if you can read this, my network migration was successful

tailing the logs to see . . .
posted at 16:10
<time passes>

Hmm, looks like port forwarding needs some work. I actually want to forward a range of 1(?) instead of a single port?

<the next morning>
Well, that took a while.

Note to self: when moving a system inside an existing firewall/perimeter, you need to turn off it’s own firewall if you expect it to see any traffic from a port forward directive.

The network migration included:

  1. Moving the Linksys (hostname bruise [its colors are black and a rich purple: that was what I came up with]) to replace the Airport. That went fine.
  2. Replacing the FreeBSD host (webserver, MySQL server, nat gateway, etc.) with the LinkSys’s routing/port forwarding superpowers. That took longer, as some premature firmware mucking about was involved.
  3. Dragging cables around: the server(s) in are one room and the access point is in a hallway/open area some distance for more central access.

Notes in general:

  • dd-wrt is a work in progress (I tried v.23SP1) but seems quite good. I couldn’t get the port forwarding directives to adhere. Coulda been browser issues.
  • the web UI responds differently, at times indifferently, to different browsers. Sometimes FireFox was the way to go, WebKit (the nightly Safari build) almost never was, the stock Safari worked when FireFox didn’t. Sometimes.
  • the default firmware, while not as complete as the open-source versions, seems to work just fine. I reverted back to it just to see if port forwarding could be made to work at all.
  • Perhaps one of the reasons so many Linksys access points are unsecured is due to how crummy the UI interaction is. It took me several tries to reset the password.
  • If you use an open source variant of the firmware and want to use ssh, the username is root, no matter what you specify in the UI, even though your changes will be reflected in the UI.
  • In the Administration screen in the UI, there is an option to snapshot your configuration. Use it early and often.
  • There may be a way to handle this kind of network-y/routing stuff in the shell (iptables is how all that is done) but I never got anywhere with it. I added some commands that either replicated existing directives or never showed up: a diff of the output of iptables -L showed no changes.

Now, one more time, to see if the open source firmware is worth mucking with. I know the hardware works. And the folks on the dd-wrt project pointed me to some later versions of the firmware. Perhaps that will make a difference.

Leave a Reply

Your email address will not be published. Required fields are marked *