Created
February 14, 2016 20:01
-
-
Save ebal/65cb67b30e99cdcf401e to your computer and use it in GitHub Desktop.
Create a new bridge interface, add ethernet and connect to wireless access point with isolation between networks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !/bin/sh | |
| ip link add br0 type bridge | |
| ip link set br0 up | |
| ip link set eth0 up | |
| ip link set eth0 master br0 | |
| ip addr add 10.10.10.10/24 dev br0 | |
| ip route add default via 10.10.10.1 dev br0 | |
| # Wireless Vlan (Guest Network) | |
| ip address add 10.10.20.10/24 dev br0:0 | |
| # Enable Forwarding | |
| sysctl -w net.ipv4.ip_forward=1 | |
| # Masquerade traffic | |
| iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE | |
| # Accept forwarding | |
| iptables -P FORWARD ACCEPT | |
| # Start (or restart) hostapd | |
| systemctl restart hostapd.service | |
| # Isolate Vlan 10.10.20.0/24 (Guest Network) from 10.10.10.0/24 (Home Network) | |
| iptables -I FORWARD -s 10.10.20.0/24 -d 10.10.10.0/24 -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment