I'm in kind of a weird scenario where I need to create the following set up but not sure how to go about doing it. The reason I need to do this is that i'd like the CCR to act as the capsman for the access points behind it, which means that if I want the wireless to go through the firewall, I need to push it out of the router, through the firewall and then back in so that it can go out the WAN ports.
ccr-1009-8g-1s
firewall
/\ ||
|| \/
eth1 eth2 eth3 eth4 eth5 eth6 eth7 eth8
| | | | |
-------------- wan1 wan2
|
to lan
I'm currently just playing with this idea in a lab setting and have it BASICALLY working by putting eth1 through eth4 on a bridge, then putting the gateway IP, dhcp server etc on eth5, then physically hooking 4 to the firewall, and the firewall to 5. But this is obviously creating some other minor issues like duplicate arp entries and I'm not sure (well, im fairly sure really) if this is what's causing some dhcp issues (and other random issues) on this network.
I realize this is a ridiculous set up, but I'm wondering if there is a way that I can accomplish the same thing by either tweaking this (disabling arp on eth5 or the bridge maybe?) or if there's a way to set up a forced routing so that all traffic gets forced through the firewall.
