Shorewall users - Feb 2004 - Adding a wireless zone

Hello Everyone,

I''m a little lost so I''m looking for some community feedback. 
I''m
adding a wireless zone to my home network (Linksys BEFWP11S4).  It works
perfectly for outbound traffic if I connect the Linksys to the
''loc'' hub
using one of the 4 switch ports.  However, in this configuration I
cannot access the admin page on the Linksys (192.168.1.1) from a
''loc''
(eth1) computer.

Additionally, I prefer to have the wireless net seperate from my eth1
network just in case someone does get on it (WEP and MAC addresses are
enabled).

At this point I don''t know what I''m missing, I''ve
tried different
configurations in order to make it work, I can connect to the Linksys
admin page from the firewall, just not from an eth1 computer.

Do I need to create a static route?
Should I be using the WAN port on the Linksys instead?
- Craig

General Info
	eth0 - roadrunner dhcp
	eth1 - loc (local network 192.168.0.0/24)
	eth2 - wir (wireless network 192.168.1.0/24)

INTERFACES
#ZONE    INTERFACE      BROADCAST       OPTIONS
net     eth0            detect          dhcp
loc     eth1            192.168.0.255   dhcp
wir     eth2            192.168.1.255

ZONES
#ZONE   DISPLAY         COMMENTS
net     Net             Internet
loc     Local           Local networks
wir     Wireless        Wireless networks

POLICY
#SOURCE         DEST            POLICY          LOG
#                                               LEVEL
loc             net             ACCEPT
loc             wir             ACCEPT          info
net             all             DROP            info
all             all             REJECT          info

MASQ
#INTERFACE              SUBNET          ADDRESS
eth0                    192.168.0.0/24
eth0                    192.168.1.0/24

RULES
ACCEPT:info             wir       $FW           tcp     ssh
ACCEPT          wir       $FW           udp     domain
(note: these are only the rules that pertain to wir zone)

On Sat, 14 Feb 2004, Craig Isdahl wrote:
>
> Do I need to create a static route?
>
Only if there is a way to add static routes on the Linksys itself. The
problem here is that the Linksys doesn''t know now to route to the
192.168.0.0/24 network.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

On Sat, 14 Feb 2004, Tom Eastep wrote:
>
> Only if there is a way to add static routes on the Linksys itself. The
> problem here is that the Linksys doesn''t know now to route to the
> 192.168.0.0/24 network.
>
The other thing that you can do is to masquerade traffic to the in-built
web server:

/etc/shorewall/masq:

eth2:192.168.1.1	192.168.0.0/24

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net