On 1/18/07, Carla Schroder <carla at bratgrrl.com> wrote: > hey all, > > I searched the archives and the site and didn't find an answer, so if I missed > something I'll gladly take pointers to any good help pages. > > I want to build a combination wireless access point/iptables firewall/router > for my home LAN, like this: > > dsl modem - router/WAP - switch - LAN > > I have Pyramid Linux on a PC Engines WRAP board. The board has an Atheros > tri-mode wireless card, and two wired Ethernet ports in use. The configs are > like this: > > LAN IP = 192.168.1.25 > br0 = ath0 bridged to eth0 > > WAN IP = 22.33.44.55 > eth1 > > When my iptables firewall is up, all hosts have Internet and can ping the > router. But wired hosts cannot ping wireless hosts, or the reverse. With the > firewall turned off, the bridge works perfectly and all LAN hosts see each > other. > > I've tried running my iptables rules one at a time, and the showstopper is the > forwarding chain. I like to use a default policy of FORWARD DROP, then write > accept rules as needed. But nothing I have tried works here, and it's not > like my iptables-fu is all that mighty anyway. > > Should I be looking at ebtables, or can I do this in iptables? Or what? > Did do check physdev iptables module? Regards, Abel
