Ive been asked to help out joining 2 separate (windows) networks in diffenret buildings through their wireless connection. Its like this osr network esho NW 192.168.0.x 192.168.1.x windows PDC PDC Router f/w ->www Router FW---> www Clients clients wireless AP wireless AP Ive added a linux box so its gentoo box (static IPs) 0.1--> AP ~~~AP---eth0(192.168.0.30) eth1(192.168.1.30) ------->192.168.1.x from the gentoo box I can ping both networks ive tried adding a static route to the gentoo box route add -net 192.168.0 netmask 255.255.255.0 dev eth0 and using ethereal I *think* im seeing pings enter the osr network, but nothing comes back (??the recipient machines dont know the way back ????) As a first step Id like to be able to ping the networks both ways eg 192.168.0.5 client can ping 192.168.1.1 and the other way Is it possible to bridge (probably wrong word!) the different subnet NICs with shorewall ? Once that is done we can add some access rules to shorewall. I dont understand enough about it to know where to start reading about it . Once this is sorted Hopefully it will be possible to rationalise some of the other stuff . Pointers gratefully received. -- p cooper ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Fri, 2006-03-17 at 08:09 +0000, grumpyoldman wrote:> osr network esho NW > 192.168.0.x 192.168.1.x > windows PDC PDC > Router f/w ->www Router FW---> www > Clients clients > wireless AP wireless AP > > Ive added a linux box so its > gentoo box (static IPs) > 0.1--> AP ~~~AP---eth0(192.168.0.30) > eth1(192.168.1.30) ------->192.168.1.x >The ASCII is a bit out of shape I think. The gentoo box is the Bridge?> from the gentoo box I can ping both networks > ive tried adding a static route to the gentoo box > route add -net 192.168.0 netmask 255.255.255.0 dev eth0 > > and using ethereal I *think* im seeing pings enter the osr network, but > nothing comes back (??the recipient machines dont know the way back ????)Well, what is the default GW on the OSR box/router?> > As a first step Id like to be able to ping the networks both ways > eg 192.168.0.5 client can ping 192.168.1.1 and the other way > Is it possible to bridge (probably wrong word!) the different subnet NICs with > shorewall ?Yes, it is possible. Try doing an emerge bridge-utils and get it installed. Take note that the kernel also has to has bridge support for this to work. CONFIG_BRIDGE_NETFILTER=y # Bridge: Netfilter Configuration <--- This is for FW on Bridge CONFIG_BRIDGE_NF_EBTABLES=m (EBTABLES) CONFIG_BRIDGE_EBT_BROUTE=m CONFIG_BRIDGE_EBT_T_FILTER=m CONFIG_BRIDGE_EBT_T_NAT=m CONFIG_BRIDGE_EBT_802_3=m CONFIG_BRIDGE_EBT_AMONG=m CONFIG_BRIDGE_EBT_ARP=m CONFIG_BRIDGE_EBT_IP=m CONFIG_BRIDGE_EBT_LIMIT=m CONFIG_BRIDGE_EBT_MARK=m CONFIG_BRIDGE_EBT_PKTTYPE=m CONFIG_BRIDGE_EBT_STP=m CONFIG_BRIDGE_EBT_VLAN=m CONFIG_BRIDGE_EBT_ARPREPLY=m CONFIG_BRIDGE_EBT_DNAT=m CONFIG_BRIDGE_EBT_MARK_T=m CONFIG_BRIDGE_EBT_REDIRECT=m CONFIG_BRIDGE_EBT_SNAT=m CONFIG_BRIDGE_EBT_LOG=m # CONFIG_BRIDGE_EBT_ULOG is not set CONFIG_BRIDGE=m You can get the bridge up and running using Gentoo''s standard network script in /etc/conf.d/net (look at net.example for examples)> Once that is done we can add some access rules to shorewall. > I dont understand enough about it to know where to start reading about it . >Oh.. and you will need to have the "routeback" capability on the br0 interface. -- Ow Mun Heng Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM 98% Microsoft(tm) Free!! Neuromancer 16:20:43 up 4 days, 18:23, 5 users, load average: 0.43, 0.28, 0.26 ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
i thought that to use a bridge they had to be on the same subnet and these arent (192.168.0.x and 192.168.1.x) Ive read about proxy-arp but am not sure if its relevant. Can i not tell (ask!) shorewall to pass stuff from eth0 to eth1 which will allow the windows browsing . Should I just accept that I need to go round and do it all with static routing ? ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
On Saturday 18 March 2006 04:19, grumpyoldman wrote:> i thought that to use a bridge they had to be on the same subnet and these > arent (192.168.0.x and 192.168.1.x) > > Ive read about proxy-arp but am not sure if its relevant. > > Can i not tell (ask!) shorewall to pass stuff from eth0 to eth1 which > will allow the windows browsing .It can''t "pass stuff" that isn''t sent to it -- that where routing comes in.> Should I just accept that I need to go > round and do it all with static routing ? >If you want windows browsing between the two networks then you need: a) Appropriate routing. b) A WINS server (with all hosts configured to use it) or a Win-2k or later PDC. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key