22 Nov
2017
22 Nov
'17
2:16 p.m.
On 11/08/17 12:11, Gio wrote:
On Wednesday, 9 August 2017 16:03:33 CEST Amuza
wrote:
Hi,
It took me a while to get Gio's point.
Now I like it.
However, I keep facing the problem.
Some people are about to join the community network but they take a step
back as soon as they know community users could get into their private
network.
I try to calm their media-biased worries, talk about the meaning of
community and even the technical solutions, but they won't join the
community network.
The reality is that here we need people sharing their Internet connection.
That is why I am resuming this thread and try to find a solution for
this specific case.
How could I configure my community network profile (files to edit,
parameters...) so that community users could only access the community
network and the Internet?
(Let's consider the community network is 10.0.0.0/8 and the private
networks to deny are 192.168.0.0/16 and 172.16.0.0/12).
Thank you!
Hi,
Sometimes I explain what this community network thing is to someone in
my district. They likes the idea and they has an ISP router. Then I ask
them if they would like to share their Internet connection and they says
"yes, why not?". But then they asks if users in the community network
could have access to their private home network. I answer they could,
but it can be avoided in different ways -create different VLANs in the
ISP router, configure a firewall, closing ports in the computers...
Then they stops liking this community network thing.
It is frustrating, because many people do not share their Internet
connection because of this, and so we lose the resources we need.
Well it seems
they have a curious idea of community... but i can understand it
in the current situation, with media talking of "hackers" all the time...
I was wondering if there would be a way that LiMe
could come
preconfigured in such a way that, when an Internet gateway is added, it
could only communicate to that ISP router, and no other host in that
private network. I mean to automatically create the proper firewall
rules so that the LiMe network could not access hosts in private networks.
That would not be real security, as that configuration could be removed
by any administrator in the community network, but we would be able to
start our answer saying "by default LiMe cannot enter into your private
network", and then explain what they could do to improve their security.
What do you think of it?
I believe it is easy to do but i won't do this by
default, you could
eventually create a community profile (ask Pau for the correct naming) with
this enabled by default, but ATM is not on top of my priority stack
Have you found this obstacle?
What would you reply to that person?
Yeah, and I have answere that their computer
are exposed to the internet
anyway, so give a little of trust to your neighbours could be the first step to
create a community
Is my proposal doable?
It is pretty easy I
would say
If so, should I open a Github issue? Where? In
lime-packages?
It is not an issue, more a "feature" request I would say
Cheers!