[Bridge] combination WAP/firewall/router - wired and wireless hosts do not connect

Abel Martín abel.martin.ruiz at gmail.com
Mon Jan 22 10:56:46 PST 2007

On 1/18/07, Carla Schroder <carla at bratgrrl.com> wrote:
> hey all,
> I searched the archives and the site and didn't find an answer, so if I missed
> something I'll gladly take pointers to any good help pages.
> I want to build a combination wireless access point/iptables firewall/router
> for my home LAN, like this:
> dsl modem - router/WAP - switch - LAN
> I have Pyramid Linux on a PC Engines WRAP board. The board has an Atheros
> tri-mode wireless card, and two wired Ethernet ports in use. The configs are
> like this:
>  LAN IP =
>  br0 = ath0 bridged to eth0
>  WAN IP =
>  eth1
> When my iptables firewall is up, all hosts have Internet and can ping the
> router. But wired hosts cannot ping wireless hosts, or the reverse. With the
> firewall turned off, the bridge works perfectly and all LAN hosts see each
> other.
> I've tried running my iptables rules one at a time, and the showstopper is the
> forwarding chain. I like to use a default policy of FORWARD DROP, then write
> accept rules as needed. But nothing I have tried works here, and it's not
> like my iptables-fu is all that mighty anyway.
> Should I be looking at ebtables, or can I do this in iptables? Or what?
Did do check physdev iptables module?


