[Bridge] combination WAP/firewall/router - wired and wireless hostsdo not connect

Richard Davis richard at bizsyscon.com
Thu Jan 18 06:54:07 PST 2007


www.pfsense.com
It's a great program for what you want to do and it runs on a wrap
board.

-----Original Message-----
From: bridge-bounces at lists.osdl.org
[mailto:bridge-bounces at lists.osdl.org] On Behalf Of Carla Schroder
Sent: Wednesday, January 17, 2007 10:09 PM
To: bridge at lists.osdl.org
Subject: [Bridge] combination WAP/firewall/router - wired and wireless
hostsdo not connect


hey all,

I searched the archives and the site and didn't find an answer, so if I
missed 
something I'll gladly take pointers to any good help pages.

I want to build a combination wireless access point/iptables
firewall/router 
for my home LAN, like this:

dsl modem - router/WAP - switch - LAN

I have Pyramid Linux on a PC Engines WRAP board. The board has an
Atheros 
tri-mode wireless card, and two wired Ethernet ports in use. The configs
are 
like this:
 
 LAN IP = 192.168.1.25
 br0 = ath0 bridged to eth0
 
 WAN IP = 22.33.44.55
 eth1

When my iptables firewall is up, all hosts have Internet and can ping
the 
router. But wired hosts cannot ping wireless hosts, or the reverse. With
the 
firewall turned off, the bridge works perfectly and all LAN hosts see
each 
other.

I've tried running my iptables rules one at a time, and the showstopper
is the 
forwarding chain. I like to use a default policy of FORWARD DROP, then
write 
accept rules as needed. But nothing I have tried works here, and it's
not 
like my iptables-fu is all that mighty anyway.

Should I be looking at ebtables, or can I do this in iptables? Or what?

thanks in advance.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Bridge mailing list
Bridge at lists.osdl.org https://lists.osdl.org/mailman/listinfo/bridge




More information about the Bridge mailing list