[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
Date: Mon, 21 Nov 2005 10:51:09 +0100
Delivered-to: mailing list suse-security@xxxxxxxx
In-reply-to: <200511201533.19409.d.huecking@xxxxxxx>
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mail-followup-to: suse-security@xxxxxxxx
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <200511201533.19409.d.huecking@xxxxxxx>
User-agent: Mutt/1.5.9i

David Huecking wrote:
> Now I added a wireless-card for the router also acting as a wireless 
> access-point:
> - ath0 is interface of wireless-card running in hostap-mode
> Then I build a bridge-interface from eth0 and ath0 and gave it the former IP 
> of eth0. 
> - br0 bridge made of ath0 and eth0
> Routing from the wired and wireless clients to the internet works like a 
> charm. 
> What does not work ist bridging from physical interface eth0 to ath0 so that I 
> can reach my server attached to the LAN-switch from my wireless notebook. I 
> get logging-entries like that:
> SFW2-FWDint-DROP-DEFLT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=ath0 
> SRC=192.168.42.6 DST=192.168.42.2
> 
> Could anybody tell me what to write into /etc/sysconfig/SUSEFirewall2 or 
> in /etc/sysconfig/scripts/SuSEfirewall2-custom to accept packets crossing my 
> bridge.

I don't have such a setup myself so I can't help you here. I
wouldn't use bridging with the LAN though. With newer SuSEfirewall2
you can define a new zone for the WLAN and then use normal routing
for WLAN-Inet and WLAN-LAN. You can also abuse the DMZ rules for
that purpose if you don't have a real DMZ.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX Products GmbH, Development
 V_/_  http://www.suse.de/

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
  - From: David Huecking
- Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface (solved)
  - From: David Huecking

References:
- [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
  - From: David Huecking

Prev by Date: Re: [suse-security] How do I encypt the swap (partition[s]) under SuSE 9.3 Prof ?
Next by Date: [suse-security] SlightlyOT: [was] How do I encrypt the swap (partition[s]) under SuSE 9.3 Prof ?
Previous by thread: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
Next by thread: Re: [suse-security] How to make SuSEfirewall2 accept packets passing bridge-interface
Index(es):
- Date
- Thread