On 11/14/2015 06:56 AM, matt darfeuille wrote: > Yes openwrt has the netstat utility with the following usage: > > Usage: netstat [-ral] [-tuwx] [-enWp] > > -- > No my goal is to use only shorewall. > Obviously /etc/init.d/firewall stop is not enough; disabling the > firewall script from starting at boot followed by a reboot does it > though! > > To keep it as simple as possible I will leave the dhcp question > aside! > > I have a server that provides firewallling(mac filtration ...) using > shorewall and other services like: dhcp, dns, ntp and so on. > > On that server which does not have any wireless interface I have two > vlan interface with PVID of 200 and 300(vlan 200 is for private > wireless devices and 300 is for dmz) > > That is where openwrt comes to play: > > Openwrt is installed on a wireless router and that wireless > capability is being used for adding wireless support! > > So on the router I have created two vlan interfaces on eth0(eth0.200 > eth0.300) and eatch interface is bridged with the wireless interface > with a different SSID. > > Basically what I have is: > server providing vlan 200 and 300 connected to router running openwrt > and that router provides only wireless capability. > > Actually eth0.200 is bridge with the wireless interface on the same > router: > eth1.200 on the server is connected to eth0.200 on the router and > eth0.200 is bridged with the wireless interface on that same router. > > Hopefully you will get a clearer pickture!!!:) > > Everything is working has it should; the only interrogation I have is > how to configure shorewall for that set up! >
Well, I assume that you want to allow internet access to the wifi zone, so you will want an ACCEPT policy for wifi->net. And you probably want the 'dhcp' interface option so that your local DHCP server can serve addresses. And you will want 'DNS(ACCEPT) wifi $FW' to allow wifi clients access to your DNS server. It looks like you have an all->all REJECT policy, so wifi hosts won't be able to access anything else. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
