hey all, I searched the archives and the site and didn't find an answer, so if I missed something I'll gladly take pointers to any good help pages. I want to build a combination wireless access point/iptables firewall/router for my home LAN, like this: dsl modem - router/WAP - switch - LAN I have Pyramid Linux on a PC Engines WRAP board. The board has an Atheros tri-mode wireless card, and two wired Ethernet ports in use. The configs are like this: LAN IP = 192.168.1.25 br0 = ath0 bridged to eth0 WAN IP = 22.33.44.55 eth1 When my iptables firewall is up, all hosts have Internet and can ping the router. But wired hosts cannot ping wireless hosts, or the reverse. With the firewall turned off, the bridge works perfectly and all LAN hosts see each other. I've tried running my iptables rules one at a time, and the showstopper is the forwarding chain. I like to use a default policy of FORWARD DROP, then write accept rules as needed. But nothing I have tried works here, and it's not like my iptables-fu is all that mighty anyway. Should I be looking at ebtables, or can I do this in iptables? Or what? thanks in advance. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Carla Schroder Linux geek and random computer tamer check out my Linux Cookbook! http://www.oreilly.com/catalog/linuxckbk/ best book for sysadmins and power users ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
