[br-guest] Why do some interfaces have an iface and other don't?

In /etc/config/network I have:

config interface 'lan'              
        option type 'bridge'            
        option ifname 'eth1.1'            
        option proto 'static'
        option netmask ''
        option ip6assign '60'                                           
        option ipaddr ''

config interface 'Guest'      
        option proto 'static'
        option type 'bridge'           
        option netmask ''
        option ipaddr ''

Meanwhile in /etc/config/wireless I have:

config wifi-iface 'wifinet4'     
        option ssid 'Good Guest'
        option encryption 'psk2'
        option device 'radio1'   
        option mode 'ap'        
        option isolate '1'       
        option key 'password1234'
        option network 'Guest'

It seems inconsistent that the lan interface gets a physical interface through ifname, but Guest gets one indirectly through an entry in a wifi interface definition.
Can someone explain why?


I actually found the answer myself:

As WLAN interface names may be dynamic or unpredictable, it is strongly recommended that they be assigned to bridges using the network option in UCI wireless configuration

1 Like

Just curious:

This means your guest network is WiFi only (no Ethernet)....correct?

That's right, no ethernet for Guest.
Your question does reveal I don't actually understand where would Guest get internet from.
My internet actually comes from a wireless AP:

config wifi-iface 'wifinet3'                 
        option ssid 'FlyWiFi'             
        option device 'radio0'               
        option mode 'sta'                                                  
        option key 'secret1234'            
        option encryption 'psk2'             
        option network 'wwan' 

I don't see any explicit gluing/bridging of the Guest and the wwan. Why does my Guest AP have internet?

So...you do or don't understand?

This explains why the network is only enumerated in the wireless config.

Because they probably aren't (in most cases people don't wish that). Did you add WWAN to a firewall zone (which Guest can send traffic to)?

I assume when WWAN was setup, you allowed traffic to go to it. That's called routing/forwarding. :wink:

I think I get it now. I had assumed that bridging is necessary to get the internet from my wan to my lan.
But now I think bridging two interfaces together identically mirrors the traffic on each. So a wan/wwan + lan bridge is undesirable because then my local traffic gets blasted out.

Instead, it seems that when my router gets a packet on lan that's destined for some external public IP it actually just routes it there. Why? Because there's a default route that will match it, and because there's no firewall rule forbidding it.

The left column called "Zone => Forwardings" indicates that Guest -> wan routing is allowed. That's the key.

I know you understand all this already, I'm mostly writing this up to help myself understand and maybe get corrected if I say something wrong.

This is why LAN traffic goes to the Internet (i.e. "external public IPs").


1 Like

Alright, so that part of the story makes sense.

Bridging is a bit like routing/forwarding, in that packets from one interface end up going to another, but this happens indiscriminately.

OT: This is all pretty cool, and I wish I knew of a way to learn all this systematically but at a light/moderate level of depth.
I don't want a PhD in networking, I first want a high school level course. @lleachii, could you perhaps suggest something?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.