> Should the procedure remain silent on the firewall? Or should people
> just put all interfaces into the lan zone? Or something else?
Pleae leave it as it is, it's fine. I'd remove the bits about making E0
internal, it just confuses things -- if the router has a 4-port switch,
it's not likely that getting an extra internal interface is likely to be
a critical feature.
>> If I were you, I'd explicitly tell hnetd that the E0 interface is external
>> ("option mode external"), since I don't trust the edge detection mechanism.
> I think you mean E1 - that's what the instructions use for the wide area
> interface.
It looks like one of us is confused.
> And 'option mode external' goes in /etc/config/network?
Yes, in the interface section.
> And is there a man page for hnetd that gives other options?
https://wiki.openwrt.org/doc/uci/network#protocol_hnet_self-managing_home_network_hncp
>> - before you start hacking, write down the IPv6 link-local address of
>> the LAN interface, to make sure you can log in;
> Done. The newest draft also tells people to make backups :-)
Please tone it down -- no need to frighten people, and if things go wrong,
you just boot into failsafe mode and either fix things or reset the router:
https://wiki.openwrt.org/doc/howto/generic.failsafe
Please use "sysupgrade -b backup.tar.gz" to do the backup -- I'd rather
you didn't mention the web interface at all, I've found it to be more
hassle than it's worth, and it's not included by default in the snapshot
(unstable) builds.
>> - you should review /etc/config/upnpd, and list the interfaces you want
>> to allow NAT-PMP on.
> I'm not quite sure how that affects things. Where would NAT-PMP be
> important in my home net?
It allows clients to perform port redirection automatically. Firewalls
are evil.
I also add the following to the firewall config:
config rule
option target 'ACCEPT'
option src 'wan'
option name 'Accept-v6'
option family 'ipv6'
option dest 'lan'
option dest_port '1024-65535'
Of course, since you've renamed wan and lan, you'll need to tweak the
relevant tweakanda.
> And finally, a prosaic question: There is a -wide variety of single
> quote usage in config files. Are there any places that quotes are
> mandatory?
The syntax is the same as the shell's. Actually, the config files are
shell script fragments -- 'config' and 'option' are shell functions,
defined in /lib/functions.sh.
> What is the best practice here?
Put single quotes everywhere, it avoids having to think about special
characters.
Thanks again for your work, Rich.
-- Juliusz
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
