Jim Dancer wrote:
> Brent Gardner wrote:
>> Jim Dancer wrote:
>>> Does any one know how to get Bridge = Yes to work in Bearing LEAF.
>>>
>>> I am using the version 3.1 of the Bearing uClibc and am getting an
>>> error message about a physdev mismatch whenever I set bridge=yes in
>>> Shorewall.
>>>
>>> I see there is a workaround posted on the shorewall site for this
>>> problem but it seems kind of clumsy and I was just wondering if
>>> there is a way to correct it in LEAF.
>>>
>>> I am building a simple Wireless Access Point using madwifi drivers
>>> and hostapd and would like to use shorewall to control traffic on
>>> the bridge.
>>>
>>>
>>> Thanks in advance for any help with this issue -
>>>
>>> Jim D.
>>>
>> Are you loading the bridge.lrp package? I think you also have to
>> load a bridge.o module. That's how one of my systems is set up,
>> although it's not wireless.
>>
>> Brent Gardner
>>
>>
> Brent -
>
> Yes, I have the bridge stuff loaded and it works fine as a simple
> bridge for wireless users. The problem is that I want to use Shorewall
> to control traffic on the bridge and it gives the error that I mentioned.
>
> From what I have been able to find out there are some kernel options
> which have to be set in order to make Shorewall work properly on a
> bridge and it seems that these options are not enabled in LEAF.
>
> Do you have Shorewall working with a Bridge=Yes in the configuration?
> What version of LEAF are you using?
>
> Jim D.
>
>
Jim-
I'm using Bering uClibc v3.0 Beta2.
Tom spoke of issues with the 2.6.20 kernels. This is still a 2.4 kernel.
Do you load the ipt_physdev module?
For the sake of completeness in the list archive I'm going to detail all
the bridge-related details on this machine:
On my boot media, in leaf.cfg, the LRP= statement includes the bridge
package.
My /etc/modules file includes these modules as well as many others:
bridge
ipt_physdev
My /etc/network/interfaces file includes these statements:
# Loopback interface.
auto lo
iface lo inet loopback
# bridge
#
auto br0
iface br0 inet static
address <a public IP address>
netmask <an appropriate netmask>
broadcast <an appropriate broadcast address>
bridge_ports eth0 eth1
I put an IP address on the bridge so I can remotely manage the machine.
My /etc/shorewall/shorewall.conf file includes: BRIDGING=Yes
/etc/shorewall/zones:
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
loc ipv4
net ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
- br0 <the same broadcast address that's listed in
/etc/network/interfaces>
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/hosts:
#ZONE HOST(S) OPTIONS
loc br0:eth1
net br0:eth0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
With these settings in place I'm able to do things like this in the
/etc/shorewall/rules file:
ACCEPT net loc:<the IP address of a machine behind the LEAF
box> tcp 80
Hope this helps.
Brent Gardner
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
