[Shorewall-users] Bridging, iptables problem

Ralf Schenk rs at aix.de
Sun Apr 11 10:18:14 PDT 2004


Hello !

I use the new bridging code with my setup. I have defined a bridge 
(wlanbr) between my local net (eth0) and my hostap-driven Prism Card 
(wlan0). I'm using iptables 1.2.8, Kernel 2.6.5, bridging activated, no 
ebtables modules loaded, ipt_physdev loaded. What's wrong with this setup ?

Do I need a newer version of iptables ?

/etc/shorewall/interfaces:
net     ppp0            -     norfc1918,tcpflags,blacklist,nosmurfs
-       wlanbr          192.168.100.255

/etc/shorewall/hosts:
loc             wlanbr:eth0
wlan            wlanbr:wlan0

/etc/shorewall/policy:
loc             net             ACCEPT
loc             $FW             ACCEPT
gw              gw              ACCEPT
gw              loc             ACCEPT
loc             gw              ACCEPT
gw              $FW             ACCEPT
$FW             gw              ACCEPT
net             all             DROP            info
#
# THE FOLLOWING POLICY MUST BE LAST
#
all             all             REJECT          info

/etc/shorewall/rules removed for this test

My loaded modules lsmod | grep ip*:
ip6table_filter         2496  0
ip6_tables             18384  1 ip6table_filter
ipt_TOS                 2304  0
ipt_MASQUERADE          3712  0
ipt_REJECT              6912  0
ipt_pkttype             1536  0
ipt_LOG                 5568  0
ipt_limit               2240  0
ipt_TCPMSS              4224  0
ipt_state               1728  2
ipt_physdev             2000  0
ip_nat_irc              3952  0
ip_nat_tftp             3248  0
ip_nat_ftp              4720  0
ip_conntrack_irc       71156  1 ip_nat_irc
ip_conntrack_tftp       3412  0
ip_conntrack_ftp       71924  1 ip_nat_ftp
ipt_multiport           1920  0
ipt_conntrack           2304  0
iptable_filter          2688  1
iptable_mangle          2752  0
iptable_nat            22764  4 
ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp
ip_conntrack           32240  10 
ipt_MASQUERADE,ipt_state,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp,ipt_conntrack,iptable_nat
ip_tables              17152  14 
ipt_TOS,ipt_MASQUERADE,ipt_REJECT,ipt_pkttype,ipt_LOG,ipt_limit,ipt_TCPMSS,ipt_state,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_filter,iptable_mangle,iptable_nat

Output from shorewall debug start:
-----
++ echo ppp0_fwd
+ chain1=ppp0_fwd
+ interface1=wlanbr
+ networks1=eth0
+ '[' ppp0:0.0.0.0/0 '!=' wlanbr:eth0 ']'
++ match_source_hosts 0.0.0.0/0
++ '[' -n '' ']'
++ echo -s 0.0.0.0/0
++ match_dest_hosts eth0
++ '[' -n '' ']'
++ echo -d eth0
+ run_iptables -A ppp0_fwd -s 0.0.0.0/0 -o wlanbr -d eth0 -j net2loc
+ '[' -n '' ']'
+ iptables -A ppp0_fwd -s 0.0.0.0/0 -o wlanbr -d eth0 -j net2loc
iptables v1.2.8: host/network `eth0' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' -z '' ']'
+ stop_firewall

By
Ralf Schenk


More information about the Shorewall-users mailing list