**** BEGIN LOGGING AT Sat Oct 31 02:59:57 2020
Oct 31 05:43:24 <hgl> @jow having some questions for firewall3, and found your email in the license :)
Oct 31 06:01:53 <hgl> i'm trying to debug why NAT reflection doesn't work for connections established from the router itself. and i have difficulty understanding the postrouting part of a redirect.
Oct 31 06:02:49 <hgl> When I create a rule that forwards from WAN to LAN, zone_lan_postrouting merely snat LAN cilent IPs to br-lan IP. That doesn't really seem to do anything. Is that intended?
Oct 31 06:04:42 <hgl> also do you think it makes sense to add dnat rule in the OUTPUT chain so that connections from router to WAN can also be forwarded to LAN client?
Oct 31 06:10:45 <hgl> This rule can't be easily added with user custom rule, since the WAN IP is usually dynamic (and also hard to update when WAN IP changes)
Oct 31 06:13:07 >KGB-1< https://tests.reproducible-builds.org/openwrt/openwrt_ath79.html has been updated. (99.1% images and 100.0% packages reproducible in our current test framework.)
Oct 31 09:22:00 <grift> has anyone considered automatically downing the pppoe connection on reboot etc, its pretty annoying that if i forget to down it on reboot that it doesnt properly come back up due to (i suspect) the isp only allowing one connection
Oct 31 09:37:52 <PaulFertser> Probably that should concern all connections that netifd handles.
Oct 31 09:38:00 <PaulFertser> Releasing dhcp leases etc
Oct 31 09:49:35 <rsalvaterra> An orderly shutdown. Wouldn't that be init's job?
Oct 31 09:56:27 <PaulFertser> procd would send shutdown event to netifd, yes
Oct 31 09:56:49 <PaulFertser> And I guess it already does, probably just something is missing in the pppoe scripts.
Oct 31 10:17:55 <DonkeyHotei> sounds like the isp's fault for not detecting the link down
Oct 31 12:41:56 <dangole> rsalvaterra: kinda weird to have OWE only in *-basic but not in *-full (same applies for mesh, imho *-full should really be EVERYTHING)
Oct 31 12:47:13 <dangole> rsalvaterra: also OWE is not the only way to build unathenticated but encrypted networks. one can also use EAP-TLS for that and not require client authentication....
Oct 31 12:59:43 <rsalvaterra> dangole: We don't have OWE in full…?
Oct 31 12:59:48 * rsalvaterra goes look
Oct 31 13:00:30 <dangole> rsalvaterra: sorry, my bad, we do have it
Oct 31 13:00:42 <rsalvaterra> We don't have in mesh, that's true.
Oct 31 13:01:05 <rsalvaterra> But maybe mesh is "special"…?
Oct 31 13:03:58 <dangole> wpad-mesh should be kept as small as possible while allowing to use SAE on 11s. I use that even on devices with 4MiB flash (tl-wr841n and such)...
Oct 31 13:05:10 <rsalvaterra> That means special on my book. ;)
Oct 31 13:08:26 >KGB-1< https://tests.reproducible-builds.org/openwrt/openwrt_omap.html has been updated. (0% images and 100.0% packages reproducible in our current test framework.)
**** ENDING LOGGING AT Sun Nov 01 02:59:57 2020