Bypass Chilli using alternate IPs?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Sat May 3 17:13:37 UTC 2008
> I ran across this issue years ago. Your problem is that you have two lan
> interfaces, the tun0 one (192.168.182.1/24) and the br0 one. Nothing
> stops your box from routing stuff through br0 (the surfing w/o
> authenticating). One way to avoid that is to have no ip active on br0
> but DD-WRT doesn't allow you enough control to do that iirc. But here's
> a simple fix: Put
>
> iptables -I FORWARD -i br0 -j DROP
>
> in your firwall commands and nobody will be able to do that anymore.
>
Thanks. I will definitely look into that as a solution. I
do appreciate your confirming what I discovered AFTER I looked into
things. I'm also at a disadvantage due to the fact I was at the site
(700 miles from me) with proper equipment for 6 months and asked the
owner to test,test,test,test,test. When he signed off on it, I left
everything there so I don't have a test unit. Oddly, right after I
left came the "I never mentioned while you were here, but........."
items, of which this is one.
>
> In future, please use coova-ap, it's infinitely better, fully open
> source and less evil than DD-WRT ;-) well, don't want to start a thread
> on dd-wrt vs the rest here...
>
I've contacted Brainslayer about this already. His answer back
in Jan mentioned something about bugs (I'm not sure the details, might
have to do with the next part), and that its not "big endian and
arm/xscale safe".
I'd package up something myself, but because I need to turn
this over to another individual who isn't as proficient as I am, it
has to be something community supported and upgrades always
available. So "rolling my own" as it were isn't an option. I'm also
a consultant (Uncollected payment as of yet) so while I can state
what I would do given my prior experience and the level of quality
I would want the service to be, he and his pocket are making the
final decisions.
Thanks, Tuc
More information about the Chilli
mailing list