Hello,
I have a Dreamplug computer with 2 ethernet interfaces(eth0,eth1) and a
wifi interface(uap0).
I have it configured so that eth1 is the outbound interface (internet) and
eth0 & uap0 are bridged to create a wired/wireless LAN (bridge is called
wifi-dream).
Anything connected to wifi-dream can also access the internet through eth1.
I am multicasting some video on the LAN but I would like this traffic to
only be available on the wired part of the network (eth1) and not also the
wifi part (uap0) as is currently the case.
This is my first experience with shorewall and I followed the instructions
at http://blog.bertelsen.co/2011/06/setting-up-guruplug-as-router-with.html to
get started.
Can you help please?
Shorewall version: 4.4.11.6 on Linux debian 2.6.38.8 #7 PREEMPT Sat Jun 25
18:13:16 MDT 2011 armv5tel GNU/Linux
output from ip addr show:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
link/ether f0:ad:4e:00:b1:68 brd ff:ff:ff:ff:ff:ff
inet6 fe80::f2ad:4eff:fe00:b168/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
1000
link/ether f0:ad:4e:00:b1:69 brd ff:ff:ff:ff:ff:ff
inet 10.42.243.90/23 brd 10.42.243.255 scope global eth1
inet6 fe80::f2ad:4eff:fe00:b169/64 scope link
valid_lft forever preferred_lft forever
4: uap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 00:24:23:45:06:6e brd ff:ff:ff:ff:ff:ff
inet6 fe80::224:23ff:fe45:66e/64 scope link
valid_lft forever preferred_lft forever
5: wifi-dream: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 00:24:23:45:06:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.5.1/24 brd 192.168.5.255 scope global wifi-dream
inet6 fe80::224:23ff:fe45:66e/64 scope link
valid_lft forever preferred_lft forever
6: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 4e:81:bb:2e:5e:70 brd ff:ff:ff:ff:ff:ff
root@debian:/etc/shorewall# ip route show
192.168.5.0/24 dev wifi-dream proto kernel scope link src 192.168.5.1
10.42.242.0/23 dev eth1 proto kernel scope link src 10.42.243.90
224.0.0.0/4 dev wifi-dream scope link
default via 10.42.243.111 dev eth1
root@debian:/etc/shorewall# cat interfaces
loc wifi-dream 192.168.5.255 routeback
net eth1 detect dhcp
root@debian:/etc/shorewall# cat masq
eth1 wifi-dream
root@debian:/etc/shorewall# cat policy
fw all ACCEPT
loc all ACCEPT
net all DROP info
all all REJECT info
root@debian:/etc/shorewall# cat routestopped
wifi-dream
root@debian:/etc/shorewall# cat rules
ACCEPT all all tcp
ACCEPT all all udp
ACCEPT all all udp 123 123
ACCEPT all all tcp 80
ACCEPT all all tcp 8080
ACCEPT all all tcp 21
ACCEPT all all tcp 22
ACCEPT all all tcp 25
ACCEPT all all tcp 4212
ACCEPT all all udp 1234 1234
root@debian:/etc/shorewall# cat zones
net ipv4
loc ipv4
fw firewall
The only mods to the default shorewall.conf are:
IP_FORWARDING=On
MULTICAST=Yes
--
Kind regards,
Darragh
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
