[User] subnets

Marc Bejarano openwireless.org at beej.org
Tue Jan 13 12:13:01 PST 2015 

hi ranga,

sorry for the delayed reply.  i haven't tested your proposed solution
to the problem, but before i do, i want to understand the pros of it
versus what i see to be the more obvious solution.

every retail wireless router i've come across defaults to bridging the
LAN and Wi-Fi "segments".  is it a conscious decision on your part to
not do this?  if so, to what end?

i see the con to having two separate subnets for LAN and Private Wi-Fi
as needlessly complicating things and breaking assumptions that many
environments have about home Wi-Fi networks.

cheers,
marc

On Wed, Dec 10, 2014 at 7:05 PM, Ranga Krishnan <ranga at eff.org> wrote:
>
> Hi Marc,
>
> We do allow for traffic forwarding between the private WiFi and
> LAN networks. As you note the service discovery does not work
> across these two network segments. I think it would make sense
> to enable that in the future. It is possible to do that by enabling
> the reflector mode in the avahi-daemon running on the router.
>
> I haven't tested it but in principle, here is what you need to do.
> SSH into the router and then
>
> 1.   #     vi /etc/avahi/avahi-daemon.conf
>
> 2. change 'enable-reflector'  value to yes
>
> enable-reflector=yes
>
> 3. Restart avahi
>
> # /etc/init.d/avahi-daemon restart
>
>  I think your devices in LAN and Private WiFi should now be
> able to discover each other, but as I said I haven't tested it.  I also
> need to verify that no further interface restrictions are needed to
> make this secure.
>
> If you are willing to test and verify that this works and submit a
> pull request, I can include it in the upcoming alpha release.
>
> Cheers,
> Ranga
>
>
>
> On Dec 10, 2014, at 6:17 PM, Marc Bejarano <openwireless.org at beej.org>
> wrote:
>
> hello BOFH,
>
> from a security perspective, that's "da fault". it is perhaps just me, but
> i'm thinking the "lan" is one interface, and "wifi" another.  having a
> 'global' exposure in tandem with a more trusted "local" network, is asking
> for trouble.
>
>
> i thought the design of this system was to have two private interfaces
> (one wi-fi and one lan) and a separate public wi-fi network.  are you
> one of the developers working on the open wireless firmware?  if not,
> i'd love it if one would chime in.
>
> cheers,
> marc
> _______________________________________________
> User mailing list
> User at openwireless.org
> http://openwireless.org/mailman/listinfo/user
>
>

More information about the User mailing list