I'm trying to gain clarity in understanding how UTM treats an interface bridge. Lets says say two interfaces, eth2 and eth3 are bridged.
1) That means without any additional rules, regular tcp/udp traffic will be allowed to pass through from eth2 to/from eth3?
2) Utm automatically adds an ethertype of 88b7. I couldn't find much information on this protocol other than it's an IEEE Std 802 - OUI Extended Ethertype. What uses this ethertype?
3) It appears once two interfaces are bridged, direct access to each child interface is no longer available (at least not through webadmin).
4) Lets assume a firewall rule is created that permits all traffic from the lan network to/from the bridge. That means this traffic will pass to/from child interfaces to the lan?
5) I understand custom ethertypes can be defined in the bridge setting to be forwarded. Does this mean forwarded between bridge child interfaces or between the bridge and other interfaces (such as local lan).
Here's more context for these questions.
I recently had att fiber internet installed. Their installation consists of running fiber to a box on the side of the premises. From there another length of fiber is run inside to the ONT (optical network terminal). This converts fiber to ethernet. The ONT connects via ethernet to an att provided residential gateway (RGW) which authenticates the connection and provides routing functions.
Of course the goal is to eliminate or minimize the gateway so that a pure unfiltered internet connection is available to the UTM. Similar to how it was with my owned modem when I had cable internet.
I've achieved this to some extent by doing the following. The ONT and RGW wan ports are connected to a basic unmanaged switch. After less than a minute, the broadband light is solid green on the RGW indicating internet is available. The RGW's cable is unplugged from the switch and replaced with UTM WAN interface cable. Earlier UTM's wan interface mac address was spoofed to that of the RGW. IP acquisition is set to dhcp. After about a minute or so UTM acquires the public IP and gateway from att's dhcp server and has internet connectivity. Lease time is 14 days, with a renewal attempt to take place in 7 days. With the RGW's wan unplugged, the RGW itself serves no useful function and is powered off until one of the actions below happens.
Several actions can break the ONT's authentication which results in no internet access.
* ONT power failure
* dumb switch power failure
* disconnecting ONT's ethernet cable from either end
* dhcp lease not renewed successfully within 14 days
* att attempting to push a firmware upgrade
* other factors not considered
The authentication process between the ONT and RGW is by EAPOL 802.1x. This involves ethertype 888e traffic between the two.
Goal: To eliminate the use of the dumb switch. Instead, to configure UTM (which runs on a box with 4 nics) to allow only EAPOL traffic between the RGW and ONT while passing all other internet traffic between the LAN and ONT. This way should an event occur requiring reauthentication, it's just a matter of powering the RGW on to let it do it's thing then power off once done.
This thread was automatically locked due to age.