On 08/29/2018 08:27 AM, Matt Darfeuille wrote: > On 8/29/2018 4:54 PM, Tom Eastep wrote: >> On 08/29/2018 03:42 AM, Matt Darfeuille wrote: >>> Hi, >>> >>> I'm trying to understand how I should configure OpenWRT and Shorewall >>> with bridge interface. >>> >>> OpenWRT 18.06: >>> >>> /etc/config/network: >>> >>> >>> config switch_vlan >>> option device 'switch0' >>> option vlan '110' >>> >>> config interface 'wifi' >>> option proto 'static' >>> option ifname 'eth0.110' >>> option type 'bridge' >>> option ipaddr '172.19.110.254' >>> option netmask '255.255.255.0' >>> >>> >>> The interface is bridged with the wireless interface. >>> >>> For now in '/etc/shorewall/interfaces' I have: >>> >>> <ZONE-NAME> eth0.110 dhcp,required,wait=60,routeback=1 >>> >>> 'The option 'routeback=1' is used following the advice (note) for the >>> 'bridge' option at (1). >>> >>> $ ip addr show br-wifi >>> 6: br-wifi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >>> state UP group default qlen 1000 >>> link/ether e2:91:f5:04:75:94 brd ff:ff:ff:ff:ff:ff >>> inet 172.19.110.254/24 brd 172.19.110.255 scope global br-wifi >>> valid_lft forever preferred_lft forever >>> inet6 fe80::e091:f5ff:fe04:7594/64 scope link >>> valid_lft forever preferred_lft forever >>> >>> Or should I simply follow the advice from (2) and (3, component 6)? >>> >>> In other words, how should Shorewall be configured with bridge >>> interfaces on OpenWRT. >>> >>> Any help/hint is appriciated. >>> >>> 1) http://shorewall.org/manpages/shorewall-interfaces.html >>> 2) http://shorewall.org/bridge-Shorewall-perl.html >>> 3) http://shorewall.org/MAC_Validation.html#Components >>> >>> -Matt >>> >> >> You haven't said what you are trying to do with this bridge, so I would >> refer you to http://www.shorewall.org/bridge-Shorewall-perl.html which >> describes both a bridge/firewall and a bridge/router. >> > > Hi Tom, thanks for your answer. > > That is where I'm confused, none of the examples on the given page are > reflecting OpenWrt way of creating bridges.
A Linux bridge is a Linux bridge, no matter how it is created and configured. > > The interface in question is configured to dish out IP, DNS, ... > That interface should be isolated from the other interfaces. > Okay. So use the 'routeback' option and define it as you would any other interface, unless you need to filter traffic between ports on the bridge. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
