On Sat, 13 Jul 2002 23:11:56 -0700 "Brock Nanson" <[EMAIL PROTECTED]> wrote:
> I've been playing with an Orinoco access point tonight, attempting to > add an additional private IP subnet to my Bering RC2 box. The AP is > essentially a router, allowing traffic from the wireless network of > 192.168.200.0 to pass to the 192.168.1.0 network which is my internal > wired LAN as far as the Bering box is concerned. > > I've tweaked shorewall to allow traffic back and forth from this > wireless network to my DMZ, internet etc. It all seems to work, except > that I am so far forced to manually add a route to Bering after boot to > tell it where to look for the router to the wireless network. Is this > something that Shorewall should take care of, or do I need to enter this > information somewhere else? So far I haven't stumbled on any obvious > places... Okay, let me make sure I'm following you correctly. If so, this is identical to the setup I had back when we were testing ipsec on rc2. You have a router, with one interface hooked up to a wired lan (lets say for arguments sake 192.168.1.1) and another hooked via hub or crossover to a wireless AP server network 192.168.200.0. This interface is, again for the sake of argument, 192.168.200.1. The AP will also have an ip address, but really unused except for management. >From there, if there is access to the internet, there would be another interface hooked up to that, with an external ip address. Or you could be like me, where you just route everything to your wired lan and you have another router on that network which handles your internet traffic. In order for the machines on the wired lan _not_ to each need a static route to the wireless lan, this other router would need a static route back to the wireless lan, using 192.168.1.1 as the gateway address for the 192.168.200.0/24 network. As far as I know, and Mr. Eastep can correct me if I'm wrong, Shorewall doesn't usually need to set up routes (and maybe can't?). That is done by the regular networking scripts when the interfaces are set up. This process is controlled by /etc/network/interfaces. You will probably have lines like: auto eth0 iface eth0 inet static address 192.168.1.1 netmask 255.255.255.0 auto eth1 iface eth1 inet static address 192.168.200.1 netmask 255.255.255.0 These lines should set up routes like this: # ip route 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.1 So, short answer, you shouldn't have to do anything, assuming my incredibly verbosely stated assumptions are true! -- ------------------------------------------------------------------------ Chad Carr [EMAIL PROTECTED] ------------------------------------------------------------------------ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html