Ubuntu Server 18.04.1 Netplan and UFW
up vote
1
down vote
favorite
Ok, so I want to make a router using Ubuntu Server 18.04 ( already have the hardware and it all works, I have IPfire currently on it). I’ve looked at all the router distros and they seem rather limited in scope.
Sources
The article:
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
The firewall guide:
https://help.ubuntu.com/lts/serverguide/firewall.html
Ubuntu Server now uses netplan. I've looked at the documentation and it’s fairly clear I am not exactly skilled at this usage of the OS. I was hoping maybe someone could help me “translate” the way this article does it (the way I am more familiar) into the more modern implementation.
How would I make a netplan version of this?
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The WAN interface, marked Lan1 on the case
auto p4p1
iface p4p1 inet dhcp
# The LAN interface, marked Lan2 on the case
auto p1p1
iface p1p1 inet static
address 192.168.99.1
netmask 255.255.255.0
Also, I would prefer to use UFW over directly using iptables, as most of the rules in UFW are also what most of the article states.
One key difference from the article is he has this for the NAT section.
From article
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# p4p1 is WAN interface, #p1p1 is LAN interface
-A POSTROUTING -o p4p1 -j MASQUERADE
COMMIT
From firewall guide
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
COMMIT
But, after I figure out those two sections. I should be able to handle the rest. Any help would be great!
networking server iptables firewall ufw
asked Aug 1 at 1:26
soundconjurer
65
add a comment |
up vote
1
down vote
favorite
Ok, so I want to make a router using Ubuntu Server 18.04 ( already have the hardware and it all works, I have IPfire currently on it). I’ve looked at all the router distros and they seem rather limited in scope.
Sources
The article:
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
The firewall guide:
https://help.ubuntu.com/lts/serverguide/firewall.html
Ubuntu Server now uses netplan. I've looked at the documentation and it’s fairly clear I am not exactly skilled at this usage of the OS. I was hoping maybe someone could help me “translate” the way this article does it (the way I am more familiar) into the more modern implementation.
How would I make a netplan version of this?
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The WAN interface, marked Lan1 on the case
auto p4p1
iface p4p1 inet dhcp
# The LAN interface, marked Lan2 on the case
auto p1p1
iface p1p1 inet static
address 192.168.99.1
netmask 255.255.255.0
Also, I would prefer to use UFW over directly using iptables, as most of the rules in UFW are also what most of the article states.
One key difference from the article is he has this for the NAT section.
From article
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# p4p1 is WAN interface, #p1p1 is LAN interface
-A POSTROUTING -o p4p1 -j MASQUERADE
COMMIT
From firewall guide
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
COMMIT
But, after I figure out those two sections. I should be able to handle the rest. Any help would be great!
networking server iptables firewall ufw
asked Aug 1 at 1:26
soundconjurer
65
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Ok, so I want to make a router using Ubuntu Server 18.04 ( already have the hardware and it all works, I have IPfire currently on it). I’ve looked at all the router distros and they seem rather limited in scope.
Sources
The article:
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
The firewall guide:
https://help.ubuntu.com/lts/serverguide/firewall.html
Ubuntu Server now uses netplan. I've looked at the documentation and it’s fairly clear I am not exactly skilled at this usage of the OS. I was hoping maybe someone could help me “translate” the way this article does it (the way I am more familiar) into the more modern implementation.
How would I make a netplan version of this?
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The WAN interface, marked Lan1 on the case
auto p4p1
iface p4p1 inet dhcp
# The LAN interface, marked Lan2 on the case
auto p1p1
iface p1p1 inet static
address 192.168.99.1
netmask 255.255.255.0
Also, I would prefer to use UFW over directly using iptables, as most of the rules in UFW are also what most of the article states.
One key difference from the article is he has this for the NAT section.
From article
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# p4p1 is WAN interface, #p1p1 is LAN interface
-A POSTROUTING -o p4p1 -j MASQUERADE
COMMIT
From firewall guide
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
COMMIT
But, after I figure out those two sections. I should be able to handle the rest. Any help would be great!
networking server iptables firewall ufw
asked Aug 1 at 1:26
soundconjurer
65
Ok, so I want to make a router using Ubuntu Server 18.04 ( already have the hardware and it all works, I have IPfire currently on it). I’ve looked at all the router distros and they seem rather limited in scope.
Sources
The article:
https://arstechnica.com/gadgets/2016/04/the-ars-guide-to-building-a-linux-router-from-scratch/
The firewall guide:
https://help.ubuntu.com/lts/serverguide/firewall.html
Ubuntu Server now uses netplan. I've looked at the documentation and it’s fairly clear I am not exactly skilled at this usage of the OS. I was hoping maybe someone could help me “translate” the way this article does it (the way I am more familiar) into the more modern implementation.
How would I make a netplan version of this?
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The WAN interface, marked Lan1 on the case
auto p4p1
iface p4p1 inet dhcp
# The LAN interface, marked Lan2 on the case
auto p1p1
iface p1p1 inet static
address 192.168.99.1
netmask 255.255.255.0
Also, I would prefer to use UFW over directly using iptables, as most of the rules in UFW are also what most of the article states.
One key difference from the article is he has this for the NAT section.
From article
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# p4p1 is WAN interface, #p1p1 is LAN interface
-A POSTROUTING -o p4p1 -j MASQUERADE
COMMIT
From firewall guide
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
# don’t delete the ‘COMMIT’ line or these nat table rules won’t be processed
COMMIT
But, after I figure out those two sections. I should be able to handle the rest. Any help would be great!
networking server iptables firewall ufw
networking server iptables firewall ufw
asked Aug 1 at 1:26
soundconjurer
65
asked Aug 1 at 1:26
soundconjurer
65
asked Aug 1 at 1:26
soundconjurer
65
asked Aug 1 at 1:26
soundconjurer
65
asked Aug 1 at 1:26
soundconjurer
65
65
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47
add a comment |
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47
add a comment |
1 Answer
1
active
oldest
votes
up vote
2
down vote
As per my comments - I wouldn't use netplan here. Its perfectly fine until you try bridging and I couldn't get it to work reliably. IMO its not ready. As of 18.04 switching back to the classic ifup network management is the smart thing to do.
I don't use ufw in my own build but it can't be that hard to translate them (famous last words).
firewalld uses remarkably similar commands for these and they should translate directly to UFW. The commands are literally "classic" firewall commands. They're untested on ufw, and might need some tuning from someone who uses ufw.
I don't really like how the ufw notes gives a range of IPs over an interface (though you might be forced to), but it should translate to something like this. enp1s0 is my 'external' interface, and br0 is basically all my other interfaces bridged together
For reference, my firewalld setup looks like this:
sudo firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo firewall-cmd --runtime-to-permanent
The second last command is critical
And that should translate to something like this.
#masquerade traffic coming out from enp1s0
-A POSTROUTING 0 -o enp1s0 -j MASQUERADE
# Forward and accept any traffic from br0 to enp1s0
-A FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
#accept traffic on existing connections
-A FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
The default netplan configuration, as I recall gives all the outputs automatic IP addresses.
This is going to be a problem eventually when you run a DHCP server. You want a static IP address on that interface.
If you must, a minimal netplan config looks like this - I think it worked before I tried to bridge things.
- enp1s0 is my external interface
- enp1s0 is internal.
I'm not entirely sure why enp2s0 has dhcp enabled - you might be able to remove that stanza. Optional is useful since you might not always have something plugged into the port
network:
ethernets:
enp1s0:
addresses:
dhcp4: true
enp2s0:
addresses:
- 192.168.2.1/24
dhcp4: true
optional: true
version: 2
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
2
down vote
As per my comments - I wouldn't use netplan here. Its perfectly fine until you try bridging and I couldn't get it to work reliably. IMO its not ready. As of 18.04 switching back to the classic ifup network management is the smart thing to do.
I don't use ufw in my own build but it can't be that hard to translate them (famous last words).
firewalld uses remarkably similar commands for these and they should translate directly to UFW. The commands are literally "classic" firewall commands. They're untested on ufw, and might need some tuning from someone who uses ufw.
I don't really like how the ufw notes gives a range of IPs over an interface (though you might be forced to), but it should translate to something like this. enp1s0 is my 'external' interface, and br0 is basically all my other interfaces bridged together
For reference, my firewalld setup looks like this:
sudo firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo firewall-cmd --runtime-to-permanent
The second last command is critical
And that should translate to something like this.
#masquerade traffic coming out from enp1s0
-A POSTROUTING 0 -o enp1s0 -j MASQUERADE
# Forward and accept any traffic from br0 to enp1s0
-A FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
#accept traffic on existing connections
-A FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
The default netplan configuration, as I recall gives all the outputs automatic IP addresses.
This is going to be a problem eventually when you run a DHCP server. You want a static IP address on that interface.
If you must, a minimal netplan config looks like this - I think it worked before I tried to bridge things.
- enp1s0 is my external interface
- enp1s0 is internal.
I'm not entirely sure why enp2s0 has dhcp enabled - you might be able to remove that stanza. Optional is useful since you might not always have something plugged into the port
network:
ethernets:
enp1s0:
addresses:
dhcp4: true
enp2s0:
addresses:
- 192.168.2.1/24
dhcp4: true
optional: true
version: 2
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
add a comment |
up vote
2
down vote
As per my comments - I wouldn't use netplan here. Its perfectly fine until you try bridging and I couldn't get it to work reliably. IMO its not ready. As of 18.04 switching back to the classic ifup network management is the smart thing to do.
I don't use ufw in my own build but it can't be that hard to translate them (famous last words).
firewalld uses remarkably similar commands for these and they should translate directly to UFW. The commands are literally "classic" firewall commands. They're untested on ufw, and might need some tuning from someone who uses ufw.
I don't really like how the ufw notes gives a range of IPs over an interface (though you might be forced to), but it should translate to something like this. enp1s0 is my 'external' interface, and br0 is basically all my other interfaces bridged together
For reference, my firewalld setup looks like this:
sudo firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo firewall-cmd --runtime-to-permanent
The second last command is critical
And that should translate to something like this.
#masquerade traffic coming out from enp1s0
-A POSTROUTING 0 -o enp1s0 -j MASQUERADE
# Forward and accept any traffic from br0 to enp1s0
-A FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
#accept traffic on existing connections
-A FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
The default netplan configuration, as I recall gives all the outputs automatic IP addresses.
This is going to be a problem eventually when you run a DHCP server. You want a static IP address on that interface.
If you must, a minimal netplan config looks like this - I think it worked before I tried to bridge things.
- enp1s0 is my external interface
- enp1s0 is internal.
I'm not entirely sure why enp2s0 has dhcp enabled - you might be able to remove that stanza. Optional is useful since you might not always have something plugged into the port
network:
ethernets:
enp1s0:
addresses:
dhcp4: true
enp2s0:
addresses:
- 192.168.2.1/24
dhcp4: true
optional: true
version: 2
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
add a comment |
up vote
2
down vote
up vote
2
down vote
As per my comments - I wouldn't use netplan here. Its perfectly fine until you try bridging and I couldn't get it to work reliably. IMO its not ready. As of 18.04 switching back to the classic ifup network management is the smart thing to do.
I don't use ufw in my own build but it can't be that hard to translate them (famous last words).
firewalld uses remarkably similar commands for these and they should translate directly to UFW. The commands are literally "classic" firewall commands. They're untested on ufw, and might need some tuning from someone who uses ufw.
I don't really like how the ufw notes gives a range of IPs over an interface (though you might be forced to), but it should translate to something like this. enp1s0 is my 'external' interface, and br0 is basically all my other interfaces bridged together
For reference, my firewalld setup looks like this:
sudo firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo firewall-cmd --runtime-to-permanent
The second last command is critical
And that should translate to something like this.
#masquerade traffic coming out from enp1s0
-A POSTROUTING 0 -o enp1s0 -j MASQUERADE
# Forward and accept any traffic from br0 to enp1s0
-A FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
#accept traffic on existing connections
-A FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
The default netplan configuration, as I recall gives all the outputs automatic IP addresses.
This is going to be a problem eventually when you run a DHCP server. You want a static IP address on that interface.
If you must, a minimal netplan config looks like this - I think it worked before I tried to bridge things.
- enp1s0 is my external interface
- enp1s0 is internal.
I'm not entirely sure why enp2s0 has dhcp enabled - you might be able to remove that stanza. Optional is useful since you might not always have something plugged into the port
network:
ethernets:
enp1s0:
addresses:
dhcp4: true
enp2s0:
addresses:
- 192.168.2.1/24
dhcp4: true
optional: true
version: 2
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
As per my comments - I wouldn't use netplan here. Its perfectly fine until you try bridging and I couldn't get it to work reliably. IMO its not ready. As of 18.04 switching back to the classic ifup network management is the smart thing to do.
I don't use ufw in my own build but it can't be that hard to translate them (famous last words).
firewalld uses remarkably similar commands for these and they should translate directly to UFW. The commands are literally "classic" firewall commands. They're untested on ufw, and might need some tuning from someone who uses ufw.
I don't really like how the ufw notes gives a range of IPs over an interface (though you might be forced to), but it should translate to something like this. enp1s0 is my 'external' interface, and br0 is basically all my other interfaces bridged together
For reference, my firewalld setup looks like this:
sudo firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o enp1s0 -j MASQUERADE
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo firewall-cmd --runtime-to-permanent
The second last command is critical
And that should translate to something like this.
#masquerade traffic coming out from enp1s0
-A POSTROUTING 0 -o enp1s0 -j MASQUERADE
# Forward and accept any traffic from br0 to enp1s0
-A FORWARD 0 -i br0 -o enp1s0 -j ACCEPT
#accept traffic on existing connections
-A FORWARD 0 -i enp1s0 -o br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
The default netplan configuration, as I recall gives all the outputs automatic IP addresses.
This is going to be a problem eventually when you run a DHCP server. You want a static IP address on that interface.
If you must, a minimal netplan config looks like this - I think it worked before I tried to bridge things.
- enp1s0 is my external interface
- enp1s0 is internal.
I'm not entirely sure why enp2s0 has dhcp enabled - you might be able to remove that stanza. Optional is useful since you might not always have something plugged into the port
network:
ethernets:
enp1s0:
addresses:
dhcp4: true
enp2s0:
addresses:
- 192.168.2.1/24
dhcp4: true
optional: true
version: 2
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
edited Nov 19 at 0:53
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
answered Nov 18 at 14:13
Journeyman Geek
2,7461628
2,7461628
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1061276%2fubuntu-server-18-04-1-netplan-and-ufw%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I solved it. With netplan, there isn't any need to set up the WAN and LAN inputs. This is pretty much taken care of during installation. The firewall rules are pretty much minimal and worked.
– soundconjurer
Aug 20 at 13:39
I had some trouble with netplan and bridged interfaces with dnsmasq -dnsmasq wouldn't come up on time. Its a known issue, and not fixed yet. I seem to recall it worked ok with 2 ports only. I'd strongly suggest dumping netplan. I went with firewalld so I'm not much help with your actual question but
– Journeyman Geek
Nov 18 at 13:47