[Bridge] combination WAP/firewall/router - wired and wireless hosts do not connect

[Bridge] combination WAP/firewall/router - wired and wireless hosts do not connect

[Carla Schroder]

hey all,

I searched the archives and the site and didn't find an answer, so if I missed 
something I'll gladly take pointers to any good help pages.

I want to build a combination wireless access point/iptables firewall/router 
for my home LAN, like this:

dsl modem - router/WAP - switch - LAN

I have Pyramid Linux on a PC Engines WRAP board. The board has an Atheros 
tri-mode wireless card, and two wired Ethernet ports in use. The configs are 
like this:
 
 LAN IP = 192.168.1.25
 br0 = ath0 bridged to eth0
 
 WAN IP = 22.33.44.55
 eth1

When my iptables firewall is up, all hosts have Internet and can ping the 
router. But wired hosts cannot ping wireless hosts, or the reverse. With the 
firewall turned off, the bridge works perfectly and all LAN hosts see each 
other.

I've tried running my iptables rules one at a time, and the showstopper is the 
forwarding chain. I like to use a default policy of FORWARD DROP, then write 
accept rules as needed. But nothing I have tried works here, and it's not 
like my iptables-fu is all that mighty anyway.

Should I be looking at ebtables, or can I do this in iptables? Or what?

thanks in advance.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Re: [Bridge] combination WAP/firewall/router - wired and wireless hostsdo not connect

[Richard Davis]

www.pfsense.com
It's a great program for what you want to do and it runs on a wrap
board.

-----Original Message-----
From: bridge-bounces@lists.osdl.org
[mailto:bridge-bounces@lists.osdl.org] On Behalf Of Carla Schroder
Sent: Wednesday, January 17, 2007 10:09 PM
To: bridge@lists.osdl.org
Subject: [Bridge] combination WAP/firewall/router - wired and wireless
hostsdo not connect


hey all,

I searched the archives and the site and didn't find an answer, so if I
missed 
something I'll gladly take pointers to any good help pages.

I want to build a combination wireless access point/iptables
firewall/router 
for my home LAN, like this:

dsl modem - router/WAP - switch - LAN

I have Pyramid Linux on a PC Engines WRAP board. The board has an
Atheros 
tri-mode wireless card, and two wired Ethernet ports in use. The configs
are 
like this:
 
 LAN IP = 192.168.1.25
 br0 = ath0 bridged to eth0
 
 WAN IP = 22.33.44.55
 eth1

When my iptables firewall is up, all hosts have Internet and can ping
the 
router. But wired hosts cannot ping wireless hosts, or the reverse. With
the 
firewall turned off, the bridge works perfectly and all LAN hosts see
each 
other.

I've tried running my iptables rules one at a time, and the showstopper
is the 
forwarding chain. I like to use a default policy of FORWARD DROP, then
write 
accept rules as needed. But nothing I have tried works here, and it's
not 
like my iptables-fu is all that mighty anyway.

Should I be looking at ebtables, or can I do this in iptables? Or what?

thanks in advance.
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook! 
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Bridge mailing list
Bridge@lists.osdl.org https://lists.osdl.org/mailman/listinfo/bridge

Re: [Bridge] combination WAP/firewall/router - wired and wireless hosts do not connect

[Abel Martín]

On 1/18/07, Carla Schroder <carla@bratgrrl.com> wrote:
> hey all,
>
> I searched the archives and the site and didn't find an answer, so if I missed
> something I'll gladly take pointers to any good help pages.
>
> I want to build a combination wireless access point/iptables firewall/router
> for my home LAN, like this:
>
> dsl modem - router/WAP - switch - LAN
>
> I have Pyramid Linux on a PC Engines WRAP board. The board has an Atheros
> tri-mode wireless card, and two wired Ethernet ports in use. The configs are
> like this:
>
>  LAN IP = 192.168.1.25
>  br0 = ath0 bridged to eth0
>
>  WAN IP = 22.33.44.55
>  eth1
>
> When my iptables firewall is up, all hosts have Internet and can ping the
> router. But wired hosts cannot ping wireless hosts, or the reverse. With the
> firewall turned off, the bridge works perfectly and all LAN hosts see each
> other.
>
> I've tried running my iptables rules one at a time, and the showstopper is the
> forwarding chain. I like to use a default policy of FORWARD DROP, then write
> accept rules as needed. But nothing I have tried works here, and it's not
> like my iptables-fu is all that mighty anyway.
>
> Should I be looking at ebtables, or can I do this in iptables? Or what?
>
Did do check physdev iptables module?

Regards,
Abel