Bug #229

Is this script in the build? Is it documented? For people to put a router into service for real, they had better not have to renumber their networks; it’s easier to fix a single router.

I just renumbered with the sed scripts in the wiki to 192.168.1.x, hoping I’d win. I lost.

I note that Default network numbering says that

1-30: secured area for other machines
33-65: secured area for wired

Here’s the thing: I did an informal poll of my Bell Labs co-workers I’m about to inflict CeroWrt on. About half of them have static, existing numbering plans.

In my personal case, my static addresses are all in the 1-30 range; I suspect that’s going to be common (or hope so, anyway).

So I suspect the two areas should be swapped to reduce the amount of renumbering required.

Exactly. I basically reserved the bottomost range for static ips. The other ranges are all dynamic (well, the firstmost
address in each range is excluded from dhcp’s dynamic lease assignment)

that said, this can be improved.

So, here’s an option:

we change to 172.30.42.1 as the base address of the router.

We use a /26 in this case, to give us 1-62 as valid ips.

We reserve 34-62 as dynamically addressed space.

This DOES mess up the dmz idea - where my ‘plan’ such as it was was to have the dmz on a different vlan.

Well, right now, I can’t access 192.168.1.13 (or similar addresses). I doubt I’ll be the last.
My colleagues seem to all be using 192.168.1 addresses as their plan.

A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.

For now, I suspect KISS is in order.

That’s more or less my fault in the current design as I had several requests for
vlan support early on. And, I suspect, we’ll hav emore.

In your case.

change /etc/config/network to use a 255.255.255.192 netmask instead of 224
for the se00 device, change it to 192.168.1.1, and tell
/etc/config/dhcp to start
at 34 for that interface

as I described later in the bug

I’m going to bed

On Wed, Sep 21, 2011 at 5:06 PM, cerowrt@lists.bufferbloat.net wrote:
>
> Issue #229 has been updated by Jim Gettys.
>
>
> Well, right now, I can’t access 192.168.1.13 (or similar addresses).  I doubt I’ll be the last.
> My colleagues seem to all be using 192.168.1 addresses as their plan.
>
> A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
>
> For now, I suspect KISS is in order.
>
> —————————————-
> Feature #229: Renumbering interfaces is painful via the web interface
> https://www.bufferbloat.net/issues/229 >
> Author: Dave Täht
> Status: New
> Priority: High
> Assignee: David Taht
> Category: UI
> Target version: 1st Public Cerowrt release
>
>
> with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it’s hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
>
> I have a simple script that does 95% of the work that could be improved to also be accessible via luci “renumber/rename home network” - which would eliminate the tedium.
>
>

To clarify that slightly, what you did wrong (I think) - was put a new /27 up
in the 0-31 address space, with no router IP address for it. Due to it being a
/27 it can’t see any means of getting anywhere, so it goes boom.

to kind of keep the dmz idea alive, we COULD just do an alias for
se00:0 of 192.168.1.1
but that leads to all sorts of hassle on the same physical wire.

Ah, well, it can move to the end of the address space. Trust me, there
are many vlan freaks out there.

On Wed, Sep 21, 2011 at 5:24 PM, Dave Taht dave.taht@gmail.com wrote:
> That’s more or less my fault in the current design as I had several requests for
> vlan support early on. And, I suspect, we’ll hav emore.
>
> In your case.
>
> change /etc/config/network to use a 255.255.255.192 netmask instead of 224
> for the se00 device, change it to 192.168.1.1, and tell
> /etc/config/dhcp to start
> at 34 for that interface
>
> as I described later in the bug
>
> I’m going to bed
>
> On Wed, Sep 21, 2011 at 5:06 PM,  cerowrt@lists.bufferbloat.net wrote:
>>
>> Issue #229 has been updated by Jim Gettys.
>>
>>
>> Well, right now, I can’t access 192.168.1.13 (or similar addresses).  I doubt I’ll be the last.
>> My colleagues seem to all be using 192.168.1 addresses as their plan.
>>
>> A DMZ VLAN would be nice someday; but the interesting question also being begged is how do we deal with a VLAN for an IPsec tunnel… DMZ’s, however, in the IPv4 world are hard for most to come by, given IPv4 address shortage.
>>
>> For now, I suspect KISS is in order.
>>
>> —————————————-
>> Feature #229: Renumbering interfaces is painful via the web interface
>> https://www.bufferbloat.net/issues/229 >>
>> Author: Dave Täht
>> Status: New
>> Priority: High
>> Assignee: David Taht
>> Category: UI
>> Target version: 1st Public Cerowrt release
>>
>>
>> with 6 interfaces, and a dns server, and access to the router controlled by iptables and xinetd, it’s hard to renumber interfaces to have a different subnet allocation - and ipv6 is also problematic.
>>
>> I have a simple script that does 95% of the work that could be improved to also be accessible via luci “renumber/rename home network” - which would eliminate the tedium.
>>
>>

David Taht wrote:
> To clarify that slightly, what you did wrong (I think) - was put a new /27 up
> in the 0-31 address space, with no router IP address for it. Due to it being a
> /27 it can’t see any means of getting anywhere, so it goes boom.
>
>

All I did was run the sed scripts from the wiki.

but then you had a .13 fixed ip address.

there is no address range for .13 that has a router ip on it.