> eth0: WAN
> eth1, eth2, eth3: ethernet LAN
> wlan0: wireless LAN
>
> I need to limit packets going between WLAN and the ethernet LAN.
>
> Can I have the whole LAN bridged and use iptables to filter what goes from
> wlan0 to ethx (inside the bridge)?
Yes, that is possible. You need netfilter support for bridging in the kernel.
I'd recommend putting the wlan0 stuff in its own subnet though.
> Or can I not use a bridge, and make eth1, eth2, eth3, wlan0 all have the same
> IP on the router and then use iptables to control between interfaces?
No. Maybe. I don't know. Just don't do it if you want to stay sane.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment