Am Donnerstag, 16. August 2007 16:48:25 schrieb Sebastian Palarus:
> Hi all,
>
> I try to filter the traffic between wan and lan ports over a bridge, but
> it doesn't work. Here my config
>
> FreeWRT 1.03 (download @ http://wib.freewrt.org)
> Linksys WRT54GL
>
> ----/etc/network/interface
> # LAN ports
> auto eth0.0
> iface eth0.0 inet manual
> switch-ports 0 1 2 3 5*
>
>
> # WAN port
> auto eth0.1
> iface eth0.1 inet manual
> switch-ports 4 5
> ----
>
> ----/etc/fw/setbridge.sh
> /usr/sbin/brctl addbr br0
> /usr/sbin/brctl addif br0 eth0.0
> /usr/sbin/brctl addif br0 eth0.1
> /bin/ip link set eth0.0 up
> /bin/ip link set eth0.1 up
> /bin/ip link set br0 up
> /bin/ip link show
> ----
>
> -the bridge works fine, but nothing is blocked
> -tcpdump -i br0 shows all packets
> -iptables doesn't know -m physdev
>
> What's the problem? netfilter (missing patch) ? nic-driver?
Normally ebtables is used for filtering a bridge, but I don't get the reason
why you need a bridge at all?!?
Just try this:
# LAN + WAN ports
auto eth0.0
iface eth0.0 inet static
switch-ports 0 1 2 3 4 5*
address <your-ip>
netmask <your-netmask>
broadcast +
gateway <your gateway>
You can put the wan port in the same vlan as the lan ports, so the internal
switch will be used and you don't need the bridge.
a multiport-bridge is technically exactly a switch.
and even if you want the bridge anyways, why not configure it in your
interface file... something like this should work:
auto br0
iface br0 inet static
bridge-ifaces eth0.0 eth0.1
address <your-ip>
netmask <your-netmask>
broadcast +
gateway <your gateway>
regards,
Ralph
_______________________________________________
freewrt-users mailing list
[email protected]
https://www.freewrt.org/lists/listinfo/freewrt-users
