[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface



David Huecking wrote:
> Now I added a wireless-card for the router also acting as a wireless 
> access-point:
> - ath0 is interface of wireless-card running in hostap-mode
> Then I build a bridge-interface from eth0 and ath0 and gave it the former IP 
> of eth0. 
> - br0 bridge made of ath0 and eth0
> Routing from the wired and wireless clients to the internet works like a 
> charm. 
> What does not work ist bridging from physical interface eth0 to ath0 so that I 
> can reach my server attached to the LAN-switch from my wireless notebook. I 
> get logging-entries like that:
> SFW2-FWDint-DROP-DEFLT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=ath0 
> SRC=192.168.42.6 DST=192.168.42.2
> 
> Could anybody tell me what to write into /etc/sysconfig/SUSEFirewall2 or 
> in /etc/sysconfig/scripts/SuSEfirewall2-custom to accept packets crossing my 
> bridge.

I don't have such a setup myself so I can't help you here. I
wouldn't use bridging with the LAN though. With newer SuSEfirewall2
you can define a new zone for the WLAN and then use normal routing
for WLAN-Inet and WLAN-LAN. You can also abuse the DMZ rules for
that purpose if you don't have a real DMZ.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here