Various questions emerged from use of a repeater

I have a repeater attached to Blue Wlan of Ipfire (with Proxy running). Prior to that i used Macfilter to give my clients access to Blue. To get access to internet for my clients this topc helped me:
Client on a WLAN Repeater did not get a internet connection

a) solution in the topic helped, but i dont understand why? Is Mac filtering now senseless/obsolete?

b) are several Accesspoints attached via LAN to Blue the better solution?

c) when i installed the repeater, i turned off the use of Proxy in my client, to reduce complex errors. In this case my client do not have access to RED nor to Blue, but DHCP gives the IP. If i turn on the proxy in my client, access to Blue and to Red is possible. Access to Firewall i allowed only to the DNS Server of Ipfire. Why my client on Blue can access the Proxy on Blue, when i allowed only access to DNS on Blue? I have seen in the proxy page of ipfire the “allowed subnets”, but is there a hierarchy between Proxy rules and Firewall rules?

d) when i use the proxyserver of ipfire, the client using the proxy goes to red, or only the proxy of Ipfire connect to red for the Ipfire Firewall?

a) The problem is that some (not all) wlan repeater alter the mac address of the repeated packets. Such repeaters are incompatible with mac address filtering.

b) accesspoint is better because the are not limited to use the wlan for the upstream transfer so in many cases it double the bandwich, also you are not limited to one channel.

c) The allow subnets is to configure from which networks the proxy accept requests. If your IP is not in this list you get an error page from the proxy.

d) if you use the proxy the client access the proxy and the proxy connect to red there is no direct connection from the client to red. But the web proxy is only for http and https connections. (Only port 80 will forced through the proxy if transparent mode is enabled.) For https the proxy must configured in the client or via proxy discovery.


questions a, b, d is ok. question c still open. Here is a screenshot of my rules for access to Ipfirewall:

I did this with:
2. Block all DNS traffic except through IPFire’s DNS proxy

I allow here only access to DNS, why the clients on Blue (and Green) can access the Proxyserver (running on Port 800) on Ipfirewall? Where i allow this? This is not a problem, but i dont understand, why it is so.

ups :face_with_hand_over_mouth:, i found my error in reasoning, MAC filter is not something seperated from firewall rules, i found my entries from blue access in the iptable.