[ previous ] [ next ] [ threads ]
 From:  "Ryan Rodrigue" <Ebay at aarelectronics dot com>
 To:  "'m0n0wall -'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Bridge Multiple Interfaces
 Date:  Tue, 29 Jan 2008 09:50:40 -0600
i have seen a few 5 port switxhes that are very small.  you may be able to
mount on inside your box.  this doesn't help with the trafic monitoring, but
would maybe acomplish everything else you are looking for
this is just an example. I am not saying you sould or sould not go with
netgear.  It is a very small switch that could may go inside a case in the
place of a network card.

-----Original Message-----
From: mtnbkr [mailto:waa dash m0n0wall at revpol dot com]
Sent: Tuesday, January 29, 2008 8:38 AM
To: Paul Rae
Cc: m0n0wall -
Subject: Re: [m0n0wall] Bridge Multiple Interfaces

Paul Rae wrote:
> I currently have a Soekris 4801 with addon card giving it a total of 5
> eth0 - WAN
> eth1 - LAN
> eth2 - Wifi
> eth3 - unused
> eth4 - unused
> Currently the LAN and Wifi interfaces are bridged and all devices run on
the same subnet.

That is not required, right?

> I have now had the chance to get cat5 laid to all of the AP's, so plan on
changing things so they run as pure AP's to increase throughput.
> My original plan has been to stick an AP on each of the unused ports on
the soekris and bridge them all to the LAN interface, but it seems from my
testing you can only bridge one interface.
> So the question is what is the best and easiest way to do this?

Why not just create a subnet for each WiFi interface:

---	---	---------
eth0	WAN	x.x.x.x/yy
eth1	LAN
eth2	WiFi_1
eth3	WiFi_2
eth4	WiFi_3

Then, if you like, you can use m0n0wall to simply pass all traffic
between your subnets, OR you can apply some firewall rules between
subnets and/or the Internet if you are paranoid like me. :)

P.S. I'm the guy who has his game consoles on a 'games' VLAN, completely
firewalled from the rest of my internal subnets - same goes for my IP
cameras on the 'camera' VLAN, and my wireless APs on the 'wireless' VLAN.

It seems to me however, based on your explanation of the current
configuration that you might want full access to the LAN and Internet
from the wireless clients but the above method without blocking rules
would still work nicely for you.

Bill Arlofski
Reverse Polarity, LLC

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

__________ NOD32 2831 (20080129) Information __________

This message was checked by NOD32 antivirus system.