<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 01/27/2018 01:28 PM, Simon Hobson
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div>
<div>A <<a href="mailto:publicface@bak.rr.com"
moz-do-not-send="true">publicface@bak.rr.com</a>> wrote:</div>
<br>
<blockquote type="cite">
<div text="#000000" bgcolor="#FFFFFF">I did originally have
two separate subnets with a /28 CIDR, but I was unable to
reach the Internet from blue and someone suggested I have
one subnet in order to act as a typical home router. So I
reconfigured everything and it's now borked worse than it
was. Said person disappeared shortly after of course.<br>
<br>
There is no commercial router. Yellow is the router,
gateway, access point, dhcp server, dns server, firewall
(iptables) and more.<br>
</div>
</blockquote>
</div>
<br>
<div>OK, so this box is your gateway, AP, etc, etc. In that case I
believe that your setup is fundamentally broken - you have TWO
SEPARATE networks (one wired, one wireless) running the same
subnet. </div>
</blockquote>
<br>
Yes, that's how I was told to set it up by a helpful individual. I
was told since it was one subnet, no routing would be needed. The
wireless & wired interfaces would be bridged. Seemed
reasonable. It sounds like you are suggesting exactly the same
thing so "fundamentally broken" seems a bit harsh.<br>
<br>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<div>Thus devices on the wired network cannot talk to devices on
the WiFi and vice-verca.</div>
<div><br>
</div>
<div>Bear in mind that I've not used WiFi in this manner (I'm used
to using external APs), so I am unsure of some of the details.
If you want to run a single unified network then you will need
to create a bridge, and put the wired and wireless adapters into
that bridge - and put your address 10.1.1.1/24 onto the bridge.
You will then have one network, and the bridge software will
pass packets between them, as well as keeping track of which
clients are in which network segment.</div>
</blockquote>
<br>
I removed the bridge because I was unable to reach the Internet from
yellow (nor blue). And that is how things stand now. Bridge up,
Internet down. Bridge down, Internet up. <br>
<br>
<br>
<blockquote type="cite"
cite="mid:2E9F6590-01A8-43DA-8E48-E885BE73CC78@thehobsons.co.uk">
<div><br>
</div>
<div>As far as (almost) all software on your box is concerned, you
just deal with one interface (the bridge, eg br0). What I am
unsure about is how dhcpd behaves in this case - hopefully
someone who's run this setup can comment ? I would hope that it
would use the bridge interface in the same manner as it would
use a "real" one, but there can be some subtle differences.</div>
</blockquote>
<br>
I had it working with the bridge at one point - each box could ping
the other on both wired & wireless, but blue couldn't reach the
Internet. Lets see if we can put it back.<br>
<br>
.... blue now receives an IP of .14; neither machine can ping the
other, though each can ping its own assigned IP.<br>
<br>
# brctl show<br>
bridge name bridge id STP enabled interfaces<br>
br0 8000.7085c23b1324 no enp4s5<br>
enp6s0<br>
<br>
<br>
$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default qlen 1000<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: enp4s5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000<br>
link/ether c8:3a:35:da:42:72 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.1/24 brd 10.1.1.255 scope global enp4s5<br>
valid_lft forever preferred_lft forever<br>
3: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast master br0 state UP group default qlen 1000<br>
link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff<br>
inet [xx.xx.xx.xx]/20 brd 255.255.255.255 scope global enp6s0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::7285:c2ff:fe3b:1324/64 scope link <br>
valid_lft forever preferred_lft forever<br>
4: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc
noqueue state DOWN group default qlen 1000<br>
link/ether f0:7d:68:c1:b4:13 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.10/24 brd 10.1.1.255 scope global wlp2s0<br>
valid_lft forever preferred_lft forever<br>
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000<br>
link/ether 70:85:c2:3b:13:24 brd ff:ff:ff:ff:ff:ff<br>
inet 10.1.1.1/24 brd 10.1.1.255 scope global br0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::7285:c2ff:fe3b:1324/64 scope link <br>
valid_lft forever preferred_lft forever<br>
<br>
# ip route<br>
default via 174.xx.yy.1 dev enp6s0 <br>
10.1.1.0/24 dev enp4s5 proto kernel scope link src 10.1.1.1 <br>
174.xx.yy.0/20 dev enp6s0 proto kernel scope link src
174.xx.bb.zz <br>
<br>
<br>
</body>
</html>