18 Apr
2012
18 Apr
'12
7:46 p.m.
On 04/18/2012 02:24 PM, Darrell Anderson wrote:
The local machine would need to be the gateway router in order to be
authoritative on traffic source/destination. This is a corner case that
probably should not be handled by TDE, as it is a rather stupid idea to
run a GUI on your main gateway/firewall machines for security reasons.
Tim
I don't know whether the DD-WRT router
firmware can distinguish internet
usage among all machines here. knemo would become more useful to me if
the app could distinguish the difference. If I had only one machine here
then there is no need for a distinction, of course. I'm sure many knemo
users fit that description --- perhaps bug report (enhancement request)
322 is beyond the scope of the app.
I think it can be easily done and I like the internal verses distinction.
However, as your dd-wrt router probably also functions as your gateway,
its
iptables code can easily check internal/external at the point it sits on
the
network. For a client machine to do it, it would basically just have to
filter
packets and say:
if ip = mine; then
it's local
elif ip = myClassC subnet; then
it's internal
else
it ain't local and it ain't internal, so it must be external.
I'm just not sure how 'authoritative' an app like knemo could be on making
that
determination - I'm no routing guru.