Feature #229
Renumbering interfaces is painful via the web interface
| Status: | New | Start date: | 08/16/2011 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  David Taht |
% Done: | 0% |
|
| Category: | UI | Spent time: | - | |
| Target version: | Cerowrt-Next |
Description
with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it's hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
I have a simple script that does 95% of the work that could be improved to also be accessible via luci "renumber/rename home network" - which would eliminate the tedium.
History
Updated by Jim Gettys almost 2 years ago
Is this script in the build? Is it documented? For people to put a router into service for real, they had better not have to renumber their networks; it's easier to fix a single router.
Updated by Jim Gettys over 1 year ago
- Category set to UI
Updated by Jim Gettys over 1 year ago
- Assignee set to David Taht
- Priority changed from Normal to High
I just renumbered with the sed scripts in the wiki to 192.168.1.x, hoping I'd win. I lost.
I note that Default network numbering says that
1-30: secured area for other machines 33-65: secured area for wired
Here's the thing: I did an informal poll of my Bell Labs co-workers I'm about to inflict CeroWrt on. About half of them have static, existing numbering plans.
In my personal case, my static addresses are all in the 1-30 range; I suspect that's going to be common (or hope so, anyway).
So I suspect the two areas should be swapped to reduce the amount of renumbering required.
Updated by Dave Täht over 1 year ago
Exactly. I basically reserved the bottomost range for static ips. The other ranges are all dynamic (well, the firstmost
address in each range is excluded from dhcp's dynamic lease assignment)
that said, this can be improved.
Updated by Dave Täht over 1 year ago
So, here's an option:
we change to 172.30.42.1 as the base address of the router.
We use a /26 in this case, to give us 1-62 as valid ips.
We reserve 34-62 as dynamically addressed space.
This DOES mess up the dmz idea - where my 'plan' such as it was was to have the dmz on a different vlan.
Updated by Jim Gettys over 1 year ago
Well, right now, I can't access 192.168.1.13 (or similar addresses). I doubt I'll be the last.
My colleagues seem to all be using 192.168.1 addresses as their plan.
A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel... DMZ's, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
For now, I suspect KISS is in order.
Updated by David Taht over 1 year ago
That's more or less my fault in the current design as I had several requests for
vlan support early on. And, I suspect, we'll hav emore.
In your case.
change /etc/config/network to use a 255.255.255.192 netmask instead of 224
for the se00 device, change it to 192.168.1.1, and tell
/etc/config/dhcp to start
at 34 for that interface
as I described later in the bug
I'm going to bed
On Wed, Sep 21, 2011 at 5:06 PM, <cerowrt@lists.bufferbloat.net> wrote:
Issue #229 has been updated by Jim Gettys.
Well, right now, I can't access 192.168.1.13 (or similar addresses). I doubt I'll be the last. My colleagues seem to all be using 192.168.1 addresses as their plan.
A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel... DMZ's, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
For now, I suspect KISS is in order.
Feature #229: Renumbering interfaces is painful via the web interface https://www.bufferbloat.net/issues/229Author: Dave Täht Status: New Priority: High Assignee: David Taht Category: UI Target version: 1st Public Cerowrt release
with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it's hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
I have a simple script that does 95% of the work that could be improved to also be accessible via luci "renumber/rename home network" - which would eliminate the tedium.
Updated by David Taht over 1 year ago
To clarify that slightly, what you did wrong (I think) - was put a new /27 up
in the 0-31 address space, with no router IP address for it. Due to it being a
/27 it can't see any means of getting anywhere, so it goes boom.
to kind of keep the dmz idea alive, we COULD just do an alias for
se00:0 of 192.168.1.1
but that leads to all sorts of hassle on the same physical wire.
Ah, well, it can move to the end of the address space. Trust me, there
are many vlan freaks out there.
On Wed, Sep 21, 2011 at 5:24 PM, Dave Taht <dave.taht@gmail.com> wrote:
That's more or less my fault in the current design as I had several requests for vlan support early on. And, I suspect, we'll hav emore.
In your case.
change /etc/config/network to use a 255.255.255.192 netmask instead of 224 for the se00 device, change it to 192.168.1.1, and tell /etc/config/dhcp to start at 34 for that interface
as I described later in the bug
I'm going to bed
On Wed, Sep 21, 2011 at 5:06 PM, <cerowrt@lists.bufferbloat.net> wrote:
Issue #229 has been updated by Jim Gettys.
Well, right now, I can't access 192.168.1.13 (or similar addresses). I doubt I'll be the last. My colleagues seem to all be using 192.168.1 addresses as their plan.
A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel... DMZ's, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
For now, I suspect KISS is in order.
Feature #229: Renumbering interfaces is painful via the web interface https://www.bufferbloat.net/issues/229Author: Dave Täht Status: New Priority: High Assignee: David Taht Category: UI Target version: 1st Public Cerowrt release
with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it's hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
I have a simple script that does 95% of the work that could be improved to also be accessible via luci "renumber/rename home network" - which would eliminate the tedium.
Updated by Jim Gettys over 1 year ago
David Taht wrote:
To clarify that slightly, what you did wrong (I think) - was put a new /27 up in the 0-31 address space, with no router IP address for it. Due to it being a /27 it can't see any means of getting anywhere, so it goes boom.
All I did was run the sed scripts from the wiki.
Updated by Dave Täht over 1 year ago
but then you had a .13 fixed ip address.
there is no address range for .13 that has a router ip on it.
Updated by Dave Täht about 1 year ago
- Target version changed from 1st Public Cerowrt release to Cerowrt-Next