Re: [Shorewall-users] Channel Bonding - All connection on Bonded interface blocked

On Sun, 12 Mar 2017 21:16:20 -0400 Scott Beane wrote: > Shorewall version =  shorewall-5.1.2.1-1.el7.noarch > uname = 3.10.0-514.10.2.el7.x86_64 > > Tied 2 of 3 interfaces together using "Channel Bonding" described at > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/htm

[Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

I'm adding WiFi to my Shorewall router. In "step 1" (earlier thread) I added a wifi adapter, device == wlan0, to zone == wifi0. I assigned a unique segment to its DMZ, 10.128.128.0/24, whereas the rest of my LAN is on 10.1.1.0/24. Using policies I set it up for passthrough access net

Re: [Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/13/2017 07:13 AM, darrin.tho...@123mail.org wrote: > I'm adding WiFi to my Shorewall router. > > In "step 1" (earlier thread) I added a wifi adapter, device == > wlan0, to zone == wifi0. > > I assigned a unique segment to its DMZ, 10.128.128.

Re: [Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/13/2017 08:31 AM, Tom Eastep wrote: > > What I would do is simply add wlan1 to the loc zone. > Make that the 'lan' zone. - -Tom - -- Tom Eastep\ Q: What do you get when you cross a mobster with Shoreline, \ an intern

Re: [Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

Tom On Mon, Mar 13, 2017, at 08:43 AM, Tom Eastep wrote: > > What I would do is simply add wlan1 to the loc zone. That's slick. I didn't think I could do that because it's on a different LAN segment. Re-reading the docs, I clearly got that mixed up! > Make that the 'lan' zone. Yep I figured

Re: [Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/13/2017 08:53 AM, darrin.tho...@123mail.org wrote: > Tom > > On Mon, Mar 13, 2017, at 08:43 AM, Tom Eastep wrote: >>> What I would do is simply add wlan1 to the loc zone. > > That's slick. I didn't think I could do that because it's on a > d

Re: [Shorewall-users] Securely adding & isolating a *2nd* wifi SSID from a single Physical Adapter, with completely different access policy?

> On Mar 13, 2017, at 7:13 AM, darrin.tho...@123mail.org wrote: > > ... > I configured hostapd so that it creates two 'virtual' interfaces, > >wlan0, 10.128.128.0/24 >wlan1, 10.2.2.0/24 > > I want wlan1 'fully integrated' into my LAN -- subject to same access rules, > protections etc.,

Re: [Shorewall-users] Channel Bonding - All connection on Bonded interface blocked

Thank you! Shorewall is back up and running. Turns out the trouble, as you correctly suspected, was including the NICs with bond0 in the interfaces file (too many unsuccessful tries late at night.) Bonding is working a little slowly with some applications like s