<div dir="ltr">Before I started using a WRT54-GL, and now a E3000, I used a Pentium 2 box to fill the same role. It's quite simple to setup, really. Included in this email are the two scripts that really comprised my whole setup (which will need some updating for sure). The main reason I prefer Tomato over DD-WRT is that Tomato's QoS rules use the CBQ discipline, as I do below, and DD-WRT uses something else (at least by default). Whatever discipline DD-WRT uses did not work as well for me.<div><br></div><div>(firewall.sh)</div><div>``` </div><div><div>#!/bin/bash -v</div><div><br></div><div>echo "Bringing up firewall..."</div><div>echo ""</div><div><br></div><div>EXTERNAL_IFACE='eth0'</div><div>INTERNAL_IFACE='eth1'</div><div>WIRELESS_IFACE='eth2'</div><div>IPTABLES=`which iptables`</div><div>EXTERNAL_IP=`ifconfig ${EXTERNAL_IFACE} | grep "inet addr" | cut -d \: -f 2 | cut -d ' ' -f 1`</div><div>INTERNAL_IP='<a href="http://192.168.1.0/24">192.168.1.0/24</a>' # /24 covers both subnets</div><div># These numbers must match the numbers in the classes.sh file</div><div>VOIP='10'</div><div>WWW='11'</div><div>GAMES='12'</div><div>P2P='13'</div><div>OTHER='14'</div><div><br></div><div># Clear old rules</div><div>${IPTABLES} -F</div><div>${IPTABLES} -F -t nat</div><div>${IPTABLES} -F -t mangle</div><div><br></div><div># Our default policy is to DROP packets</div><div>${IPTABLES} -P INPUT DROP</div><div><br></div><div>### Configure classes ###</div><div>${IPTABLES} -t mangle -A PREROUTING -j CONNMARK --restore-mark</div><div>${IPTABLES} -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT # If we have already marked it then accept it</div><div><br></div><div># We need to classify packets on all ethernet devices except lo, both incoming and outgoing.</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p udp \</div><div><span class="" style="white-space:pre"> </span>--dport 10000:20000 -j MARK --set-mark ${VOIP}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p udp \</div><div><span class="" style="white-space:pre"> </span>--dport 10000:20000 -j MARK --set-mark ${VOIP} # VoIP</div><div><br></div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p udp \</div><div><span class="" style="white-space:pre"> </span>--dport 53 -j MARK --set-mark ${WWW}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p udp \</div><div><span class="" style="white-space:pre"> </span>--dport 53 -j MARK --set-mark ${WWW} # DNS</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>-m multiport --dport 80,443 -j MARK --set-mark ${WWW}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>-m multiport --dport 80,443 -j MARK --set-mark ${WWW} # HTTP/HTTPS</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 5900:5901 -j MARK --set-mark ${WWW}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 5900:5901 -j MARK --set-mark ${WWW} # VNC</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 22 -j MARK --set-mark ${WWW}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 22 -j MARK --set-mark ${WWW} # SSH</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 21 -j MARK --set-mark ${WWW}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 21 -j MARK --set-mark ${WWW} # FTP</div><div><br></div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 3724 -j MARK --set-mark ${GAMES}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 3724 -j MARK --set-mark ${GAMES} # World of Warcraft</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 6112 -j MARK --set-mark ${GAMES}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 6112 -j MARK --set-mark ${GAMES} # Guild Wars</div><div><br></div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 7000:7100 -j MARK --set-mark ${P2P} # BitTorrent</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 6112 -j MARK --set-mark ${P2P}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 -p tcp \</div><div><span class="" style="white-space:pre"> </span>--dport 6881:6999 -j MARK --set-mark ${P2P} # WoW downloader</div><div><br></div><div># All other packets, on the tcp and udp protocols, need to be classified as "other".</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --dst ${EXTERNAL_IP} -m mark --mark 0 \</div><div><span class="" style="white-space:pre"> </span>-j MARK --set-mark ${OTHER}</div><div>${IPTABLES} -t mangle -A PREROUTING -i ! lo --src ${INTERNAL_IP} -m mark --mark 0 \</div><div><span class="" style="white-space:pre"> </span>-j MARK --set-mark ${OTHER} # Everything else</div><div><br></div><div>${IPTABLES} -t mangle -A PREROUTING -j CONNMARK --save-mark # Save the mark to the connection tracking.</div><div>## Classes configured ##</div><div><br></div><div>## Forward ports ##</div><div>${IPTABLES} -t nat -A PREROUTING --dst ${EXTERNAL_IP} -p udp --dport 10000:20000 -j DNAT --to 192.168.1.3</div><div>${IPTABLES} -t nat -A PREROUTING --dst ${EXTERNAL_IP} -p tcp --dport 22 -j DNAT --to 192.168.1.5</div><div>${IPTABLES} -t nat -A PREROUTING --dst ${EXTERNAL_IP} -p tcp --dport 5900 -j DNAT --to 192.168.1.5</div><div>${IPTABLES} -t nat -A PREROUTING --dst ${EXTERNAL_IP} -p tcp --dport 7000 -j DNAT --to 192.168.1.5</div><div>${IPTABLES} -t nat -A PREROUTING --dst ${EXTERNAL_IP} -p tcp --dport 5901 -j DNAT --to 192.168.1.6</div><div>## ##</div><div><br></div><div>## Setup filters ##</div><div>${IPTABLES} -A INPUT --dst ${EXTERNAL_IP} -p icmp --icmp-type echo-request -m limit \</div><div><span class="" style="white-space:pre"> </span>--limit 10 -j ACCEPT # Sure, let's reply to pings.</div><div>${IPTABLES} -A INPUT --dst ${EXTERNAL_IP} -m state \</div><div><span class="" style="white-space:pre"> </span>--state INVALID -j DROP # We don't want any invalid packets.</div><div>${IPTABLES} -A INPUT --dst ${EXTERNAL_IP} -m state \</div><div><span class="" style="white-space:pre"> </span>--state ESTABLISHED,RELATED -j ACCEPT # Only connections that were initiated from the inside.</div><div>${IPTABLES} -A INPUT --src ${INTERNAL_IP} -j ACCEPT # Accept connections from the LAN.</div><div>## Filters configured ##</div><div><br></div><div># Make all outbound packets look like they are coming from one IP</div><div>${IPTABLES} -t nat -A POSTROUTING -o ${EXTERNAL_IFACE} -j MASQUERADE</div><div># Enable packet forwarding</div><div>echo "1" > /proc/sys/net/ipv4/ip_forward</div></div><div><br></div><div>```</div><div><br></div><div>(classes.sh)</div><div>```</div><div><div>#!/bin/bash</div><div><br></div><div>tc=`which tc`</div><div>INTERNAL_IFACE='eth1'</div><div>EXTERNAL_IFACE='eth0'</div><div>WIRELESS_IFACE='eth2'</div><div>INTERNAL_ROOT='1'</div><div>EXTERNAL_ROOT='2'</div><div>WIRELESS_ROOT='3'</div><div><br></div><div># Define your incoming and outgoing bandwidth here. Take a little off</div><div># for overhead bandwidth.</div><div>IN_BANDWIDTH='3008' # 3Mbit : 3072Kbit - 64Kbit overhead = 3008Kbit</div><div>OUT_BANDWIDTH='240' # 256Kbit : 256Kbit - 16Kbit overhead = 240Kbit</div><div><br></div><div>LIMIT='2' # Classes for limited packets</div><div>MANAGEMENT='8' # Class for management</div><div><br></div><div># Here we define the classes we want to classify out bandwith usage with.</div><div>VOIP='10'</div><div>WWW='11'</div><div>GAMES='12'</div><div>P2P='13'</div><div>OTHER='14'</div><div># Now the maximum shared bandwidth to assign each class (in kilobits).</div><div>VOIP_RATE_OUT='96'</div><div>VOIP_RATE_IN='96'</div><div>WWW_RATE_OUT='80'</div><div>WWW_RATE_IN='1200'</div><div>GAMES_RATE_OUT='48'</div><div>GAMES_RATE_IN='392'</div><div>P2P_RATE_OUT='8'</div><div>P2P_RATE_IN='1200'</div><div>OTHER_RATE_OUT='8'</div><div>OTHER_RATE_IN='120'</div><div><br></div><div># Remove any previously applied disciplines</div><div>${tc} qdisc del dev ${INTERNAL_IFACE} root 2>/dev/null</div><div>${tc} qdisc del dev ${EXTERNAL_IFACE} root 2>/dev/null</div><div>${tc} qdisc del dev ${WIRELESS_IFACE} root 2>/dev/null</div><div><br></div><div># Create the new queueing disciplines</div><div>${tc} qdisc add dev ${INTERNAL_IFACE} root handle ${INTERNAL_ROOT}:0 cbq \</div><div><span class="" style="white-space:pre"> </span>avpkt 1000 rate 100mbit bandwidth 100mbit</div><div>${tc} qdisc add dev ${EXTERNAL_IFACE} root handle ${EXTERNAL_ROOT}:0 cbq \</div><div><span class="" style="white-space:pre"> </span>avpkt 1000 rate 100mbit bandwidth 100mbit</div><div>${tc} qdisc add dev ${WIRELESS_IFACE} root handle ${WIRELESS_ROOT}:0 cbq \</div><div><span class="" style="white-space:pre"> </span>avpkt 1000 rate 54mbit bandwidth 54mbit</div><div><br></div><div># Create an inband management class. I don't think this is really necessary on a home</div><div># network, but the <a href="http://www.sigsegv.cx/qos.html">http://www.sigsegv.cx/qos.html</a> article suggests it.</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:0 \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${MANAGEMENT} cbq allot 1500 rate 10mbit prio 1 avpkt 1500 bounded</div><div><br></div><div># Now to setup the LIMIT classes for incoming and outgoing bandwidth.</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:0 \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>cbq allot 1500 rate ${IN_BANDWIDTH}kbit prio 1 avpkt 1500 bounded</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:0 \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>cbq allot 1500 rate ${IN_BANDWIDTH}kbit prio 1 avpkt 1500 bounded</div><div># We only need to throttle the outgoing bandwidth on the external interface.</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:0 \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>cbq allot 1500 rate ${OUT_BANDWIDTH}kbit prio 1 avpkt 1500 bounded</div><div><br></div><div>### Classes ###</div><div><br></div><div># VoIP</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${VOIP} cbq allot 1500 rate ${VOIP_RATE_IN}kbit prio 1 \</div><div><span class="" style="white-space:pre"> </span>weight 9.6 avpkt 1500 isolated</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${VOIP} cbq allot 1500 rate ${VOIP_RATE_IN}kbit prio 1 \</div><div><span class="" style="white-space:pre"> </span>weight 9.6 avpkt 1500 isolated</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${VOIP} cbq allot 1500 rate ${VOIP_RATE_OUT}kbit prio 1 \</div><div><span class="" style="white-space:pre"> </span>weight 9.6 avpkt 1500 isolated</div><div><br></div><div># WWW</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${WWW} cbq allot 1500 rate ${WWW_RATE_IN}kbit prio 2 \</div><div><span class="" style="white-space:pre"> </span>weight 120 avpkt 1500</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${WWW} cbq allot 1500 rate ${WWW_RATE_IN}kbit prio 2 \</div><div><span class="" style="white-space:pre"> </span>weight 120 avpkt 1500</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${WWW} cbq allot 1500 rate ${WWW_RATE_OUT}kbit prio 2 \</div><div><span class="" style="white-space:pre"> </span>weight 8 avpkt 1500</div><div><br></div><div># Games</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${GAMES} cbq allot 1500 rate ${GAMES_RATE_IN}kbit prio 3 \</div><div><span class="" style="white-space:pre"> </span>weight 39.2 avpkt 1500</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${GAMES} cbq allot 1500 rate ${GAMES_RATE_IN}kbit prio 3 \</div><div><span class="" style="white-space:pre"> </span>weight 39.2 avpkt 1500</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${GAMES} cbq allot 1500 rate ${GAMES_RATE_OUT}kbit prio 3 \</div><div><span class="" style="white-space:pre"> </span>weight 4.8 avpkt 1500</div><div><br></div><div># P2P</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${P2P} cbq allot 1500 rate ${P2P_RATE_IN}kbit prio 4 \</div><div><span class="" style="white-space:pre"> </span>weight 120 avpkt 1500</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${P2P} cbq allot 1500 rate ${P2P_RATE_IN}kbit prio 4 \</div><div><span class="" style="white-space:pre"> </span>weight 120 avpkt 1500</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${P2P} cbq allot 1500 rate ${P2P_RATE_OUT}kbit prio 4 \</div><div><span class="" style="white-space:pre"> </span>weight 0.8 avpkt 1500</div><div><br></div><div># Other</div><div>${tc} class add dev ${INTERNAL_IFACE} parent ${INTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${INTERNAL_ROOT}:${OTHER} cbq allot 1500 rate ${OTHER_RATE_IN}kbit prio 5 \</div><div><span class="" style="white-space:pre"> </span>weight 12 avpkt 1500</div><div>${tc} class add dev ${WIRELESS_IFACE} parent ${WIRELESS_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${WIRELESS_ROOT}:${OTHER} cbq allot 1500 rate ${OTHER_RATE_IN}kbit prio 5 \</div><div><span class="" style="white-space:pre"> </span>weight 12 avpkt 1500</div><div>${tc} class add dev ${EXTERNAL_IFACE} parent ${EXTERNAL_ROOT}:${LIMIT} \</div><div><span class="" style="white-space:pre"> </span>classid ${EXTERNAL_ROOT}:${OTHER} cbq allot 1500 rate ${OTHER_RATE_OUT}kbit prio 5 \</div><div><span class="" style="white-space:pre"> </span>weight 0.8 avpkt 1500</div><div><br></div><div>## Apply classes to packets marked with iptables ##</div><div><br></div><div># VoIP</div><div>${tc} filter add dev ${INTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${INTERNAL_ROOT}:0 prio 1 handle ${VOIP} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${INTERNAL_ROOT}:${VOIP}</div><div>${tc} filter add dev ${WIRELESS_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${WIRELESS_ROOT}:0 prio 1 handle ${VOIP} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${WIRELESS_ROOT}:${VOIP}</div><div>${tc} filter add dev ${EXTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${EXTERNAL_ROOT}:0 prio 1 handle ${VOIP} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${EXTERNAL_ROOT}:${VOIP}</div><div><br></div><div># WWW</div><div>${tc} filter add dev ${INTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${INTERNAL_ROOT}:0 prio 2 handle ${WWW} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${INTERNAL_ROOT}:${WWW}</div><div>${tc} filter add dev ${WIRELESS_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${WIRELESS_ROOT}:0 prio 2 handle ${WWW} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${WIRELESS_ROOT}:${WWW}</div><div>${tc} filter add dev ${EXTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${EXTERNAL_ROOT}:0 prio 2 handle ${WWW} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${EXTERNAL_ROOT}:${WWW}</div><div><br></div><div># GAMES</div><div>${tc} filter add dev ${INTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${INTERNAL_ROOT}:0 prio 3 handle ${GAMES} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${INTERNAL_ROOT}:${GAMES}</div><div>${tc} filter add dev ${WIRELESS_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${WIRELESS_ROOT}:0 prio 3 handle ${GAMES} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${WIRELESS_ROOT}:${GAMES}</div><div>${tc} filter add dev ${EXTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${EXTERNAL_ROOT}:0 prio 3 handle ${GAMES} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${EXTERNAL_ROOT}:${GAMES}</div><div><br></div><div># P2P</div><div>${tc} filter add dev ${INTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${INTERNAL_ROOT}:0 prio 4 handle ${P2P} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${INTERNAL_ROOT}:${P2P}</div><div>${tc} filter add dev ${WIRELESS_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${WIRELESS_ROOT}:0 prio 4 handle ${P2P} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${WIRELESS_ROOT}:${P2P}</div><div>${tc} filter add dev ${EXTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${EXTERNAL_ROOT}:0 prio 4 handle ${P2P} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${EXTERNAL_ROOT}:${P2P}</div><div><br></div><div># OTHER</div><div>${tc} filter add dev ${INTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${INTERNAL_ROOT}:0 prio 5 handle ${OTHER} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${INTERNAL_ROOT}:${OTHER}</div><div>${tc} filter add dev ${WIRELESS_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${WIRELESS_ROOT}:0 prio 5 handle ${OTHER} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${WIRELESS_ROOT}:${OTHER}</div><div>${tc} filter add dev ${EXTERNAL_IFACE} protocol ip \</div><div><span class="" style="white-space:pre"> </span>parent ${EXTERNAL_ROOT}:0 prio 5 handle ${OTHER} \</div><div><span class="" style="white-space:pre"> </span>fw flowid ${EXTERNAL_ROOT}:${OTHER}</div></div><div>```<br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 3, 2015 at 11:33 AM, Damon L. Chesser <span dir="ltr"><<a href="mailto:damon@damtek.com" target="_blank">damon@damtek.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Ahhh. Makes sense. <br><div><div class="h5">
<br>
<div>On 09/03/2015 12:14 AM, James Sumners
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Set the wireless interface into AP mode and plug
the wired interface into an uplink port on my switch. Plus, you
know, some iptables rules.</div></blockquote></div></div></div></blockquote></div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>James Sumners<br><a href="http://james.sumners.info/" target="_blank">http://james.sumners.info/</a> (technical profile)</div><div><a href="http://jrfom.com/" target="_blank">http://jrfom.com/</a> (personal site)</div><div><a href="http://haplo.bandcamp.com/" target="_blank">http://haplo.bandcamp.com/</a> (band page)</div></div></div></div></div>
</div></div></div>