Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Meshing over Ethernet - Firewalls segment network #165

Open
andygunn opened this issue Feb 10, 2015 · 0 comments
Open

Meshing over Ethernet - Firewalls segment network #165

andygunn opened this issue Feb 10, 2015 · 0 comments
Assignees
@jheretic
Labels
bug Needs Review
Milestone
Router-1.2

Comments

@andygunn
Copy link

During a recent workshop, we had a fairly complex network setup at the "center point" of the mesh - a radio station where tower access made it possible to mount three NanoStation M2 units very high, and one Rocket M2 lower down on the tower with small omni whip antennas:
mesh-bukavu-moe-firewall-issue
The mesh-over-Ethernet domain is shown in the yellow circle.

Setup:

  • The three NanoStations and single Rocket were meshed together via Ethernet.
  • The three NanoStations were assigned different channels (1, 6, 11) and the corresponding mesh segments they pointed at had the same channel assignments. This was to reduce on-channel interference between the closely spaced nodes.
  • The Access Points were disabled on the NanoStations
  • The wireless mesh link was disabled on the Rocket

The rest of the network connected back to this tower, and with Access Points turned off on the rooftop mesh equipment, had excellent connections with low (less than 2.0) ETX values.

A problem occurred when connected to the AP at the base of the tower (the Rocket M2), and any node not meshed over Ethernet was accessed via the web: the connection would time out completely. It was possible to SSH to each node via the IP address, but not access the web interface.

It appeared that users attached to the nodes in one "segment" of the network wouldn't be able to see the users or access the resources on the other segments. This was not heavily tested, but it would have been the case that each sub-mesh connected to the NanoStation on the tower was not able to access resources on the other segments.

The problem was traced to the firewall on the four nodes on the tower that were meshed over Ethernet. When the firewalls were turned off, all of the nodes on the network were accessible from the clients attached to the Rocket at the base of the tower.

This requires further testing but could be resolved with some of the "automagic" configuration that would come along with the meshing over Ethernet rework as mentioned in other issues:
opentechinstitute/luci-commotion#209
etc.
@dismantl dismantl self-assigned this Feb 12, 2015
@jheretic jheretic added this to the Router-1.2 milestone Feb 24, 2015
@jheretic jheretic assigned jheretic and unassigned dismantl Apr 27, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jheretic jheretic

Labels
bug Needs Review
Projects
None yet
Milestone
Router-1.2
Development

No branches or pull requests
3 participants
@jheretic @dismantl @andygunn