RPi3 - UFW, wlan0 and eth1

[mrboldt]

RPi3 - Jessie (2ea)
Power Suppies: 5v@2.4a
SD Cards: Samsung EVO Plus, 32GB
Adapter: USB to Ethernet (eth1)
Switch: 5 port, un-managed, 3.67w

wlan0 - https://frillip.com/using-your-raspberr ... h-hostapd/ No dns settings and running in background at start.

eth1 - static network. Out to switch. 2nd RPi3 on switch, static addresses, /etc/dhcpcd.conf

eth0 - iface eth0 inet manual, /etc/network/interfaces

Can't set-up ufw for eth1 and wlan0. Eth0 was quick and easy.

Source material:
https://help.ubuntu.com/lts/serverguide/firewall.html
https://wiki.ubuntu.com/BasicSecurity/Firewall

Established br0 - eth0 and eth1. Lots of blinky leds. RPi3 on switch has no Internet connection. Not so sure bridge is the way to go but some thing to try.

Seems to me we are back to iptables even with ufw. Any suggestions?

[mrboldt]

Upon further thought. br0 was assigned it's ip address by remote router. eth0 had access to the Internet at all times. Wlan0 had access to the Internet when the firewall was down. Eth1 has never had access to the Internet. Firewall status has no affect. For what it's worth.

[mrboldt]

/etc/network/interfaces
iface eth0 inet manual

/etc/dhcpcd.conf
interface br0
static...

Must manually start br0 after configuration. Will not run at boot? Remote router sent dhcp lease. br0 accepted lease. Lease expired. Then static addressing replaced dhcp addressing. ISP/router issues? I suspect so. However, br0 should have never accepted the lease as it was set to static.

Originally, iface br0 inet manual. That always started at boot. Received dhcp lease.

Ref: https://frillip.com/using-your-raspberr ... h-hostapd/ and
https://help.ubuntu.com/lts/serverguide/firewall.html

There is a conflict between iptables and ufw. ufw is disabled at boot if iptables are in use. ufw must be manually enabled after boot. Is ufw actually active at this point? Unknown.

Comment out changes due to "SET UP IPV4 FORWARDING". Use ufw IP Masquerading.

sudo ufw allow from xxx.xxx.xxx.0/24 where x is your addressing.

wlan0 now passes through ufw.

The only difference between wlan0 and eth1 is, dhcp or static. Using the same approach for eth1 fails. At this point I can't see the solution.

[mrboldt]

/etc/network/interfaces
iface eth0 inet manual # 2nd RPi3 on switch

/etc/dnsmasq.conf
interface=eth1
interface=wlan0
listen-address=96.xx.xx.1
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=eth1,196.xxx.xxx.100,196.xxx.xxx.103,24h
dhcp-range=wlan0,96.xx.xx.100,96.xx.xx.125,24h

eth1:
sudo ufw allow from 196.xxx.xxx.0/24 where x is your addressing.

2nd Rpi3, 196.xxx.xxx.102, has access to Internet.

If listen-address=196.xxx.xxx.1 then wlan0 clients never receive a dhcp lease.

This seems strange to me for several reasons. 1) Why isn't the listen-address associated with the device? Multiple devices, dhcp. 2) Shouldn't I be looking at multiple instances of dnsmasq?

At the end of the day this doesn't address static lans.

[mrboldt]

Further testing, begin removing cat 5 and establish WiFi network. Router/AP now headless. 2nd Pi becomes desktop PC.

1) Remove cat 5 between desktop and switch. Enable WiFi.
https://www.youtube.com/watch?v=bvEexTomE1I Exactly!

2) Remove usb to Ethernet adapter and switch. Router AP(WiFi) fails, no Internet connection, dhcpcd.conf fails.

If usb adapter fails with presented dhcpcd.conf router WiFi is dead. Seems to me this screams for multiple instances of dnsmasq, from the stand point of troubleshooting alone!

PTB, anyone listening?