0

I am studying LAN/WAN setup and encountered issue that unable to bridge traffic from the same subnet. I bought one AP and test the LAN/WAN setup as following. I can reach the WAN port (wifi1) from an external network but I am not able to reach the LAN port ethhernet1 from an external network when the WAN and the LAN are on the same subnet. If they are on different subnets I am able to forward traffic to both interfaces. The set-up has both interface on the 192.168.132.0/24 subnet. If I put the LAN interface on a different subnet I am able to forward traffic to the LAN port.

Appreciate if anyone here can tell me why is this so?

Many thanks!

Improve this question

1 Answer 1

Reset to default
0

It sounds like you never told your AP's OS that you wanted it to bridge between those two interfaces. Configuring two NICs for the same IP subnet is different from link-layer bridging between them.

Configuring two NICs for the same IP subnet can be used for redundancy or load balancing. In those cases, you don't want the host to perform link-layer bridging between them because they'd both be plugged into the same switch already, so you'd create a network loop if you bridged them.

On many Unix like OSes, to enable link-layer bridging between two NICs, you have to tell the networking stack software to create a software bridge device (a kind of virtual network interface), and you then assign two or more NICs to the bridge device.

Note that bridging can get tricky when Wi-Fi is involved:

  • You can bridge between Ethernet and AP-mode Wi-Fi. This is what most Wi-Fi APs (wireless routers) do between LAN and WLAN.
  • You can bridge between Ethernet and WDS-mode Wi-Fi. This is what wireless bridge devices do.
  • But you generally CANNOT bridge between Ethernet and STA-mode (client-mode) Wi-Fi. This is because your client-mode Wi-Fi interface will be associated to some other AP, and that AP will rejected the bridged frames from your device, because it won't recognize the source MAC addresses on those bridged frames. APs reject all frames from source MAC addresses that haven't first 802.11-Authenticated and 802.11-Associated with the AP.
Improve this answer
1
  • We are using OpenWRT platform in the AP, kind of old vers v12.09. If we are bridging we should be able to use the same subnet. Is there a different MAC table for the WAN than the LAN? Is there a way that we can get these 2 tables aware of each other. Is there anything in the firewall rules that prevent us from getting the WAN to bridge to the LAN on the same subnet?
    – Jess
    Commented Jun 29, 2017 at 1:57

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .