WAN: 1x mobile connection running in bridge mode with the shared MAC address of the connected routers on LAN1/LAN2. The connected routers use CARP for failover, so the unique MAC is shared between both routers and who is master right now, gets the IP. Everything works fine.
LAN: 1x internal connection via the eth1 interface for accessing/monitoring the RUTX50. I’ve chosen eth1 extra, because it is physically separated from eth0 (LAN1-LAN4) which i only use for bridging the mobile connection.
Now to the part where i need information.
What role plays br-lan? Reason i ask is, that there is always a default lan interface with a local lan ip address (192.168.1.1 by default) and running in bridge mode. I don’t need that interface, as everything for accessing/monitoring, i do via my newly created eth1. But if i deactivate - or even worse - delete the default lan, also the mobile connection is not working any longer.
I understand the point, that the mobile connection is bridge to LAN1-4, so in some way there should be some configuration, but how does it exactly affect the lan interface unter LAN. Do i always need ONE dummy lan interface with a internal dummy IP, just for having the mobile bridge working?
I’m still hoping for responses, on how and why a dummy lan interface has to be existent, but made a few changes to further tighten up the setup.
I use
port based vlan 5 tagged for the physical eth1 = WAN interface, so i’ve created a interface under LAN which is bound to interface eth1.5, has an internal IP and appropriate routing entries to reach internal machines
port based vlan 8 tagged for the LAN1/LAN2 interface = eth0, so i’ve created a interface under LAN which has no IP, is bridged and bound to eth0.8
With this, i hope to fully bound the MOBILE conection to LAN1/2 without being able in any way to also work on LAN3/LAN4 or even WAN = eth1.
And as the configuration under /etc/config/network shows that br-lan uses only eth0.8 now, i think this should be the way to go.
Bridge mode modifies firewall rules to allow traffic forwarding from WAN to LAN zones, additionally setup script creates custom ip routes and ip rules which are tied to br-lan device.
port based vlan 8 tagged for the LAN1/LAN2 interface = eth0, so i’ve created a interface under LAN which has no IP, is bridged and bound to eth0.8
This should work, if you’ll encounter any issues let me know