On 8/29/2018 4:54 PM, Tom Eastep wrote: > On 08/29/2018 03:42 AM, Matt Darfeuille wrote: >> Hi, >> >> I'm trying to understand how I should configure OpenWRT and Shorewall >> with bridge interface. >> >> OpenWRT 18.06: >> >> /etc/config/network: >> >> >> config switch_vlan >> option device 'switch0' >> option vlan '110' >> >> config interface 'wifi' >> option proto 'static' >> option ifname 'eth0.110' >> option type 'bridge' >> option ipaddr '172.19.110.254' >> option netmask '255.255.255.0' >> >> >> The interface is bridged with the wireless interface. >> >> For now in '/etc/shorewall/interfaces' I have: >> >> <ZONE-NAME> eth0.110 dhcp,required,wait=60,routeback=1 >> >> 'The option 'routeback=1' is used following the advice (note) for the >> 'bridge' option at (1). >> >> $ ip addr show br-wifi >> 6: br-wifi: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >> state UP group default qlen 1000 >> link/ether e2:91:f5:04:75:94 brd ff:ff:ff:ff:ff:ff >> inet 172.19.110.254/24 brd 172.19.110.255 scope global br-wifi >> valid_lft forever preferred_lft forever >> inet6 fe80::e091:f5ff:fe04:7594/64 scope link >> valid_lft forever preferred_lft forever >> >> Or should I simply follow the advice from (2) and (3, component 6)? >> >> In other words, how should Shorewall be configured with bridge >> interfaces on OpenWRT. >> >> Any help/hint is appriciated. >> >> 1) http://shorewall.org/manpages/shorewall-interfaces.html >> 2) http://shorewall.org/bridge-Shorewall-perl.html >> 3) http://shorewall.org/MAC_Validation.html#Components >> >> -Matt >> > > You haven't said what you are trying to do with this bridge, so I would > refer you to http://www.shorewall.org/bridge-Shorewall-perl.html which > describes both a bridge/firewall and a bridge/router. >
Hi Tom, thanks for your answer. That is where I'm confused, none of the examples on the given page are reflecting OpenWrt way of creating bridges. The interface in question is configured to dish out IP, DNS, ... That interface should be isolated from the other interfaces. -Matt -- Matt Darfeuille ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
