EoIP Tunnels in a bridge

p3rad0x · August 25, 2016, 6:37am

Good day,

Here is my setup for giving public IP’s to customers in a routed network

I have created a bridge and added the port connecting to the ISP router.

Then I create a eoip tunnel and add that to the bridge also, create one at the clients side and boom they now have a public IP.

My question is, How can I prevent bridge devices communicating to each other?

Because if I enable discovery on the eoip tunnels then one client is able to mac ping and telnet into all the other ones.

But with clients that want to setup the public ip direct onto their firewalls so they can manage the portforwarding ect.

One of the clients managed to create a loop on his local network and that caused issues for me, any help will be appreciated.

Also I want to do this to prevent a a**holes to tamper with other clients devices.

p3rad0x · August 25, 2016, 7:32am

Ok Bridge Horizon does the trick,

But now one client with a static IP cannot ping another.

I want to be able to have IP level communication, but not mac or layer 2 on the clients connected to the bridge

p3rad0x · August 25, 2016, 8:45am

Ok problem seem to be solved now, I disabled bridge horizon and started playing with bridge filter rules.

I allow arp, Block udp discovery and then added a rule to drop all non ip traffic going into the bridge.

Seems to work fine for now

jarda · September 17, 2016, 5:33am

I wish all posts here were like this one.

IntrusDave · September 17, 2016, 5:39am

Agreed!

Question for p3rad0x … What happens to your MTU (or what do you manually set it to) when you add an EoIP tunnel to a bridge?
I don’t use EoIP much at all, and the few times I have, the MTU on the bridge automatically lowered and wreaked havoc with https.