## CURRENT SETUP:
Internet -> Modem -> Wired Router (192.168.1.1) -> Switches & Wired Clients (192.168.1.xxx)
One of these clients if configured as a network bridge:
Internet -> Modem -> Wired Router (192.168.1.1) -> Switch -(eth0)-> Bridge br0 (192.168.1.2) -(wlan0)-> Wireless Router (192.168.1.3)
I'm trying to test connectivity of the other wired clients to the wireless router in preparation for the folowing setup:
Internet -> Modem -> Wireless Router (192.168.1.1) -(wlan0)-> Bridge(br0) -(eth0)-> Switch -> Wired Clients
I want the wired clients to be able to access the wireless router and the bridge to update configuration and be able to use the internet connection normally. I am trying to configure shorewall firewall on the bridge (with the other wired clients on the local side) but am having some trouble. I also installed webmin for more options but I'm not really using it (in my rules config, the port 10000 rule is for webmin). Here is my information:
## PROBLEMS:
When the firewall is started, I can't access the wireless router (192.168.1.3) from a wired client or the bridge. The wired client can access the wired router (192.168.1.1) but the bridge can not.
When the firewall is stopped, I can access the wireless router (192.168.1.3) from the bridge only, and the wired router (192.168.1.1) from both
When the firewall is cleared, I have the same results as stopped.
I can access the bridge via SSH and webmin at all times.
(everything below this point is with shorewall running)
## BRIDGE CONFIGURATION:
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 wlan0
ifconfig br0 192.168.1.2 netmask 255.255.255.0 up
> brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000f66796da8 no eth0
wlan0
> brctl showmacs br0
port no mac addr is local? ageing timer
1 00:04:5a:fe:ba:93 no 172.57
2 00:06:25:f8:2b:8c no 182.37
1 00:08:74:3f:ef:9e no 0.00
2 00:0f:66:79:6d:a8 yes 0.00
1 00:14:2a:33:42:23 no 240.57
1 00:14:85:68:f2:cf no 211.32
1 00:90:27:ea:d6:c5 yes 0.00
## NETWORK INTERFACE CONFIGURATIONS:
Wired Cleint:
> ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:08:74:3F:EF:9E
inet addr:192.168.1.22 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:449294 errors:0 dropped:0 overruns:0 frame:0
TX packets:214204 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:179489564 (171.1 Mb) TX bytes:28032657 (26.7 Mb)
Interrupt:11 Base address:0x2c00
Bridge:
> ifconfig
br0 Link encap:Ethernet HWaddr 00:0F:66:79:6D:A8
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:66ff:fe79:6da8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:303194 errors:0 dropped:0 overruns:0 frame:0
TX packets:296933 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31468158 (30.0 Mb) TX bytes:27508056 (26.2 Mb)
eth0 Link encap:Ethernet HWaddr 00:90:27:EA:D6:C5
inet6 addr: fe80::290:27ff:feea:d6c5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15730 errors:0 dropped:0 overruns:0 frame:0
TX packets:11379 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1601281 (1.5 Mb) TX bytes:4313340 (4.1 Mb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2035 errors:0 dropped:0 overruns:0 frame:0
TX packets:2035 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:159484 (155.7 Kb) TX bytes:159484 (155.7 Kb)
wlan0 Link encap:Ethernet HWaddr 00:0F:66:79:6D:A8
inet6 addr: fe80::20f:66ff:fe79:6da8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:287528 errors:0 dropped:0 overruns:0 frame:0
TX packets:290287 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34115885 (32.5 Mb) TX bytes:23590834 (22.4 Mb)
## SHOREWALL CONFIGURATION:
/etc/shorewall/zones
###############################################################################
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
net ipv4
loc ipv4
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/interfaces
###############################################################################
#ZONE INTERFACE BROADCAST OPTIONS
- br0 192.168.1.255
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/policy
###############################################################################
#SOURCE DEST POLICY LOG LIMIT:BURST
# LEVEL
loc net ACCEPT
net all DROP info
all all REJECT info
#LAST LINE -- DO NOT REMOVE
/etc/shorewall/rules
#############################################################################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
ACCEPT loc all+ tcp 22 - -
ACCEPT loc all+ tcp 10000 - -
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/routestopped
###############################################################################
#INTERFACE HOST(S) OPTIONS
br0 192.168.1.0/24 routeback
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/hosts
###############################################################################
#ZONE HOST(S) OPTIONS
net br0:wlan0 blacklist,tcpflags,norfc1918,nosmurfs
loc br0:eth0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE