Modify

Opened 6 years ago

Last modified 4 years ago

#10120 new defect

NSLU2 initial network configuration

Reported by: yasen6275@… Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: base system Version: Backfire 10.03.1 RC5
Keywords: Cc:

Description

By default device NIC is set in lan firewall zone and there is dhcp server attached to it. I suppose that there is security reason for that but on this device I don't think they are relevant.

To be fully functional this device needs second usb attached NIC (wifi and/or wired one). This second NIC needs usb kernel modules and maybe firmwares. These have to be installed from internet but when build in NIC is set in wan zone it becomes unreachable neither bu ssh nor by web.

The other option for this device(not excluding the above) is to be used as NAS for usb mass storage devices. Here we need again some kmod packages. Which have to be downloaded from somewhere.

Having in mind that there is big red warning for putting password in the web interface I think that it is save enough to make web interface and ssh accessible from wan and buildin NIC in wan zone. For this device only. Obviously there will be some kind of connection(web or ssh) to the device and the password could/should/must be set/changed. The setting up procedure most probably will be done behind some other rooter. So the risk is minimal. If there are some other security concerns these services could be made available on some non specific port.

Also I think it is good idea to put some of the basic usb kernel modules directly in the image.

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by Sigurd Hogsbro <shogsbro@…>

On the firewall aspect of your ticket:

It is not clear to me whether the wan/lan are given special treatment based on their names, but if not we could remove the LAN instance (if the NSLU2 is e.g. the DMZ host within a users network) or the WAN instance (if the NSLU2 is e.g. serving the users iTunes collection on an attached USB harddisk).

On the packages included within the NSLU2 default image:

I would prefer that the NSLU2 image is kept slim by default; you can always install the extra modules you require using opkg. FWIW, I don't have any issues with network connectivity on my NSLU2's, as long as I set the default gateway and DNS servers on the LAN instance in /etc/config/network.

As an example usecase, my NSLU2's are used as gateway nodes within a family network, running IPv6 and OpenVPN tunnels.

comment:2 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.