AFAIK, this is a setting you twiddle in the wireless driver, or even deeper (wireless firmware is likely). This has nothing to do with the 'normal' Linux network stack.
All it really does is prevents the wireless driver/firmware from retransmitting packets it receives destined for someone else it knows about (ie. has dst mac of a connected client). ie. operation with isolation on is actually easier on the driver/firmware since it requires you to do nothing (as opposed to doing dst mac lookups and likely re-encrypting and sending to the right client)... On Mon, Feb 25, 2013 at 12:31 PM, Paul Hartman <[email protected]> wrote: > On Mon, Feb 25, 2013 at 6:08 AM, Martin T <[email protected]> wrote: >> According to /etc/config/wireless configuration file documentation, >> "option 'isolate' '1'" isolates wireless clients from each other in >> case device is working in WAP mode. In other words 802.11a/b/g/n >> clients are not able to reach each other in the same collision domain. >> For example if I set "option 'isolate' '1'" then I'm not able to ping >> or arping a host in the same 802.11g network. This setting does not >> change any firewall rules according to "iptables -L". In addition, >> there is no ebtables installed. How is this technically achieved? Is >> this part of 802.11 standards? I haven't found an article which >> explains this. I guess this isolation is done on physical >> layer(802.11a/b/g/n)? > > I believe it has to do with the bridging component, and MAC forwarding > tables, not firewall rules. So data from a MAC is not forwarded to > other local MACs, only to the outside world. But a developer might be > able to give a more detailed explanation of exactly how it works. > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
