[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface



Hi!

I had set up a router as follows:
- eth1/ ppp0 is external interface to a DSL-modem to the internet
- eth0 is a ethernet-interface to internal net/ switch
=> everything was fine. SuSEFirewall2 set up the routing to and from the 
internet for the internal clients and provided some protection from the 
internet.

Now I added a wireless-card for the router also acting as a wireless 
access-point:
- ath0 is interface of wireless-card running in hostap-mode
Then I build a bridge-interface from eth0 and ath0 and gave it the former IP 
of eth0. 
- br0 bridge made of ath0 and eth0
Routing from the wired and wireless clients to the internet works like a 
charm. 
What does not work ist bridging from physical interface eth0 to ath0 so that I 
can reach my server attached to the LAN-switch from my wireless notebook. I 
get logging-entries like that:
SFW2-FWDint-DROP-DEFLT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=ath0 
SRC=192.168.42.6 DST=192.168.42.2

Could anybody tell me what to write into /etc/sysconfig/SUSEFirewall2 or 
in /etc/sysconfig/scripts/SuSEfirewall2-custom to accept packets crossing my 
bridge.

Bridge was set up like that:
brctl addbr br0
brctl addif br0 ath0
brctl addif br0 eth0
ifconfig ath0 0.0.0.0
ifconfig eth0 0.0.0.0
ifconfig br0 192.168.42.5


Thanks in advance for any tips.

-- 
Eat, sleep and go running,
David Hücking.

Encrypted eMail welcome! 
GnuPG/ PGP-Key: 0x57809216. Fingerprint: 
3DF2 CBE0 DFAA 4164 02C2  4E2A E005 8DF7 5780 9216

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here