Hello !
I use the new bridging code with my setup. I have defined a bridge
(wlanbr) between my local net (eth0) and my hostap-driven Prism Card
(wlan0). I''m using iptables 1.2.8, Kernel 2.6.5, bridging activated, no
ebtables modules loaded, ipt_physdev loaded. What''s wrong with this
setup ?
Do I need a newer version of iptables ?
/etc/shorewall/interfaces:
net ppp0 - norfc1918,tcpflags,blacklist,nosmurfs
- wlanbr 192.168.100.255
/etc/shorewall/hosts:
loc wlanbr:eth0
wlan wlanbr:wlan0
/etc/shorewall/policy:
loc net ACCEPT
loc $FW ACCEPT
gw gw ACCEPT
gw loc ACCEPT
loc gw ACCEPT
gw $FW ACCEPT
$FW gw ACCEPT
net all DROP info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all all REJECT info
/etc/shorewall/rules removed for this test
My loaded modules lsmod | grep ip*:
ip6table_filter 2496 0
ip6_tables 18384 1 ip6table_filter
ipt_TOS 2304 0
ipt_MASQUERADE 3712 0
ipt_REJECT 6912 0
ipt_pkttype 1536 0
ipt_LOG 5568 0
ipt_limit 2240 0
ipt_TCPMSS 4224 0
ipt_state 1728 2
ipt_physdev 2000 0
ip_nat_irc 3952 0
ip_nat_tftp 3248 0
ip_nat_ftp 4720 0
ip_conntrack_irc 71156 1 ip_nat_irc
ip_conntrack_tftp 3412 0
ip_conntrack_ftp 71924 1 ip_nat_ftp
ipt_multiport 1920 0
ipt_conntrack 2304 0
iptable_filter 2688 1
iptable_mangle 2752 0
iptable_nat 22764 4
ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack 32240 10
ipt_MASQUERADE,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp,ipt_conntrack,iptable_nat
ip_tables 17152 14
ipt_TOS,ipt_MASQUERADE,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_limit,ipt_TCPMSS,ipt_state,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_filter,iptable_mangle,iptable_nat
Output from shorewall debug start:
-----
++ echo ppp0_fwd
+ chain1=ppp0_fwd
+ interface1=wlanbr
+ networks1=eth0
+ ''['' ppp0:0.0.0.0/0 ''!='' wlanbr:eth0
'']''
++ match_source_hosts 0.0.0.0/0
++ ''['' -n '''' '']''
++ echo -s 0.0.0.0/0
++ match_dest_hosts eth0
++ ''['' -n '''' '']''
++ echo -d eth0
+ run_iptables -A ppp0_fwd -s 0.0.0.0/0 -o wlanbr -d eth0 -j net2loc
+ ''['' -n '''' '']''
+ iptables -A ppp0_fwd -s 0.0.0.0/0 -o wlanbr -d eth0 -j net2loc
iptables v1.2.8: host/network `eth0'' not found
Try `iptables -h'' or ''iptables --help'' for more
information.
+ ''['' -z '''' '']''
+ stop_firewall
By
Ralf Schenk