Crazy question about bridge!

conchalnet · January 27, 2006, 12:35pm

Hi all,

This is a crazy question about bridge that I don’t have idea if it is possible!

I’ve a mikrotik with 3 wireless cards and one ehternet card all they in the same bridge.

Is it possible that the traffic of the wlan1 be copied only to the ethernet interface, wlan2 be copied only to the ethernet interface too and the wlan3 be copied only to the ethernet interface too?

What I want is that the traffic of the wlan1, wlan2 and wlan3 just do by the ethernet, that any wireless interface see another wireless interface. Like if I’ve 3 bridges and the ethernet card aloows to the e bridges.

Thanks and sorry by my crazy question

Regards!

Fabrício F. Kammer

jager · January 27, 2006, 1:27pm

Yes, it IS possible using 802.1Q ethernet card in your main router which must know to work with VLANs. Intel chipset ethernets are fine.

So, you set your WLAN1 with (for example) VLAN ID:10 , WLAN2s ID to 20, and WLAN3s ID to 30. (all 3 on on Ethernet1)

After that, you have to configure VLANs with the same ID`s on the ethernet of the computer that will receive this traffic.
You gives separate IP addresses to each VLAN interface, and you can do the routing after that as you wish.
Practically, on the main router, you have separately traffic from each wireless interface. On this way, you have what I suppose you want to get: to disable direct traffic between users on different WLANS.
It is easy to disable it on the same WLAN, all you have to do is to uncheck Default forwarding. But to cut them totally, this is the only way.

I hope this helps you

conchalnet · January 27, 2006, 1:46pm

Thanks jager!

But I’ve a problem, I don’t have PCI slot free on my machine and I’m using the onboard ethernet card to do this. Is it possible to do this on my ethernet card?

Can you help with the configuration? I never used vlan.

My mikrotik is working as bridge and I can’t change this actualy.

The machine that is connected to the ethernet port is a FreeBSD firewall. This machine is the gatewary for the internet.

Thanks

Fabrício F. Kammer

jager · January 27, 2006, 11:56pm

I will be happy to help My knowledge is not very high, but maybe you will find something useful at all.

At first, tell me where is connected the ethernet that is coming out from your Mtik (the one with 3WLANs) ?
Directly to a LAN on your BSD gateway with crossover cable, or into some switch?

conchalnet · January 28, 2006, 12:41am

Into a switch!

If it’s possible to do without vlan I’ll prefer… aren’t there something that say: the traffic of wlan1 just go to the ethernet??? Something like a route for bridged interfaces

Thanks

GJS · January 28, 2006, 2:07am

How about firewall rules? For example, silently drop all traffic with:

in interface WLAN1 and out interface WLAN2
in interface WLAN1 and out interface WLAN3
in interface WLAN2 and out interface WLAN1
in interface WLAN2 and out interface WLAN3
in interface WLAN3 and out interface WLAN1
in interface WLAN3 and out interface WLAN2

I have never tried this but I think it should work.

nhalachev · January 28, 2006, 7:56am

conchalnet,

use bridge firewall.

jager · January 28, 2006, 8:15am

@conchalnet
The main feature of bridge is just that: to bridge everything from and to interfaces that are assigned to it
You have the same situation as, for example, you had 3pcs of routerboards with 1WLAN and 1LAN on them, and all 3 ethernets connects to the same (non VLAN) switch.

Well, GJS`s suggestion gave sense, its worth trying!

@nhalachev
What do you exactly mean by bridge firewall?

conchalnet · January 28, 2006, 11:00am

How can I do this? Can you give some examples of the rules?

Thanks

conchalnet · January 28, 2006, 11:03am

Yes jager I agree with you about the main feature of a bridge…
But I want to simulate the situation as if I have 3pcs of routerboards with 1wlan and 1lan each one and each ethernet interface connected to a VLAN switch.

Thanks

conchalnet · January 28, 2006, 5:26pm

I tryied to use the firewall to drop the traffic between the interfaces without sucess because I didn’t understand very well how the traffic flows on the bridge… Some time the traffic becames from wlan1 and goes to wlan2, other times the traffic comes from wds1 and it goes to wds2…

I tryid to use the bridge filter without sucess.

sten · January 29, 2006, 10:52am

Yes, can be done in a single bridge filter rule.

conchalnet · January 29, 2006, 1:48pm

Hi sten,

Your answer was YES… but how can I do it?

Regards

sten · January 29, 2006, 2:48pm

Your question was “Can it be done?” not “How do i do it?”

conchalnet · January 29, 2006, 7:37pm

Hi sten,

Sorry by my stupid question!

If I don’t know if it’s possible I don’t know how I can do.

If you know, please tell me how can I configure this.

GJS · January 30, 2006, 1:24am

Conchalnet,

Are you using 2.8 or 2.9? Winbox or CLI?

nhalachev · January 30, 2006, 10:32am

/interface bridge filter
add in-interface=wlan1 out-interface=wlan2 action=drop
add in-interface=wlan1 out-interface=wlan3 action=drop
add in-interface=wlan2 out-interface=wlan1 action=drop
add in-interface=wlan2 out-interface=wlan3 action=drop
add in-interface=wlan3 out-interface=wlan1 action=drop
add in-interface=wlan3 out-interface=wlan2 action=drop

Have fun

conchalnet · January 30, 2006, 11:04am

Hi nhalachev,

I’ve a problem. The link is done using dynamic WDS and the traffic flow arrive by the wds interfaces. I did the rules as you said. I just changed the interfaces for the correct WDS interface and it worked fine.
But if the dynamic WDS link is down and up the rule returns as invalid, because when a dynamic WDS link is down the interface doesn’t exist until the link is up.

A tried to configure the static WDS but I can’t do it.
Do you know how can I configure a static WDS?

Regards

conchalnet · January 30, 2006, 11:06am

I’m using 2.9. And I use the Winbox or SSH to do the configurations.