[Techtalk] problem with wireless/LAN router- solved
Carla Schroder
carla at bratgrrl.com
Thu Jan 18 17:23:40 UTC 2007
On Wednesday 17 January 2007 11:52, Kai MacTane wrote:
> At 09:05 AM 1/17/2007, Carla Schroder wrote:
> >iptables has these rules:
> >
> >#Enable unrestricted outgoing traffic, incoming
> >#is restricted to locally-initiated sessions only
> >$ipt -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> >$ipt -A FORWARD -i $WAN_IFACE -o $LAN_IFACE -m state --state
> >ESTABLISHED,RELATED -j ACCEPT
> >$ipt -A FORWARD -i $LAN_IFACE -o $WAN_IFACE -m state --state
> >NEW,ESTABLISHED,RELATED -j ACCEPT
>
> I see rules that allow LAN > WAN communication, and WAN > LAN if the
> state is right, but nothing for LAN > LAN. Is that the problem?
>
> --Kai MacTane
You were closer than you knew, grasshopper. Combining bridging with iptables
requires some special handling. My default policies are INPUT DROP and
FORWARD DROP, so I need rules to allow traffic to flow both ways over the
bridge:
$ipt -A INPUT -i br0 -j ACCEPT
$ipt -A FORWARD -i br0 -j ACCEPT
Adding source addresses wouldn't hurt, as a precaution against stray bits from
wrong networks.
The other way is don't combine iptables and bridging :)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Carla Schroder
Linux geek and random computer tamer
check out my Linux Cookbook!
http://www.oreilly.com/catalog/linuxckbk/
best book for sysadmins and power users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More information about the Techtalk
mailing list