
>>> 
>>> I played a tad more and eventually lost wifi as well and had to reflash the router via tftp/factory image (maybe there is a reset trick you could give me to avoid this step).
>>> 
>>> Are you running cerowrt in bridge mode? If yes could you share your network/firewall/dhcp config? Is there another file I should have edited and missed?
>>> 
>>> Cheers,
>>> V
>>> 
>>> 
>>> _______________________________________________
>>> Cerowrt-devel mailing list
>>> 
>>> Cerowrt-devel at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>> 
>> 
>> 
>> _______________________________________________
>> Cerowrt-devel mailing list
>> 
>> Cerowrt-devel at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 
> 
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
> 
> 




More information about the Cerowrt-devel mailing list