FAQ: How can I control which network interface is used for network traffic? Like use WiFi in some cases but ethernet in others


  • administrators

    The existing firewall on the OS can be used to enable/disable network traffic from specific interfaces

    Taking a look at /etc/config/firewall, you'll notice it has zones that control traffic flow of the network interfaces defined in /etc/config/firewall

    By default, the wan firewall zone is attached to the wwan network interface.

    Looking at /etc/config/network you'll see that the wwan network interface is apcli0, the Omega's WiFi client interface

    We can change the wan firewall zone configuration to enable or disable traffic through this interface.

    To start, my Omega is connected to WiFi and can ping the internet:

    root@Omega-F195:/# ping www.google.com
    PING www.google.com (172.217.164.196): 56 data bytes
    64 bytes from 172.217.164.196: seq=0 ttl=115 time=18.968 ms
    64 bytes from 172.217.164.196: seq=1 ttl=115 time=22.639 ms
    ...
    

    Then, I'll run these commands to REJECT input and output traffic for the wan zone:

    uci set firewall.@zone[1].output='REJECT'
    uci set firewall.@zone[1].input='REJECT'
    uci commit firewall
    

    Note: these changes can also be made by modifying the /etc/config/firewall file directly

    And restart the firewall:

    /etc/init.d/firewall restart
    

    I can no longer access the internet. The WiFi client interface is still associated with the network, but no traffic can go through:

    root@Omega-F195:/# ping www.google.com
    PING www.google.com (172.217.164.196): 56 data bytes
    ping: sendto: Operation not permitted
    root@Omega-F195:/# ping www.google.com
    PING www.google.com (172.217.164.196): 56 data bytes
    ping: sendto: Operation not permitted
    

    A few notes:

    1. The default firewall configuration only has zones for the WiFi AP and WiFi Client network interfaces. You'll need to add more zones to the firewall to control the ethernet network interface, or other network interfaces like cellular modems.
    2. The firewall also supports creating Rules. For a deeper dive into the firewall and rules, take a look at the openwrt firewall documentation: https://openwrt.org/docs/guide-user/firewall/firewall_configuration

    Based on this thread: https://community.onion.io/topic/4189/looking-for-input-managing-network-connection-interfaces



Looks like your connection to Community was lost, please wait while we try to reconnect.