I have a WRT54G which I wish to use as a multi-legged firewall.  Ultimately, I wish to use:

VLAN0 for the 'LAN' segment;
VLAN1 for the 'WAN' (INTERNET) segment;
VLAN2 for a DMZ network, containing my VoIP TA
Break the bridge between the LAN and Wireless

The instructions for creating VLANs generally apply to the old way (nvram) of doing things.

-------------------------------------------------------------
I want to be able to create firewall rules which:

ANY -> VLAN1(ANY) ALLOW                               # Everyone gets unfettered INTERNET access
VLAN1 -> VoIP-TA(ANY) ALLOW                         # Full access to the TA from the INTERNET (at least at first)
VLAN0 -> WirelessNet(ANY) ALLOW                    # Unfettered access to the Wireless network from the LAN
WirelessNet -> printer servers on VLAN0(lpd, ipp, 9100) # Only give wireless folks enough access to print

-------------------------------------------------------------
Here is /etc/config/network (so far):
#### VLAN configuration
config switch eth0
        option vlan0    '1 2 3 5*'
        option vlan1    '0 5*'
        option vlan2    '4 5*'

#### Loopback configuration
config interface loopback
        option ifname   "lo"
        option proto    static
        option ipaddr   127.0.0.1
        option netmask  255.0.0.0

#### LAN configuration
config interface lan
        option type     bridge
        option ifname   "eth0.0"
        option proto    static
        option ipaddr   192.168.1.1
        option netmask  255.255.255.0

#### WAN configuration
config interface        wan
        option ifname   "eth0.1"
        option proto    dhcp

To my pointed head way of thinking, some magic should create virtual interfaces to which I should be able to assign IP addresses and reference for firewall rules.  This does not seem to be the case.  What am I missing?

(Last edited by Meerkat on 21 Aug 2007, 04:47)