[Shorewall-users] bluetooth nap and internet access problem

Jeff jsoehner at the-techy.com
Sat Apr 2 12:10:39 PST 2005


See below...
----- Original Message ----- 
From: "Mikael" <pub at grizzli.org>
To: <shorewall-users at lists.shorewall.net>
Sent: Saturday, April 02, 2005 2:43 PM
Subject: [Shorewall-users] bluetooth nap and internet access problem


> Hello,
>
> I'm trying to configure my desktop as a bluetooth network access point for
my
> ipaq (as explained in http://www.stolk.org/debian/bluetooth.html).
>
> I'm running shorewall version 2.2.1 on debian testing with a local network
via
> eth0 and internet access via eth1. I've created a bridge br0 for eth0 and
> bnep0 and activated bridging in shorewall. dhcpd is listening on br0.
>
> Has somebody an idea of what is wrong with my setup ?
> Thanks,
>
> Mikael
>
> Depending on a line in policy file, here's the result of a ping to my ipaq
:
>
> a) with "fw              all             ACCEPT          info"
>   # ping 192.168.0.10
>   PING 192.168.0.10 (192.168.0.10): 56 data bytes
>
>   --- 192.168.0.10 ping statistics ---
>   15 packets transmitted, 0 packets received, 100% packet loss
>
> and in /var/log/shorewall/info.log :
>
> Apr  2 17:47:01 bregalad kernel: Shorewall:OUTPUT:ACCEPT:IN= OUT=eth0
> SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=10 DF
> PROTO=ICMPTYPE=8 CODE=0 ID=35091 SEQ=2560
>
> b) without "fw              all             ACCEPT          info"
>   # ping 192.168.0.10
>   PING 192.168.0.10 (192.168.0.10): 56 data bytes
>   ping: sendto: Operation not permitted
>   ping: wrote 192.168.0.10 64 chars, ret=-1
>
> Apr  2 21:34:26 bregalad kernel: Shorewall:OUTPUT:REJECT:IN= OUT=eth0
> SRC=192.168.0.2 DST=192.168.0.10 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=1 DF
> PROTO=ICMP TYPE=8 CODE=0 ID=50773 SEQ=256
>
> When I try to access a website from the ipaq, here's the only output in
> shorewall's log (212.27.39.135 is a dns server) :
>
> Apr  2 21:38:06 bregalad kernel: Shorewall:bt2all:ACCEPT:IN=br0 OUT=eth1
> PHYSIN=bnep0 SRC=192.168.0.10 DST=212.27.39.135 LEN=61 TOS=0x00 PREC=0x00
> TTL=127 ID=11 PROTO=UDP SPT=1028 DPT=53 LEN=41
>
> Here's the result of some commands :
>
> # ip addr show
> 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
>     link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
>     inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link
>        valid_lft forever preferred_lft forever
> 3: sit0: <NOARP> mtu 1480 qdisc noop
>     link/sit 0.0.0.0 brd 0.0.0.0
> 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
>     link/ether 00:60:4c:0f:ea:fa brd ff:ff:ff:ff:ff:ff
>     inet 81.57.228.180/24 brd 81.57.228.255 scope global eth1
>     inet6 fe80::260:4cff:fe0f:eafa/64 scope link
>        valid_lft forever preferred_lft forever
> 32: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>     link/ether 00:d0:b7:15:59:b6 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.0.1/24 brd 192.168.0.255 scope global br0
>     inet6 fe80::2d0:b7ff:fe15:59b6/64 scope link
>        valid_lft forever preferred_lft forever
>
> # ip route show
> 81.57.228.0/24 dev eth1  proto kernel  scope link  src 81.57.228.180
> 192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.2
> 192.168.0.0/24 dev br0  proto kernel  scope link  src 192.168.0.1
> default via 81.57.228.254 dev eth1
>
>
>  /etc/shorewall/policy  :
>
> #SOURCE         DEST            POLICY          LOG LEVEL
LIMIT:BURST
> fw              net             ACCEPT
> fw              loc             ACCEPT          info
> fw              bt              ACCEPT          info
> fw              all             ACCEPT          info  # without this one,
ping
> to my ipaq is rejected by the last rule of this file
> loc             all             ACCEPT          info
> bt              all             ACCEPT          info
> net             all             DROP            info
> # The FOLLOWING POLICY MUST BE LAST
> all             all             REJECT          info
>
> /etc/shorewall/rules :
>
> ACCEPT          net     fw      icmp    8
> AllowPing       fw      net     icmp    8
> ACCEPT:warn     net     fw      tcp     22
> ACCEPT          net     fw      tcp     80,8088,5222
> ACCEPT          net     fw      tcp     4661,4662
> ACCEPT          fw      bt      icmp    8
>
> /etc/shorewall/hosts :
> loc             br0:eth0
> bt              br0:bnep0
>
> /etc/shorewall/interfaces :
> net     eth1            detect
norfc1918,routefilter,dhcp,tcpflags
> -       br0             192.168.0.255
>
> /etc/shorewall/masq :
> eth1    192.168.0.0/24
>
> some extract from /etc/shorewall/shorewall.conf :
> BRIDGING=Yes
> IP_FORWARDING=on
> -- 
> Mikael
> correct the spam protection on my mail adress
>


----------------------------------------------------------------------------
----


> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users at lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

Hey Mikael;

Looks like you are missing an entry in the bridge file

Under Bridges in your status file you only show eth0.

In mine I have the following;

BRIDGE_INTERFACE=br0
INTERFACES="eth0 eth1"

How about yours? (You failed to show us above)



DISCLAIMER:
This message was sent from The-Techy.com.


More information about the Shorewall-users mailing list