Setting up a briding firewall between our little office and the lab. We don't want messy traffic where we are. However for different reasons we need to use a network-segment we are assigned before we can have NAT routers etc. So we decided having a bridging firewall setup in between.
Router: WRT1900ACS/OpenWRT 19.07.4
GW: 192.168.124.145 on WAN side
Router may be setup with 192.168.124.147. At the moment it is, but it may have a different setup later with a maintenance port/network setup. For now it is include om the network.
Our NAT router is at 192.168.124.146 on LAN side.
I have tried different approaches and they have sooner or later ended with a brick.
Is loading ("installing") kmod-br-netfilter mandatory or depricated?
(net.bridge.bridge-nf-call-arptables=1 and net.bridge.bridge-nf-call-iptables=1)
I've setup a management port on VLAN3 (eth0.3) (192.168.190.17/24)
I've removed the default bridge br-lan with eth0/radios.
LAN connects to eth0.1
WAN connects to eth1.2
Creating an interface fwbr and attaching to eth0.1 and eth1.2.
This creates a bridge interface (br-fwbr).
brctl show br-fwbr eth0.1 and eth1.2
arptables -L shows only empty chains with policy ACCEPT for all.
ssh 192.168.190.17 (management port) works from "LAN" side (from inside a LAN behind NAT)
ssh 192.168.124.147 works from WAN zone. (strange since interface for .147 is on LAN side)
ssh 192.168.124.147 from LAN zone do NOT work. (strange because .47 is on LAN side)
ssh 192.168.124.146 from OpenWRT seems to wait.
ssh 192.168.124.145 from OpenWRT returns exited. Connect failed: Host is unreachable
LAN => WAN input=output=forward=accept (No masq)
WAN => LAN input=output=forward=accept (No masq)
MNGTM => reject input=output=accept forward=reject (No masq)
The rest is pretty much standard and as I can see there are no blocking rules.
The ICMP packets sent from .145 has come through BRFW to .146 and keeps getting slower and slower and finally nothing comes through. If I wait long enough they start coming after some 30-120seconds. And stops again.
I'm out of thoughts - what's in the way??