27 Feb
2018
27 Feb
'18
12:02 p.m.
Hi!
On 22/11/17 16:01, Ilario Gelmetti wrote:
On 11/22/2017 02:16 PM, Amuza wrote:
I didn't understand the paragraph above.
How could I configure my community network
profile (files to edit,
parameters...) so that community users could only access the community
network and the Internet?
Even if I agree with Gio that this would be very
detrimental for sharing
of local content, I recognize that many people just doesn't want this,
so this network separation should be implemented but not enabled by default.
I would do this as another private subnet accessible through AP named
interface (the AP with router specific name) and an internal NATting
towards the br-lan with mesh network. Also some ethernet ports could be
configured manually to enter this second private network. I don't think this can be done right now
modifying /etc/config/lime,
neither with specific interface configurations, more coding should be
needed.
I created a Github issue on the network-profiles repository [0], as I
keep needing this.
Basically, now I am asking for help to create a network profile that simply:
- Allows access to public addresses and to 10.0.0.0/8
- Denies access to any host within 192.168.0.0/16 and 172.16.0.0/12
private networks
- Keep using all shared Internet gateways, including those within denied
networks 192.168.0.0/16 and 172.16.0.0/12
It is not the perfect solution but it would satisfy me for the time
being. But I do not know how to do it.
As it looks simpler now, can I achieve it just by configuring files?
Maybe by editing /etc/firewall.user?
Any tip on how to do it or where to start is very much appreciated.
Devs, could you estimate how much effort does this
require?
I'm not sure it's worth, or at least we have other priorities, first of
all the new web interface which needs a lot of love ASAP:
https://github.com/libremesh/lime-packages-ui
This separation in mesh network/house network would be useful also for
implementing QoS prioritizing house traffic over mesh traffic to the
house gateway, as suggested here:
https://github.com/libremesh/lime-packages/issues/244
[0] https://github.com/libremesh/network-profiles/issues/24