Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

All routers answering to anygw IP when connected via LAN-LAN #1008

Closed
ilario opened this issue Apr 12, 2023 · 5 comments
Closed

All routers answering to anygw IP when connected via LAN-LAN #1008

ilario opened this issue Apr 12, 2023 · 5 comments

Comments

@ilario
Copy link
Member

ilario commented Apr 12, 2023

I first reported this issue here (first spotted by @pedro-nonfree) #1007 (comment) but @pony1k correctly identified that the issues are idependent.

What happens is that when one use the anygw IP (e.g. connecting to thisnode.info) gets answers from both routers, if they are connected in this way:

Laptop-ethernet port____lan1-router1-lan2____lan1-router2

This was observed using DSA-supported routers (PlasmaCloud PA1200 with both ports configured as LAN; Xiaomi MiRouter 4A gigabit edition) using OpenWrt 22.03 branch.

Seems that this should be avoided by these rules:

RULE_DO_NOT_FORWARD_ANYGW_1="FORWARD -j DROP -d $ANYGW_MACS"
RULE_DO_NOT_FORWARD_ANYGW_2="POSTROUTING -t nat -o bat0 -j DROP -s $ANYGW_MACS"

@G10h4ck
Copy link
Member

G10h4ck commented Apr 14, 2023

In case of non-DSA hardware switches, those rules does not even see the packets because they are switched directly by the switching chip without pushing them to the CPU and then to the kernel.

In case of DSA hardware switch it probably depends on the implementation, reading a bunch of kernel and driver code should help deciphering this.

@G10h4ck
Copy link
Member

G10h4ck commented Apr 14, 2023

anyway one should not use AnyGW IP for SSH or similar things, having the lime-app responding on that IP is already an usability compromise

@LaneaLucy
Copy link

Shouldn't there be ground routing set, if you connect 2 lime systems over cable, which by default uses different vlans, which again solves the problem, that the CPU don't see the packets?

@G10h4ck
Copy link
Member

G10h4ck commented Apr 21, 2023

Shouldn't there be ground routing set, if you connect 2 lime systems over cable, which by default uses different vlans, which again solves the problem, that the CPU don't see the packets?

That is a possibility but it doesn't happen automatically

@ilario
Copy link
Member Author

ilario commented Nov 7, 2024

anyway one should not use AnyGW IP for SSH or similar things, having the lime-app responding on that IP is already an usability compromise

@G10h4ck Also lime-app will have a very erratic behavior in this setup, no? Users are encouraged to access lime-app via names like thisnode.info, that gets resolved with the AnyGW IP. Then the browser will randomly receive answers from both router1 and router2, no?

Anyways this LAN-LAN setup causes other severe issues, like the one described in #1121 and #1118. In this setup a specific interface configuration is recommended, where the ethernet interface used for connecting to the other LibreMesh node is removed from the LAN bridge. I suppose this interface-specific configuration fixes this "multiple answers" problem also.

Please feel free to re-open if my assumption is wrong!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants