Hello,
I''m trying to configure my desktop as a bluetooth network access point
for my
ipaq (as explained in http://www.stolk.org/debian/bluetooth.html).
I''m running shorewall version 2.2.1 on debian testing with a local
network via
eth0 and internet access via eth1. I''ve created a bridge br0 for eth0
and
bnep0 and activated bridging in shorewall. dhcpd is listening on br0.
Has somebody an idea of what is wrong with my setup ?
Thanks,
Mikael
Depending on a line in policy file, here''s the result of a ping to my
ipaq :
a) with "fw all ACCEPT info"
# ping 192.168.0.10
PING 192.168.0.10 (192.168.0.10): 56 data bytes
--- 192.168.0.10 ping statistics ---
15 packets transmitted, 0 packets received, 100% packet loss
and in /var/log/shorewall/info.log :
Apr 2 17:47:01 bregalad kernel: Shorewall:OUTPUT:ACCEPT:IN= OUT=eth0
SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=10 DF
PROTO=ICMPTYPE=8 CODE=0 ID=35091 SEQ=2560
b) without "fw all ACCEPT info"
# ping 192.168.0.10
PING 192.168.0.10 (192.168.0.10): 56 data bytes
ping: sendto: Operation not permitted
ping: wrote 192.168.0.10 64 chars, ret=-1
Apr 2 21:34:26 bregalad kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0
SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF
PROTO=ICMP TYPE=8 CODE=0 ID=50773 SEQ=256
When I try to access a website from the ipaq, here''s the only output in
shorewall''s log (212.27.39.135 is a dns server) :
Apr 2 21:38:06 bregalad kernel: Shorewall:bt2all:ACCEPT:IN=br0 OUT=eth1
PHYSIN=bnep0 SRC=192.168.0.10 DST=212.27.39.135 LEN=61 TOS=0x00 PREC=0x00
TTL=127 ID=11 PROTO=UDP SPT=1028 DPT=53 LEN=41
Here''s the result of some commands :
# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff
inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1
inet6 fe80::260:4cff:fe0f:eafa/64 scope link
valid_lft forever preferred_lft forever
32: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 brd 192.168.0.255 scope global br0
inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link
valid_lft forever preferred_lft forever
# ip route show
81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1
default via 81.57.228.254 dev eth1
/etc/shorewall/policy :
#SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
fw net ACCEPT
fw loc ACCEPT info
fw bt ACCEPT info
fw all ACCEPT info # without this one, ping
to my ipaq is rejected by the last rule of this file
loc all ACCEPT info
bt all ACCEPT info
net all DROP info
# The FOLLOWING POLICY MUST BE LAST
all all REJECT info
/etc/shorewall/rules :
ACCEPT net fw icmp 8
AllowPing fw net icmp 8
ACCEPT:warn net fw tcp 22
ACCEPT net fw tcp 80,8088,5222
ACCEPT net fw tcp 4661,4662
ACCEPT fw bt icmp 8
/etc/shorewall/hosts :
loc br0:eth0
bt br0:bnep0
/etc/shorewall/interfaces :
net eth1 detect norfc1918,routefilter,dhcp,tcpflags
- br0 192.168.0.255
/etc/shorewall/masq :
eth1 192.168.0.0/24
some extract from /etc/shorewall/shorewall.conf :
BRIDGING=Yes
IP_FORWARDING=on
--
Mikael
correct the spam protection on my mail adress
Mikael wrote:> > Here''s the result of some commands : > > # ip addr show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 > inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link > valid_lft forever preferred_lft forever > 3: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff > inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1 > inet6 fe80::260:4cff:fe0f:eafa/64 scope link > valid_lft forever preferred_lft forever > 32: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.1/24 brd 192.168.0.255 scope global br0 > inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link > valid_lft forever preferred_lft forever > > # ip route show > 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 > 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 > default via 81.57.228.254 dev eth1 >> > /etc/shorewall/interfaces : > net eth1 detect norfc1918,routefilter,dhcp,tcpflags > - br0 192.168.0.255 >Take the IP address off of eth0 -- a bridge port most *not* have an IP address. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
See below... ----- Original Message ----- From: "Mikael" <pub@grizzli.org> To: <shorewall-users@lists.shorewall.net> Sent: Saturday, April 02, 2005 2:43 PM Subject: [Shorewall-users] bluetooth nap and internet access problem> Hello, > > I''m trying to configure my desktop as a bluetooth network access point formy> ipaq (as explained in http://www.stolk.org/debian/bluetooth.html). > > I''m running shorewall version 2.2.1 on debian testing with a local networkvia> eth0 and internet access via eth1. I''ve created a bridge br0 for eth0 and > bnep0 and activated bridging in shorewall. dhcpd is listening on br0. > > Has somebody an idea of what is wrong with my setup ? > Thanks, > > Mikael > > Depending on a line in policy file, here''s the result of a ping to my ipaq:> > a) with "fw all ACCEPT info" > # ping 192.168.0.10 > PING 192.168.0.10 (192.168.0.10): 56 data bytes > > --- 192.168.0.10 ping statistics --- > 15 packets transmitted, 0 packets received, 100% packet loss > > and in /var/log/shorewall/info.log : > > Apr 2 17:47:01 bregalad kernel: Shorewall:OUTPUT:ACCEPT:IN= OUT=eth0 > SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=10 DF > PROTO=ICMPTYPE=8 CODE=0 ID=35091 SEQ=2560 > > b) without "fw all ACCEPT info" > # ping 192.168.0.10 > PING 192.168.0.10 (192.168.0.10): 56 data bytes > ping: sendto: Operation not permitted > ping: wrote 192.168.0.10 64 chars, ret=-1 > > Apr 2 21:34:26 bregalad kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0 > SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF > PROTO=ICMP TYPE=8 CODE=0 ID=50773 SEQ=256 > > When I try to access a website from the ipaq, here''s the only output in > shorewall''s log (212.27.39.135 is a dns server) : > > Apr 2 21:38:06 bregalad kernel: Shorewall:bt2all:ACCEPT:IN=br0 OUT=eth1 > PHYSIN=bnep0 SRC=192.168.0.10 DST=212.27.39.135 LEN=61 TOS=0x00 PREC=0x00 > TTL=127 ID=11 PROTO=UDP SPT=1028 DPT=53 LEN=41 > > Here''s the result of some commands : > > # ip addr show > 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen1000> link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0 > inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link > valid_lft forever preferred_lft forever > 3: sit0: <NOARP> mtu 1480 qdisc noop > link/sit 0.0.0.0 brd 0.0.0.0 > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff > inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1 > inet6 fe80::260:4cff:fe0f:eafa/64 scope link > valid_lft forever preferred_lft forever > 32: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue > link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff > inet 192.168.0.1/24 brd 192.168.0.255 scope global br0 > inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link > valid_lft forever preferred_lft forever > > # ip route show > 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 > 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 > default via 81.57.228.254 dev eth1 > > > /etc/shorewall/policy : > > #SOURCE DEST POLICY LOG LEVELLIMIT:BURST> fw net ACCEPT > fw loc ACCEPT info > fw bt ACCEPT info > fw all ACCEPT info # without this one,ping> to my ipaq is rejected by the last rule of this file > loc all ACCEPT info > bt all ACCEPT info > net all DROP info > # The FOLLOWING POLICY MUST BE LAST > all all REJECT info > > /etc/shorewall/rules : > > ACCEPT net fw icmp 8 > AllowPing fw net icmp 8 > ACCEPT:warn net fw tcp 22 > ACCEPT net fw tcp 80,8088,5222 > ACCEPT net fw tcp 4661,4662 > ACCEPT fw bt icmp 8 > > /etc/shorewall/hosts : > loc br0:eth0 > bt br0:bnep0 > > /etc/shorewall/interfaces : > net eth1 detectnorfc1918,routefilter,dhcp,tcpflags> - br0 192.168.0.255 > > /etc/shorewall/masq : > eth1 192.168.0.0/24 > > some extract from /etc/shorewall/shorewall.conf : > BRIDGING=Yes > IP_FORWARDING=on > -- > Mikael > correct the spam protection on my mail adress >---------------------------------------------------------------------------- ----> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htmHey Mikael; Looks like you are missing an entry in the bridge file Under Bridges in your status file you only show eth0. In mine I have the following; BRIDGE_INTERFACE=br0 INTERFACES="eth0 eth1" How about yours? (You failed to show us above) DISCLAIMER: This message was sent from The-Techy.com.
See below... ----- Original Message ----- From: "Mikael Kermorgant" <kgt@free.fr> To: "Jeff" <jsoehner@the-techy.com>; "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, April 02, 2005 3:49 PM Subject: Re: [Shorewall-users] bluetooth nap and internet access problem Le Samedi 2 Avril 2005 22:10, Jeff a écrit :> Hey Mikael; > > Looks like you are missing an entry in the bridge file > > Under Bridges in your status file you only show eth0. > > In mine I have the following; > > BRIDGE_INTERFACE=br0 > INTERFACES="eth0 eth1" > > How about yours? (You failed to show us above)Thanks but I don''t have any specific bridge file. The hosts file has this : loc br0:eth0 bt br0:bnep0 And the interfaces has this : net eth1 detect norfc1918,routefilter,dhcp,tcpflags - br0 192.168.0.255 It''s possible my status file was done when bnep0 was down so I join a new one done when it is up. Regards, Mikael ---------------------------------- Hey Mikael; Ahhh, It''s there now so I would remove that IP address from eth0 as Tom suggested. Jeff DISCLAIMER: This message was sent from The-Techy.com.
Le Samedi 2 Avril 2005 22:03, Tom Eastep a écrit :> Mikael wrote: > > Here''s the result of some commands : > > # ip route show > > 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 > > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 > > 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 > > default via 81.57.228.254 dev eth1 > > > > > > > > /etc/shorewall/interfaces : > > net eth1 detect > > norfc1918,routefilter,dhcp,tcpflags - br0 192.168.0.255 > > Take the IP address off of eth0 -- a bridge port most *not* have an IP > address.Thanks for your answers ! I''ve tried but something must still be wrong. When I connect my ipaq, there''s some traffic but my ipaq receives nothing (see dhcp.log) Regards, Mikael Here''s what I got now : # ip address show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1 inet6 fe80::260:4cff:fe0f:eafa/64 scope link valid_lft forever preferred_lft forever 63: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global br0 inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link valid_lft forever preferred_lft forever bregalad:/etc/shorewall# ip route show 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 default via 81.57.228.254 dev eth1
Mikael wrote:> > Thanks for your answers ! > > I''ve tried but something must still be wrong. When I connect my ipaq, there''s > some traffic but my ipaq receives nothing (see dhcp.log)Mikael - What am I supposed to look at in the dhcp log? You cannot use Netfilter (Shorewall) to trace DHCP traffic because your DHCP server uses raw sockets that bypass Netfilter. a) Where is the DHCP server running? b) To which bridge port is the ipaq connected (I''m guessing eth0)? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
See below... ----- Original Message ----- From: "Mikael" <pub@grizzli.org> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, April 02, 2005 4:06 PM Subject: Re: [Shorewall-users] bluetooth nap and internet access problem Le Samedi 2 Avril 2005 22:03, Tom Eastep a écrit :> Mikael wrote: > > Here''s the result of some commands : > > # ip route show > > 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 > > 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2 > > 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 > > default via 81.57.228.254 dev eth1 > > > > > > > > /etc/shorewall/interfaces : > > net eth1 detect > > norfc1918,routefilter,dhcp,tcpflags - br0192.168.0.255> > Take the IP address off of eth0 -- a bridge port most *not* have an IP > address.Thanks for your answers ! I''ve tried but something must still be wrong. When I connect my ipaq, there''s some traffic but my ipaq receives nothing (see dhcp.log) Regards, Mikael Here''s what I got now : # ip address show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1 inet6 fe80::260:4cff:fe0f:eafa/64 scope link valid_lft forever preferred_lft forever 63: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/24 brd 192.168.0.255 scope global br0 inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link valid_lft forever preferred_lft forever bregalad:/etc/shorewall# ip route show 81.57.228.0/24 dev eth1 proto kernel scope link src 81.57.228.180 192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1 default via 81.57.228.254 dev eth1 ---------------------------------------------------------------------------- ----> _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htmMikael; Your shorewall configuration is fine. Are your suggesting that if you issue ''shorewall clear'' that your DHCP ack are being answered? If so by what machine then, your firewall or another machine on your LAN? If your firewall is running a dhcp server it would be helpful to show that log rather than a log of shorewall ACCEPT packets. This only shows us that your IPAQ is acking your Bluetooth interface. If you do not run a dhcp server on that firewall then I suggest that you look into the dhcrelay component of dhcp so it can relay dhcp acks to your eth0 interface. Jeff DISCLAIMER: This message was sent from The-Techy.com.
Jeff wrote:> > If you do not run a dhcp server on that firewall then I suggest that you > look into the dhcrelay component of dhcp so it can relay dhcp acks to your > eth0 interface. >I suspect that the the DHCP server and the IPAQ are both connected to bridged interfaces so thcrelay is not required. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Jeff" <jsoehner@the-techy.com>; "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, April 02, 2005 5:01 PM Subject: Re: [Shorewall-users] bluetooth nap and internet access problem> Jeff wrote: > > > > > If you do not run a dhcp server on that firewall then I suggest that you > > look into the dhcrelay component of dhcp so it can relay dhcp acks toyour> > eth0 interface. > > > > I suspect that the the DHCP server and the IPAQ are both connected to > bridged interfaces so thcrelay is not required. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >Hey Tom; I found that I had to use it like so ''/usr/sbin/dhcrelay -i br0 192.168.1.5'' with a linux machine using dhcp on one side trying to ack a W2K server running DHCP on the other side of the bridge. Jeff DISCLAIMER: This message was sent from The-Techy.com.
----- Original Message ----- From: "Jeff" <jsoehner@the-techy.com> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, April 02, 2005 5:06 PM Subject: Re: [Shorewall-users] bluetooth nap and internet access problem> > ----- Original Message ----- > From: "Tom Eastep" <teastep@shorewall.net> > To: "Jeff" <jsoehner@the-techy.com>; "Mailing List for Shorewall Users" > <shorewall-users@lists.shorewall.net> > Sent: Saturday, April 02, 2005 5:01 PM > Subject: Re: [Shorewall-users] bluetooth nap and internet access problem > > > > Jeff wrote: > > > > > > > > If you do not run a dhcp server on that firewall then I suggest thatyou> > > look into the dhcrelay component of dhcp so it can relay dhcp acks to > your > > > eth0 interface. > > > > > > > I suspect that the the DHCP server and the IPAQ are both connected to > > bridged interfaces so thcrelay is not required. > > > > -Tom > > -- > > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > > Shoreline, \ http://shorewall.net > > Washington USA \ teastep@shorewall.net > > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > > Hey Tom; > > I found that I had to use it like so ''/usr/sbin/dhcrelay -i br0192.168.1.5''> with a linux machine using dhcp on one side trying to ack a W2K server > running DHCP on the other side of the bridge. > > Jeff > > > > DISCLAIMER: > This message was sent from The-Techy.com. > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >Hey Tom; After further thought, I believe I needed this because I was using a Wireless AP (old Dlink AP1000) and a PrismII card on my Linux laptop. Without it I would just get a timeout and had to use a static IP but everything else worked. FYI Jeff DISCLAIMER: This message was sent from The-Techy.com.
Le Dimanche 3 Avril 2005 00:01, Tom Eastep a écrit :> Jeff wrote: > > If you do not run a dhcp server on that firewall then I suggest that you > > look into the dhcrelay component of dhcp so it can relay dhcp acks to > > your eth0 interface. > > I suspect that the the DHCP server and the IPAQ are both connected to > bridged interfaces so thcrelay is not required. > > -TomThanks and sorry for last message, I was a bit hurried. Here are some clarifications about my network configuration - I run indeed a dhcp server on the firewall. - dhcpd listens on interface br0 - br0 is a bridge for eth0 and bnep0 - eth0 is for my ethernet card, bnep0 for my bluetooth usb key, eth1 is for my adsl connection - the ipaq is connected to bnep0 Here''s the conf for these interfaces : ------- auto eth0 iface eth0 inet static pre-up modprobe ne2k-pci address 192.168.0.2 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 auto br0 iface br0 inet manual up echo "Adding ethernet bridge between LAN and PAN" up ifconfig eth0 0.0.0.0 up brctl addbr br0 up brctl setfd br0 0 up brctl stp br0 off up brctl addif br0 eth0 up ifconfig br0 192.168.0.1 netmask 255.255.255.0 up down echo "Removing ethernet bridge between LAN and PAN" down ifconfig br0 down down brctl delif br0 eth0 down brctl delbr br0 --------- And the conf of the dhcp server : ------ authoritative; default-lease-time 3600; max-lease-time 86400; subnet 192.168.0.0 netmask 255.255.255.0 { option domain-name "bluetooth"; option domain-name-servers 212.27.39.135; option routers 192.168.0.1; option subnet-mask 255.255.255.0; range 192.168.0.10 192.168.0.100; } ------- Regards, -- Mikael