Brent Gardner wrote: > Jim Dancer wrote: > >> Brent Gardner wrote: >> >>> Jim Dancer wrote: >>> >>>> Does any one know how to get Bridge = Yes to work in Bearing LEAF. >>>> >>>> I am using the version 3.1 of the Bearing uClibc and am getting an >>>> error message about a physdev mismatch whenever I set bridge=yes in >>>> Shorewall. >>>> >>>> I see there is a workaround posted on the shorewall site for this >>>> problem but it seems kind of clumsy and I was just wondering if >>>> there is a way to correct it in LEAF. >>>> >>>> I am building a simple Wireless Access Point using madwifi drivers >>>> and hostapd and would like to use shorewall to control traffic on >>>> the bridge. >>>> >>>> >>>> Thanks in advance for any help with this issue - >>>> >>>> Jim D. >>>> >>>> >>> Are you loading the bridge.lrp package? I think you also have to >>> load a bridge.o module. That's how one of my systems is set up, >>> although it's not wireless. >>> >>> Brent Gardner >>> >>> >>> >> Brent - >> >> Yes, I have the bridge stuff loaded and it works fine as a simple >> bridge for wireless users. The problem is that I want to use Shorewall >> to control traffic on the bridge and it gives the error that I mentioned. >> >> From what I have been able to find out there are some kernel options >> which have to be set in order to make Shorewall work properly on a >> bridge and it seems that these options are not enabled in LEAF. >> >> Do you have Shorewall working with a Bridge=Yes in the configuration? >> What version of LEAF are you using? >> >> Jim D. >> >> >> > Jim- > > I'm using Bering uClibc v3.0 Beta2. > > Tom spoke of issues with the 2.6.20 kernels. This is still a 2.4 kernel. > > Do you load the ipt_physdev module? > > For the sake of completeness in the list archive I'm going to detail all > the bridge-related details on this machine: > > > On my boot media, in leaf.cfg, the LRP= statement includes the bridge > package. > > > My /etc/modules file includes these modules as well as many others: > > bridge > ipt_physdev > > > My /etc/network/interfaces file includes these statements: > > # Loopback interface. > auto lo > iface lo inet loopback > > # bridge > # > auto br0 > iface br0 inet static > address <a public IP address> > netmask <an appropriate netmask> > broadcast <an appropriate broadcast address> > bridge_ports eth0 eth1 > > I put an IP address on the bridge so I can remotely manage the machine. > > > My /etc/shorewall/shorewall.conf file includes: BRIDGING=Yes > > > /etc/shorewall/zones: > > #ZONE TYPE OPTIONS IN OUT > # OPTIONS OPTIONS > fw firewall > loc ipv4 > net ipv4 > #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE > > > /etc/shorewall/interfaces: > > #ZONE INTERFACE BROADCAST OPTIONS > - br0 <the same broadcast address that's listed in > /etc/network/interfaces> > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE > > > /etc/shorewall/hosts: > > #ZONE HOST(S) OPTIONS > loc br0:eth1 > net br0:eth0 > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE > > > With these settings in place I'm able to do things like this in the > /etc/shorewall/rules file: > > ACCEPT net loc:<the IP address of a machine behind the LEAF > box> tcp 80 > > > Hope this helps. > > > Brent Gardner > > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > Brent -
Thanks so much for your help - The ipt_physdev was the missing element needed to get SHOREWALL working correctly in the bridge=yes configuration. Sincerely Jim Dancer ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
