Access control between wireless & LAN devices

cciRRus · June 23, 2020, 3:39pm

I need to perform access control between the wireless and LAN devices. To do so, I disabled "Bridge interfaces" for the LAN interface, and it is left with eth0.1.

I also created a new Interface "WiFi" for wlan0 with static IP address 192.168.1.200.

interfaces

Then, I created a zone "wifi" to allow forwardings from WiFi to LAN.

Finally, I created a firewall rule to forward all traffic from WiFi to LAN.

firewall

My wireless devices are able to receive DHCP addresses. Before I begin to apply access control, I noticed wireless devices cannot even reach the WiFi interface - they cannot ping 192.168.1.200. They also cannot ping 192.168.1.1.

What did I do wrong?

Thanks for helping!

trendy · June 23, 2020, 3:48pm

LAN interface is not part of lan zone in firewall anymore, hence the grey color.

not needed, there is a forwarding there already.

cciRRus · June 23, 2020, 4:06pm

Thanks for chipping in! I will delete the unecessary firewall rule. But how do I fix the issue? Should I configure the LAN interface? For LAN, should I select eth0 (Ethernet Switch) instead of eth0.1 (Switch VLAN)?

Also, I am wondering if mistakes to my LAN interface configuration will prevent my wireless clients from reaching the wireless interface (ping 192.168.1.200).

mpa · June 23, 2020, 5:37pm

If you unbridge lan and wifi, you must assign IP addresses from separate subnets.
Refer to the Routed AP wiki article.

trendy · June 23, 2020, 6:45pm

Nope. As @mpa noticed, you need to fix the IP addresses, because right now they are conflicting. You can have lan 192.168.1.1/24 and wifi 192.168.2.1/24
Then add the lan interface into lan firewall zone as I mentioned before.

system · September 15, 2020, 3:20pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.