I removed the overlap, moving the WiFi LAN into its own segment
net (ISP-assigned IP = XX.XX.XX.XX)
|
|
| ( eth 0 )
router
|
|- ( eth1, static IP addr: 10.0.0.1/24 ) --> wired LAN
|
|- ( wlan1, static IP addr: 10.0.1.1/24 ) --> wifi LAN
Now, when I connect/login, I *do* get a 10.0.1.150 address assigned to the phone
AND,
I can ping from the phone, @ IP = 10.0.1.150 to
wlan1 @ IP = 10.0.1.1
eth1 @ IP = 10.0.0.1
any machine @ IP on the WiFi LAN
any machine @ IP on the wireless LAN
I can NOT ping (100% loss) to eth0, @ my ISP-assigned IP (xx.xx.xx.xx), or
beyond to the net.
So, apparently, even though both the INTIF and WIFIIF are in the same zone,
'lan', that's not yet enough.
Fwiw, according to netstat, my routes are
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
0.0.0.0 XX.XX.XX.1 0.0.0.0 UG 0 0
0 eth0
XX.XX.XX.0 0.0.0.0 255.255.252.0 U 0 0
0 eth0
XX.XX.XX.1 0.0.0.0 255.255.255.255 UH 0 0
0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0
0 wlan1
DT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
