[User] subnets
Ranga Krishnan
ranga at eff.org
Wed Dec 10 19:05:56 PST 2014
Hi Marc,
We do allow for traffic forwarding between the private WiFi and
LAN networks. As you note the service discovery does not work
across these two network segments. I think it would make sense
to enable that in the future. It is possible to do that by enabling
the reflector mode in the avahi-daemon running on the router.
I haven't tested it but in principle, here is what you need to do.
SSH into the router and then
1. # vi /etc/avahi/avahi-daemon.conf
2. change 'enable-reflector' value to yes
enable-reflector=yes
3. Restart avahi
# /etc/init.d/avahi-daemon restart
I think your devices in LAN and Private WiFi should now be
able to discover each other, but as I said I haven't tested it. I also
need to verify that no further interface restrictions are needed to
make this secure.
If you are willing to test and verify that this works and submit a
pull request, I can include it in the upcoming alpha release.
Cheers,
Ranga
On Dec 10, 2014, at 6:17 PM, Marc Bejarano <openwireless.org at beej.org> wrote:
> hello BOFH,
>
>> from a security perspective, that's "da fault". it is perhaps just me, but i'm thinking the "lan" is one interface, and "wifi" another. having a 'global' exposure in tandem with a more trusted "local" network, is asking for trouble.
>
> i thought the design of this system was to have two private interfaces
> (one wi-fi and one lan) and a separate public wi-fi network. are you
> one of the developers working on the open wireless firmware? if not,
> i'd love it if one would chime in.
>
> cheers,
> marc
> _______________________________________________
> User mailing list
> User at openwireless.org
> http://openwireless.org/mailman/listinfo/user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/user/attachments/20141210/471eb5a7/attachment.html>
More information about the User
mailing list