[Olsr-users] Query about OpenWRT-specific firewall settings preferred for SmartGateway

Ben West (spam-protected)
Tue Oct 22 22:29:44 CEST 2013


Hi Teco,

Thank you very much for sharing that.

Why MTU=1440?  README-Olsr-Extensions suggests MTU=1480.  Does the MTU
preferred by SmartGateway decrease with increasing mesh hops?  E.g. 1 hop
would require maximum MTU=1480, 2 hops -> MTU=1440?



On Tue, Oct 22, 2013 at 2:02 PM, Teco Boot <(spam-protected)> wrote:

> I use:
>    iptables -t mangle -A POSTROUTING -o tnl_+ -p tcp --tcp-flags SYN,RST
> SYN -j TCPMSS --set-mss 1440
>
> This applies to output chain also.
>
> Teco
>
> Op 22 okt. 2013, om 19:19 heeft Ben West <(spam-protected)> het volgende
> geschreven:
>
> > Hi Teco,
> >
> > Thank you for the response.  I have indeed been looking for examples of
> current iptables syntax for TCPMSS appropriate to the default chains set up
> by OpenWRT (of which there are many).
> >
> > Besides the chain named "FORWARD," as suggested in
> README-Olsr-Extensions, OpenWRT also has the chains "forward," and
> "forwarding_wan," "zone_wan_forward," et al.     If anyone else on this
> list has such an iptables rule working on OpenWRT AA, do certainly feel
> free to chime in.
> >
> > Also, I believe I was able to answer my own question.  The olsrd.init
> file presently packaged with OpenWRT does now include the two iptables
> rules listed on the Freifunk wiki page for use with SmartGateway option.
> >
> >
> https://github.com/openwrt-routing/packages/blob/master/olsrd/files/olsrd.init
> >
> >
> >
> > On Tue, Oct 22, 2013 at 12:02 AM, Teco Boot <(spam-protected)> wrote:
> > The firewall filter could be needed if a catch_all DROP rule in forward
> chain exists.
> > I don't understand the masquerade. Maybe something with rp_filter.
> > Don't forget TCPMSS.
> >
> > Teco
> >
> >
> > This could have to do with rpfilter.
> >
> > Op 21 okt. 2013, om 19:07 heeft Ben West <(spam-protected)> het
> volgende geschreven:
> >
> > > Hello,
> > >
> > > I happened upon this 2-year-old page on the Freifunk wiki listing (in
> German) preferred firewall settings to use with the SmartGateway plugin:
> > >
> > > http://wiki.freifunk.net/index.php?title=OLSR/SmartGateway
> > >
> > > Are these suggested firewall settings still valid for OpenWRT?
> > >
> > > The info provided in README-Olsr-Extensions is a bit more vague about
> suggested firewall / iptables setup for SmartGateway, i.e. to accommodate
> diverse linux distros.
> > >
> > >
> > > --
> > > Ben West
> > > http://gowasabi.net
> > > (spam-protected)
> > > 314-246-9434
> > > --
> > > Olsr-users mailing list
> > > (spam-protected)
> > > https://lists.olsr.org/mailman/listinfo/olsr-users
> >
> >
> > --
> > Olsr-users mailing list
> > (spam-protected)
> > https://lists.olsr.org/mailman/listinfo/olsr-users
> >
> >
> >
> > --
> > Ben West
> > http://gowasabi.net
> > (spam-protected)
> > 314-246-9434
>
>
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users
>



-- 
Ben West
http://gowasabi.net
(spam-protected)
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20131022/5bd25c01/attachment.html>


More information about the Olsr-users mailing list