On 2/23/2018 5:44 AM, Spyros Stathopoulos wrote:
So would it make sense to put the device in a different subnetwork (say 10.0.7.1/24), create a VLAN (eg. eth1:0) and a new zone out of eth1:0 and do SNAT into the new subnetwork? I have done that to access me PPP modem on the WAN interface and it works but it is connected to a physical interface (eth0). Would such a similar approach work with VLANs? Spyros
Yes, a VLAN should work. You won't need to SNAT unless the device won't respond to other subnets. I have two local interfaces: lan4 192.168.4.0/24 wifi 192.168.6.0/24 Devices can reach each other. However, my wifi router (on wifi interface) won't let me access its configuration menu from lan4 unless I masq: ?COMMENT access point $WIFI_IF:$ap_SFN $lan4_net Bill ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
