Re: [Shorewall-users] Bridge interface OpenWRT

Wed, 29 Aug 2018 07:56:25 -0700 

On 08/29/2018 03:42 AM, Matt Darfeuille wrote:
> Hi,
> 
> I'm trying to understand how I should configure OpenWRT and Shorewall
> with bridge interface.
> 
> OpenWRT 18.06:
> 
> /etc/config/network:
> 
> 
> config switch_vlan
>       option device 'switch0'
>       option vlan '110'
> 
> config interface 'wifi'
>       option proto 'static'
>       option ifname 'eth0.110'
>       option type 'bridge'
>       option ipaddr '172.19.110.254'
>       option netmask '255.255.255.0'
> 
> 
> The interface is bridged with the wireless interface.
> 
> For now in '/etc/shorewall/interfaces' I have:
> 
> <ZONE-NAME> eth0.110 dhcp,required,wait=60,routeback=1
> 
> 'The option 'routeback=1' is used following the advice (note) for the
> 'bridge' option at (1).
> 
> $ ip addr show br-wifi
> 6: br-wifi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP group default qlen 1000
>     link/ether e2:91:f5:04:75:94 brd ff:ff:ff:ff:ff:ff
>     inet 172.19.110.254/24 brd 172.19.110.255 scope global br-wifi
>        valid_lft forever preferred_lft forever
>     inet6 fe80::e091:f5ff:fe04:7594/64 scope link
>        valid_lft forever preferred_lft forever
> 
> Or should I simply follow the advice from (2) and (3, component 6)?
> 
> In other words, how should Shorewall be configured with bridge
> interfaces on OpenWRT.
> 
> Any help/hint is appriciated.
> 
> 1)  http://shorewall.org/manpages/shorewall-interfaces.html
> 2)  http://shorewall.org/bridge-Shorewall-perl.html
> 3)  http://shorewall.org/MAC_Validation.html#Components
> 
> -Matt
> 

You haven't said what you are trying to do with this bridge, so I would
refer you to http://www.shorewall.org/bridge-Shorewall-perl.html which
describes both a bridge/firewall and a bridge/router.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to