Well, I just can't get this to work.
For this simpleset scenario I can envision:
net (ISP-assigned IP = XX.XX.XX.XX)
| ( eth 0 )
router
|
|- ( eth1, static IP addr: 10.0.0.1 )
| -- wired LAN, all static IPs in 10.0.0.50-100
|
|- ( wlan1, static IP addr: 10.0.0.2 )
-- AccessPoint SSID provided by hostapd
-- wireless LAN, all dhcpd-assigned IPs in 10.0.0.150-200
In shorewall config
zones
fw firewall
net ipv4
lan ipv4
hosts
lan INTIF:10.0.0.0/24 broadcast
interfaces
net EXTIF
optional,physical=eth0,dhcp,tcpflags,nosmurfs,logmartians=1,routefilter=1,sourceroute=0
lan WIFIUIF
optional,physical=wlan1,dhcp,tcpflags,logmartians=1,routefilter=0
- INTIF
physical=eth1,dhcp,tcpflags,logmartians=1,routefilter=0
snat
SNAT(XX.XX.XX.XX) 10.0.0.0/24 EXTIF
With this config
ALL my wired clients have access to the NET
ALL my wireless clients
-- are logged in
-- have IPs assigned in the 'lan'
NONE of my wireless clients can access the net
Do I need to manually add a static route somewhere ?
DT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
