1. Home
  2. Technical FAQs
  3. FAQ: How can I control which network interface is used for network traffic? Like use WiFi in some cases but ethernet in others

FAQ: How can I control which network interface is used for network traffic? Like use WiFi in some cases but ethernet in others

  • Lazar Demin
    administrators

    The existing firewall on the OS can be used to enable/disable network traffic from specific interfaces

    Taking a look at /etc/config/firewall, you'll notice it has zones that control traffic flow of the network interfaces defined in /etc/config/firewall

    By default, the wan firewall zone is attached to the wwan network interface.

    Looking at /etc/config/network you'll see that the wwan network interface is apcli0, the Omega's WiFi client interface

    We can change the wan firewall zone configuration to enable or disable traffic through this interface.

    To start, my Omega is connected to WiFi and can ping the internet:

    root@Omega-F195:/# ping www.google.com
PING www.google.com (172.217.164.196): 56 data bytes
64 bytes from 172.217.164.196: seq=0 ttl=115 time=18.968 ms
64 bytes from 172.217.164.196: seq=1 ttl=115 time=22.639 ms
...

    Then, I'll run these commands to REJECT input and output traffic for the wan zone:

    uci set firewall.@zone[1].output='REJECT'
uci set firewall.@zone[1].input='REJECT'
uci commit firewall

    Note: these changes can also be made by modifying the /etc/config/firewall file directly

    And restart the firewall:

    /etc/init.d/firewall restart

    I can no longer access the internet. The WiFi client interface is still associated with the network, but no traffic can go through:

    root@Omega-F195:/# ping www.google.com
PING www.google.com (172.217.164.196): 56 data bytes
ping: sendto: Operation not permitted
root@Omega-F195:/# ping www.google.com
PING www.google.com (172.217.164.196): 56 data bytes
ping: sendto: Operation not permitted

    A few notes:

    1. The default firewall configuration only has zones for the WiFi AP and WiFi Client network interfaces. You'll need to add more zones to the firewall to control the ethernet network interface, or other network interfaces like cellular modems.
    2. The firewall also supports creating Rules. For a deeper dive into the firewall and rules, take a look at the openwrt firewall documentation: https://openwrt.org/docs/guide-user/firewall/firewall_configuration

    Based on this thread: https://community.onion.io/topic/4189/looking-for-input-managing-network-connection-interfaces

    1
faq 54 internet 16 config 9 firewall 4
Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.