> On Mar 13, 2017, at 7:13 AM, darrin.tho...@123mail.org wrote: > > ... > I configured hostapd so that it creates two 'virtual' interfaces, > > wlan0, 10.128.128.0/24 > wlan1, 10.2.2.0/24 > > I want wlan1 'fully integrated' into my LAN -- subject to same access rules, > protections etc., while wlan0 still functions exactly as above. > > IIUC I can either > > (1) put wlan1 on a bridge with my already setup internal ethernet interface > (2) put wlan1 in another DMZ segment, and setup access policies or rules > > ...
In the spirit of ignoring your actual question and offering advice instead: You should decide if you want the Ethernet and wlan1 segments to be on the same LAN. If you want systems on the Ethernet to be able to discover services on wlan1 and vice-versa, or use the same pool of IP addresses, then bridging the two networks is the way to go. If not, then making them separate LANs gives options for managing them separately if you decide that's useful. Some consider any wifi to be inherently less secure, for example, since it has less physical constraints on access. -Les ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
