Hi Tom, While doing shorewall-lite dump I get the following:
root@OpenWrt:~# shorewall-lite dump >dump.txt /sbin/shorewall-lite: line 1: ss: not found root@OpenWrt:~# Any idea why? Tom, while doing the dump the interface used was eth0.200 and the name is wifi and not dmz! Everything was already set up for wifi with the interface eth0.200. Dump privately send! -Matt On 12 Nov 2015 at 16:58, Tom Eastep wrote: > On 11/12/2015 8:03 AM, matt darfeuille wrote: > > Hi, > > > > I want to implement wireless access to my dmz and I am not sure how I > > need to configure shorewall. > > > > On openwrt I have a vlan interface which is bridged with a wireless > > interface in AP mode: > > > > /etc/config/network: > > > > ... > > config interface 'dmz' > > option ifname 'eth0.300' > > option proto 'dhcp' > > option type bridge > > ... > > > > /etc/config/wireless > > ... > > option mode 'ap' > > option network 'dmz' > > ... > > > > > > Now I am not sure in shorewall what to do?: > > > > /zones > > > > dmz ipv4 > > > > -- > > /interfaces > > dmz eth0.300 destonly,dhcp,bridge > > > > /policy > > all+ all+ REJECT > > > > > > -- > > /interfaces > > dmz eth0.300 dhcp,bridge > > > > /policy > > dmz $FW ACCEPT > > $FW dmz ACCEPT > > > > -- > > An other alternative? > > > > Basically what is the best way in shorewall to isolate my dmz > > interface from the other interfaces without filtering traffic! > > > > > > -- > > /interfaces.annotated > > # dhcp > > ... > > # Note > > # > > # If you use Shorewall-perl for firewall/bridging, then > > you need to > > # include DHCP-specific rules in shorewall-rules(8). DHCP > > uses UDP > > # ports 67 and 68. > > # > > > > Is the following enough?: > > DHCPfwd(ACCEPT) $FW zonename,zonename,... > > > > Thanks in advance for your help!!!:) > > > > Matt, > > I don't understand your configuration well enough to advise you. Please > forward the output of 'shorewall dump' with the AP added. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
