I have
BRIDGE00 – LAN (ETH00.111) 192.168.0.0/24
BRIDGE01 – WLAN (ETH00.222) 192.168.1.0/24
BRIDGE02 – Internet (ETH00.444 ETH01.333) x.x.x.x/25
If I do it manually in Debian like so:
/etc/network/interfaces:
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
allow-hotplug eth1
iface eth0 inet static
iface eth1 inet static
auto vlan111
auto vlan222
auto vlan333
auto vlan444
auto br0
auto br1
auto br2
# LAN
iface vlan111 inet static
vlan_raw_device eth0
# WLAN
iface vlan222 inet static
vlan_raw_device eth0
# ADSL Modem
iface vlan333 inet static
vlan_raw_device eth1
# Internet
iface vlan444 inet static
vlan_raw_device eth0
# LAN bridge
iface br0 inet static
address 192.168.0.1
netmask 255.255.255.0
bridge_ports eth0.111
bridge_stp on
# Internet bridge
iface br1 inet static
address x.x.x.x
netmask 255.255.255.128
gateway x.x.x.x
bridge_ports eth1.333 eth0.444
bridge_stp on
post-up iptables -t nat -A POSTROUTING -o br1 -j MASQUERADE
pre-down iptables -t nat -D POSTROUTING -o br1 -j MASQUERADE
# WLAN bridge
iface br2 inet static
address 192.168.1.1
netmask 255.255.255.0
bridge_ports eth0.222
bridge_stp on
/etc/sysctl.conf:
net.ipv4.conf.default.forwarding=1
So br0 and br2 can access internet using 192.168.0.1/192.168.1.1 as GW and br1 is “straight-through” access without NAT.
Bridge br1 (Internet) doesn’t NAT VLAN 444/333 with br1’s IP while ZeroShell (BRIDGE02, same as br1 in example) does. So what is ZeroShell doing?