**** BEGIN LOGGING AT Tue Oct 30 02:59:56 2007
Oct 30 13:40:40 <farnz> [florian]: You broke the fix for ticket 2535 in changeset 9461. Can you *please* fix it?
Oct 30 19:47:34 <[florian]> farnz: we discussed that with Kaloz already, actually we prefer only nating LAN
Oct 30 19:48:04 <Kaloz> well, we could actually check if lan is a private net or not
Oct 30 19:48:56 <Kaloz> but I guess maybe 0.000001% of the users ar in this situation, so it's better to leave this change to the enduser, and not bloat the firewall script
Oct 30 19:49:23 <Kaloz> specially, as there are other valid networks you can use and and want to nat
Oct 30 19:49:53 <Kaloz> (hint: 192.0.2.0/24)
Oct 30 20:09:27 <farnz> Kaloz: 192.0.2.0/24 is not valid outside of documentation and private (no connectivity) labs.
Oct 30 20:09:59 <farnz> [florian]: I'd guess that more users have public IP networks than you think; it's not uncommon in the UK, for example.
Oct 30 20:11:00 <farnz> I'd suggest that a better route is to add a flag for it, similar to IPv6 PPP.
Oct 30 20:11:39 <Kaloz> farnz: you are perfectly allowed to nat out 192.0.2.0/24
Oct 30 20:12:05 <farnz> Kaloz: You are allowed to NAT any IPs you choose; 192.0.2.0/24 is not allocated for private use, however.
Oct 30 20:12:27 <farnz> And I believe that NATting everything by default is simply broken.
Oct 30 20:12:38 <Kaloz> we nat out the lan now
Oct 30 20:13:08 <farnz> Also broken; my "LAN" is 81.187.250.192/28, and is publically routeable.
Oct 30 20:13:39 <farnz> Making it optional to disable NAT, and requiring me to add an extra flag to /etc/config/network or /etc/config/firewall saying "no NAT on LAN" makes sense to me.
Oct 30 20:14:01 <farnz> Making me customise scripts for a common UK configuration does not.
Oct 30 20:15:12 <farnz> After all, IPv6CP is a flag in a config file, not editing scripts, and I'd suggest that native IPv6 is rarer than routeable IPv4 LANs at the moment.
Oct 30 20:15:58 <farnz> However, if you're utterly opposed to making it an easy config option, I'm certainly not going to do the work needed to make that happen.
Oct 30 20:16:53 <farnz> I'd suggest that you rip out PPPoE support, too, though, as that's similarly rare to routeable IPv4 LANs.
Oct 30 20:17:36 <Kaloz> if you want to disable lan, simply change net.ipv4.ip_forward in /etc/sysctl.conf
Oct 30 20:17:53 <farnz> I want my LAN routed but not NATted.
Oct 30 20:17:56 <farnz> It's a very common setup.
Oct 30 20:18:19 <farnz> I'm even happy to do the work to make it an option in /etc/config/firewall or /etc/config/network (whichever you think better).
Oct 30 20:19:41 <farnz> So, which config file should it go in? network, or firewall?
Oct 30 20:20:08 <farnz> network has the advantage of generalising better to multiple local networks, while firewall puts all the firewalling in one place.
Oct 30 20:20:55 <Kaloz> what would you do then? and fyi, I do nat public addresses some places
Oct 30 20:21:55 <farnz> I'd prefer to make it network specific; a config option in the "config interface lan" block "option nat" defaulting to true, but settable.
Oct 30 20:22:34 <farnz> Then, if we generalise the firewall script to cope with multiple routed LANs (e.g. home and public WiFi on separate blocks) you can NAT them individually.
Oct 30 20:22:42 <farnz> Would you accept a decently written patch to do this?
Oct 30 20:23:10 <Kaloz> I cna only say when I saw the patch, but yeah, probably.. this way it makes sense
Oct 30 20:23:21 <farnz> Decently written is the key :)
Oct 30 20:23:41 <Kaloz> :)
Oct 30 20:24:02 <farnz> I don't expect you to accept crap code, after all.
Oct 30 20:24:54 <farnz> As a concept, then, "option nat true" and "option nat false" inside the config interface blocks in /etc/config/network, made to work sanely?
Oct 30 20:36:24 <farnz> https://dev.openwrt.org/attachment/ticket/2535/no-nat.diff - not yet tested.
Oct 30 20:36:36 <CIA-23> pavlov * r9463 /trunk/package/busybox/patches/ (27 files): refresh busybox patches
Oct 30 20:40:24 <CIA-23> pavlov * r9464 /trunk/package/busybox/patches/520-ipkg_secure.patch: add username/password options to ipkg, note this only works if you have a real wget implementation rather than the busybox limited wget
Oct 30 20:52:09 <farnz> Kaloz or [florian] - can you look at the patch I've added to #2535? It's functional, although I've reacquired the "fun" of ppp setting the device name to atm0 instead of ppp0
Oct 30 20:53:51 <farnz> I'm happy to do any rework needed to get it up to OpenWRT standards, of course.
Oct 30 22:40:55 <BeBrA`> hello!
Oct 30 22:41:10 <BeBrA`> anyone developing for brcm63xx?
Oct 30 22:47:23 <BeBrA`> how to select brcm63xxx while building kamikaze image?
**** ENDING LOGGING AT Wed Oct 31 02:59:57 2007