I added a new Ethernet adapter to the LAN network. If "bridge" is disabled I can only add one single interface to LAN, so I "bridged" the two interfaces. Is this correct? Any downsides?
Will the forward rule have some effect? If I set it to "reject", will the LAN interfaces still reach each other
because of the bridge?
If you are bridging an interface all devices in this interface can reach each other.
The firewall rules are controlling the traffic which leaves the zones. The zones have the interfaces assigned to them.
So you can set it to reject. It will not change anything about the communication within the lan zone/interface.
Yes, I mixed the terms once again
I added a new interface "wifi" with the wifi adapter (device/interface) in.
Than I put the interfaces "LAN" and "WIFI" into the firewall zone "LAN". (Here its called "network" )
Now the forward rule take effect on the traffic between interface "LAN" and "WIFI". My assumption should be correct!?
Well, in the end the LAN bridge is what I want...
Off topic: I'm so happy that the upper usb port on my Pine A64 is working now and I have a second ethernet port... I can't even tell! 2 days of try and error on building my own image but finally it works!!!
Unfortunately I think some things are being lost in the translation to English or I am just not technical enough.
If you wish to isolate Wireless clients would a quick and dirty way be to use the isolate client option under Advanced on the wifi config screen?
Otherwise would you not just limit by MAC address in a firewall setting?
I'm in the same boat. Well, I guess from a developer's point of view it makes sense but for a noob like me it's confusing.
Good input, but would that not only cover the wifi clients? Anyway, I'm perfectly happy with the lan bridge. Just wanted to know...
It is always the way, to give the ultimate in configuration capabilities it becomes complex.
The ability to split the switch effectively allows a router to be split up, firewall rules allow granular config and editing config files with WinSCP or Putty can make things easier to understand, especially if comparing configs between different routers which may have AC on Radio1 and N on Radio2 but vice versa on another router.
I think it is important to document what you do and WHY you did it.
Yes, I agree with you. On a complex network a good doku is probably a must!
At the moment it's OK for me....solved!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.