Conversation

Notices

1. Embed this notice
   goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Tuesday, 31-Oct-2023 04:00:02 JST goatsarah

   Dark arts mastery: Created a Linux x86 VM on my M1 Pro MacBook Pro

   Within that Linux VM, created a docker container of Ubuntu with some personalised stuff.

   On that container, built another one with the OpenWRT builder for RPi 4

   Used that docker container to build a new OpenWRT image

   Booted it on a spare RPi 4 and restored the backup of my OpenWRT config to it.

   Took my actual OpenWRT router down, inserted the flash card I'd just created, and powered it back up.

   Everything. Worked.

   If you roll your own router, it's useful to know that you can recreate it were it to go tits-up, and I can!

   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Tuesday, 31-Oct-2023 04:26:42 JST goatsarah

     in reply to

     • Andy Buckley

     @agbuckley Well the OpenWRT builder doesn't run on ARM, and the only x86 box I own is a knackered old MacBook Pro, 2015, that I once poured beer through by accident and currently has some ancient crusty barely functioning Ubuntu on it.

     I should probably chuck it out.

   • Embed this notice
     Andy Buckley (agbuckley@mastodon.social)'s status on Tuesday, 31-Oct-2023 04:26:43 JST Andy Buckley

     in reply to

     @goatsarah Inception-level emulation. Respect

   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Tuesday, 31-Oct-2023 04:44:32 JST goatsarah

     in reply to

     Also, TIL: The OpenWRT web interface, Luci, by default listens on 0.0.0.0:80, (via uhttpd) which one may think is madness, because you don't want the WAN or non admin VLANs accessing it.

     So I changed it to 192.168.1.1:80, but it turns out that this is pointless. It was always firewalled from the WAN anyway (and indeed, port 80 and 443 incoming are forwarded to my Friendica server), and it turns out that it still accepts connections from other VLAN subnets because of funky loopback shit.

     So you need to firewall the router from potentially hostile VLAN subnets and just allow DNS and DHCP via port forwarding (if that's how you roll) through anyway.

     (Aside, I wondered what the fuck the "input" zone forwarding was on the OpenWRT firewall. Turns out it means traffic aimed at the router, and only the router. Live and learn.)

     And also, if you try and bind it to the main LAN, it comes up before that interface does, notices the interface doesn't exist, and promptly quits.

     And then you have to go in via ssh and start it manually.

     So don't do that. It's set to 0.0.0.0:80 in /etc/config/uhttpd for a reason, and we shouldn't fuck about with it.

     Rolling your own Internet router is fun, but there are all sorts of fun ways to screw yourself.

   • Embed this notice
     FeralRobots (feralrobots@mastodon.social)'s status on Tuesday, 31-Oct-2023 04:47:31 JST FeralRobots

     in reply to

     @goatsarah
     I would not go to those lengths, but I sincerely & heartily respect that you have done so.

     goatsarah likes this.
   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Tuesday, 31-Oct-2023 04:50:26 JST goatsarah

     in reply to

     • FeralRobots
     @FeralRobots Well it's been raining, you see...
   • Embed this notice
     goatsarah (goatsarah@thegoatery.dyndns.org)'s status on Tuesday, 31-Oct-2023 07:12:04 JST goatsarah

     in reply to

     • Gen X-Wing
     @breadbin I don't run it on any APs, but I love having it on my gateway!
   • Embed this notice
     Gen X-Wing (breadbin@bitbang.social)'s status on Tuesday, 31-Oct-2023 07:12:06 JST Gen X-Wing

     in reply to

     @goatsarah OpenWRT is useful (using it on two APs currently), but boy can networking and setting it up be an endless circle of confusion:(

     Good luck!