On 11/12/2015 8:03 AM, matt darfeuille wrote: > Hi, > > I want to implement wireless access to my dmz and I am not sure how I > need to configure shorewall. > > On openwrt I have a vlan interface which is bridged with a wireless > interface in AP mode: > > /etc/config/network: > > ... > config interface 'dmz' > option ifname 'eth0.300' > option proto 'dhcp' > option type bridge > ... > > /etc/config/wireless > ... > option mode 'ap' > option network 'dmz' > ... > > > Now I am not sure in shorewall what to do?: > > /zones > > dmz ipv4 > > -- > /interfaces > dmz eth0.300 destonly,dhcp,bridge > > /policy > all+ all+ REJECT > > > -- > /interfaces > dmz eth0.300 dhcp,bridge > > /policy > dmz $FW ACCEPT > $FW dmz ACCEPT > > -- > An other alternative? > > Basically what is the best way in shorewall to isolate my dmz > interface from the other interfaces without filtering traffic! > > > -- > /interfaces.annotated > # dhcp > ... > # Note > # > # If you use Shorewall-perl for firewall/bridging, then > you need to > # include DHCP-specific rules in shorewall-rules(8). DHCP > uses UDP > # ports 67 and 68. > # > > Is the following enough?: > DHCPfwd(ACCEPT) $FW zonename,zonename,... > > Thanks in advance for your help!!!:) >
Matt, I don't understand your configuration well enough to advise you. Please forward the output of 'shorewall dump' with the AP added. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
