Hi all, I don't known if this is a old argument but exsist the possibility to implement a secure mesh network? For example a tecnique that crypt batman-adv traffic with a preshare key or similar or using ebtables to block all INPUT and OUTPUT traffic and allow only the specified nodes mac?
Rgds
-- Filippo Sallemi
Hi,
I don't known if this is a old argument but exsist the possibility to implement a secure mesh network? For example a tecnique that crypt batman-adv traffic with a preshare key or similar or using ebtables to block all INPUT and OUTPUT traffic and allow only the specified nodes mac?
Please consult our FAQ and feel free to ask unanswered questions afterwards: http://www.open-mesh.org/wiki/open-mesh/FAQ
Regards, Marek
Hi guys, I've read the open-mesh FAQ but I'm not able to resolve my problem. I understood that the mesh network is a public network and that every user have to make sure their connection is secure but i don't want that another node (alien) can connect to my network so i thinked about use ebables to block all traffic (such as policy DROP of iptables) and allow only certain nodes to comunicate with other.
I need some like this ebtables -i wlan0 DROP ebtables -i wlan0 --src <node mac> ACCEPT
but don't work for me
Any suggest?
Rgds 2011/8/16 Marek Lindner lindner_marek@yahoo.de:
Hi,
I don't known if this is a old argument but exsist the possibility to implement a secure mesh network? For example a tecnique that crypt batman-adv traffic with a preshare key or similar or using ebtables to block all INPUT and OUTPUT traffic and allow only the specified nodes mac?
Please consult our FAQ and feel free to ask unanswered questions afterwards: http://www.open-mesh.org/wiki/open-mesh/FAQ
Regards, Marek
On Tuesday 04 October 2011 23:39:04 Filippo Sallemi wrote:
Hi guys, I've read the open-mesh FAQ but I'm not able to resolve my problem. I understood that the mesh network is a public network and that every user have to make sure their connection is secure but i don't want that another node (alien) can connect to my network so i thinked about use ebables to block all traffic (such as policy DROP of iptables) and allow only certain nodes to comunicate with other.
I need some like this ebtables -i wlan0 DROP ebtables -i wlan0 --src <node mac> ACCEPT
but don't work for me
ebtables is for made for bridges. So you have to send the whole traffic over a bridge that does the filtering for you. But I doubt that it actually fix your problem with alien nodes.
Kind regards, Sven
Hi Filippo,
On Tue, Oct 04, 2011 at 11:39:04PM +0200, Filippo Sallemi wrote:
Hi guys, I've read the open-mesh FAQ but I'm not able to resolve my problem. I understood that the mesh network is a public network and that every user have to make sure their connection is secure but i don't want that another node (alien) can connect to my network so i thinked about use ebables to block all traffic (such as policy DROP of iptables) and allow only certain nodes to comunicate with other.
I need some like this ebtables -i wlan0 DROP ebtables -i wlan0 --src <node mac> ACCEPT
but don't work for me
Any suggest?
If you dig a bit in the mailing list archive you can probably find some other threads talking about this topic. ebtables only work on bridges, therefore it won't work on simple interfaces like wlan0..
Rgds 2011/8/16 Marek Lindner lindner_marek@yahoo.de:
Hi,
I don't known if this is a old argument but exsist the possibility to implement a secure mesh network? For example a tecnique that crypt batman-adv traffic with a preshare key or similar or using ebtables to block all INPUT and OUTPUT traffic and allow only the specified nodes mac?
Please consult our FAQ and feel free to ask unanswered questions afterwards: http://www.open-mesh.org/wiki/open-mesh/FAQ
Regards, Marek
-- Filippo Sallemi
Hi, after some hours spend to find another threads talking about this topic I'm not able to resolve my problem but I have another two question about this. 1. Can I user macfilter option in wireless config without decerase performance? 2. Exists another tool such ebtables but that work on a simple interface?
Rgds
2011/10/4 Antonio Quartulli ordex@autistici.org:
Hi Filippo,
On Tue, Oct 04, 2011 at 11:39:04PM +0200, Filippo Sallemi wrote:
Hi guys, I've read the open-mesh FAQ but I'm not able to resolve my problem. I understood that the mesh network is a public network and that every user have to make sure their connection is secure but i don't want that another node (alien) can connect to my network so i thinked about use ebables to block all traffic (such as policy DROP of iptables) and allow only certain nodes to comunicate with other.
I need some like this ebtables -i wlan0 DROP ebtables -i wlan0 --src <node mac> ACCEPT
but don't work for me
Any suggest?
If you dig a bit in the mailing list archive you can probably find some other threads talking about this topic. ebtables only work on bridges, therefore it won't work on simple interfaces like wlan0..
Rgds 2011/8/16 Marek Lindner lindner_marek@yahoo.de:
Hi,
I don't known if this is a old argument but exsist the possibility to implement a secure mesh network? For example a tecnique that crypt batman-adv traffic with a preshare key or similar or using ebtables to block all INPUT and OUTPUT traffic and allow only the specified nodes mac?
Please consult our FAQ and feel free to ask unanswered questions afterwards: http://www.open-mesh.org/wiki/open-mesh/FAQ
Regards, Marek
-- Filippo Sallemi
-- Antonio Quartulli
..each of us alone is worth nothing.. Ernesto "Che" Guevara
On Wed, Oct 05, 2011 at 10:25:08 +0200, Filippo Sallemi wrote:
Hi, after some hours spend to find another threads talking about this topic I'm not able to resolve my problem but I have another two question about this.
- Can I user macfilter option in wireless config without decerase performance?
mh..Honestly I don't know, I think that any kind of filter will affect the performance somehow. Probably (if I am not wrong) the macfilter configuration on the node firmware is an hostapd feature (do you use openwrt, right?).
- Exists another tool such ebtables but that work on a simple interface?
Don't think so..but I could be wrong. IIRC we discussed about the possibility of creating br0, enslave wlan0 (or whatever is your phy device) into br0 and then use ebtables on br0. Really ugly IMHO :p
Cheers,
Thanks for your reply Antonio, but in my scenario there are three mesh networks (with batman-adv) and I need to block access from nodes of each other. However enslaving wlan0 on br0 is very very ugly.
Other ideas?
2011/10/5 Antonio Quartulli ordex@autistici.org:
On Wed, Oct 05, 2011 at 10:25:08 +0200, Filippo Sallemi wrote:
Hi, after some hours spend to find another threads talking about this topic I'm not able to resolve my problem but I have another two question about this.
- Can I user macfilter option in wireless config without decerase performance?
mh..Honestly I don't know, I think that any kind of filter will affect the performance somehow. Probably (if I am not wrong) the macfilter configuration on the node firmware is an hostapd feature (do you use openwrt, right?).
- Exists another tool such ebtables but that work on a simple interface?
Don't think so..but I could be wrong. IIRC we discussed about the possibility of creating br0, enslave wlan0 (or whatever is your phy device) into br0 and then use ebtables on br0. Really ugly IMHO :p
Cheers,
-- Antonio Quartulli
..each of us alone is worth nothing.. Ernesto "Che" Guevara
b.a.t.m.a.n@lists.open-mesh.org
-
Antonio Quartulli -
Filippo Sallemi -
Marek Lindner -
Sven Eckelmann