[Commotion-admin] [commotion-router] Commotion router should be able to block all traffic to host's LAN from Mesh (#150)
Adam Longwill
notifications at github.com
Mon Oct 20 16:20:20 EDT 2014
Businesses in Pittsburgh are beginning to host nodes. But they are under PCI and HIPPA compliance rules that require their networks to be private and inaccessible by the public. Currently, Commotion does not support a built-in solution for shutting off access to a range of IP addresses. While it would be a better practice to have the host's router handle VLANning, with many consumer-grade pieces of equipment this is not an option.
Currently this issue is preventing us from connecting our mesh WAPs to their network without purchasing an additional device capable of separating LAN traffic from Mesh traffic-- a cost neither anticipated by our company nor our grant proposals.
While a separate device would be preferable to manage the VLANning, some hosts do not own the equipment to properly VLAN or segregate traffic from the Mesh from penetrating their network. Purchasing this equipment may be a deal-breaker for the host and a prospective installation may be cancelled, endangering the adoption of mesh networks in an area.
I propose that a GUI page be added that allows the administrator to define a range of IP addresses to completely block all traffic to and from. Obviously, if the gateway is this range it should be allowed (and it would be a good idea to place a note on the page requesting that the gateway IP be omitted from the range). By doing this, hosts who are concerned about privacy or are under PCI and HIPPA compliance requirements will be able to ensure that any requests for their internal resources will be denied at the Mesh router itself. Meta Mesh in Pittsburgh will attempt to do this via IPTables and manually adding those firewall rules to each node we install unless requested not to by the host but there should be an easy way to do this from the GUI.
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-router/issues/150
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20141020/0514d4fd/attachment.html>
More information about the Commotion-admin
mailing list