These kind of questions get my curiosity up. Is there any advantage to splitting out multiple backhauls from my main tower to separate interfaces on my router? Or perhaps even separate routers? -RickG
On Mon, Nov 15, 2010 at 5:51 PM, Faisal Imtiaz <[email protected]> wrote: > A while back I had asked a similar question .. Butch was kind enough to > provide a great answer.. see below:- > > Faisal Imtiaz > Snappy Internet & Telecom > > ------------------------------------------------------------------------- > On 9/17/2010 10:50 AM, Butch Evans wrote: > > On Fri, 2010-09-17 at 00:11 -0400, Faisal Imtiaz wrote: > >> I would like to provide/distribute (WIRED) Internet Access in a MDU/MTU > >> environment. I am going to connect each unit to one of the Ethernet > >> Ports on the MT. > >> > >> I would like to have 'client isolation' on all of the users who are > >> connected to the Ethernet ports. i.e. I don't want the users to be able > >> to talk to each other or see each others traffic. (I don't wish to use > >> /30 to assign to each Vlan, need to conserve IP's) > > > > Are you creating a vlan per customer or supplying a physical interface > > for each customer? It seems that you say both above. Either way, it > > appears that you are (or will be) bridging either the vlans or ports. > > So just do something like: > > > > /interface bridge settings set use-ip-firewall=yes > > > > /ip firewall filter > > add chain=forward in-interface=!public \ > > out-interface=public \ > > action=accept > > add chain=forward in-interface=!public \ > > action=drop > > > > > > These rules are NOT a complete firewall. They do, however, illustrate > > how to accomplish what you are looking for. The rules: > > > > 1. Permit traffic entering the router on all interfaces that are not the > > "public" interface when that traffic will leave on the "public" > > interface (i.e. "internet traffic"). > > 2. Drop all other traffic that enters the router from any interface that > > is not "public" (i.e. enter on "lan" and leave on "otherlan"). > > > > > > --------------------------------------------------------------------------------- > On 11/15/2010 5:46 PM, Matt Jenkins wrote: > > I have 6 virtual wlan interfaces. I want to prevent traffic form any > > wlan interface to reach any other wlan interface. This includes the IP > > address of the wlan interface. Besides creating 42 (I think) filters to > > do this is there any way to group interfaces into a filter template or > > something? > > > > WLAN1 - 10.66.1.1/24 > > WLAN2 - 10.66.2.1/24 > > etc.... > > > > All are NATed to a different public IP on eth1. > > > > Thanks, > > > > - Matt > > > > > > > -------------------------------------------------------------------------------- > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > -------------------------------------------------------------------------------- > > > > WISPA Wireless List: [email protected] > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > > -------------------------------------------------------------------------------- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- -RickG
-------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
