[ previous ] [ next ] [ threads ]
 From:  "Paul Rae" <paul at impacttrainingsolutions dot co dot uk>
 Cc:  "m0n0wall -" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Bridge Multiple Interfaces
 Date:  Tue, 29 Jan 2008 14:43:04 -0000
Yup thats pretty much the same plan I had come up with, just wondered if there was another way I
hadn't thought of. The only concern I had with putting each AP on its own subnet was with roaming

Currently as it stands when i client moves from one AP to another the passover is seemless, I wasn't
sure if moving from one AP to another on a different subnet may cause the client some issues.....?


Paul Rae
Business Development Director

Impact Training Solutions
Geddes House
Kirkton North
West Lothian, EH54 6GU

Mobile : 07769 654302
Email  : paul at impacttrainingsolutions dot co dot uk 

-----Original Message-----
From: mtnbkr [mailto:waa dash m0n0wall at revpol dot com]
Sent: Tue 1/29/2008 14:37
To: Paul Rae
Cc: m0n0wall -
Subject: Re: [m0n0wall] Bridge Multiple Interfaces

Paul Rae wrote:
> I currently have a Soekris 4801 with addon card giving it a total of 5 interfaces.
> eth0 - WAN
> eth1 - LAN
> eth2 - Wifi
> eth3 - unused
> eth4 - unused
> Currently the LAN and Wifi interfaces are bridged and all devices run on the same subnet.

That is not required, right?

> I have now had the chance to get cat5 laid to all of the AP's, so plan on changing things so they
run as pure AP's to increase throughput.
> My original plan has been to stick an AP on each of the unused ports on the soekris and bridge
them all to the LAN interface, but it seems from my testing you can only bridge one interface.
> So the question is what is the best and easiest way to do this?

Why not just create a subnet for each WiFi interface:

---	---	---------
eth0	WAN	x.x.x.x/yy
eth1	LAN
eth2	WiFi_1
eth3	WiFi_2
eth4	WiFi_3

Then, if you like, you can use m0n0wall to simply pass all traffic 
between your subnets, OR you can apply some firewall rules between 
subnets and/or the Internet if you are paranoid like me. :)

P.S. I'm the guy who has his game consoles on a 'games' VLAN, completely 
firewalled from the rest of my internal subnets - same goes for my IP 
cameras on the 'camera' VLAN, and my wireless APs on the 'wireless' VLAN.

It seems to me however, based on your explanation of the current 
configuration that you might want full access to the LAN and Internet 
from the wireless clients but the above method without blocking rules 
would still work nicely for you.

Bill Arlofski
Reverse Polarity, LLC