Mailinglist Archive: opensuse (3996 mails)
| < Previous | Next > |
SuSEFirewall2 & Wireless Network Masquerading
- From: Grant Limberg <glimberg@xxxxxxxxx>
- Date: Wed, 15 Sep 2004 19:13:40 -0400
- Message-id: <848adeb204091516133d4b879e@xxxxxxxxxxxxxx>
I've got HostAP running on my wireless card. My laptop can associate
to the network, get an IP address from dhcpd, can ping the the desktop
machine running as the AP, and can resolve hostnames from the DNS
server running on the desktop machine. Unfortunately it seems like
masquerading/routing arent working.
I did have to make a few hacks in /etc/sysconfig/network/ in order for
the wireless card to even work. I had to make a symlink from
/etc/sysconfig/network/ifcfg-wlan-bus-pci-0000:01:07.0 to
/etc/sysconfig/network/ifcfg-wlan0. Without doing this 'ifup wlan0'
resulted in:
virus:/etc/sysconfig/network # ifup wlan0
wlan0
ERROR: No configuration found for wlan0
below is /etc/sysconfig/SuSEFirewall2:
FW_QUICKMODE="no"
FW_DEV_EXT="eth-id-00:a0:cc:50:c7:5a"
FW_DEV_INT="wlan0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="20374 2084 2106:2706 4662 4665 http rsync smtp ssh"
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="yes"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="no"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_ANTISPOOF="no"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="int"
FW_IGNORE_FW_BROADCAST="no"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING="yes"
FW_IPSEC_TRUST="no"
FW_IPSEC_MARK=""
FW_LOG=""
And below is the routing setup
virus:/etc/sysconfig/network # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.224.14.160 * 255.255.255.248 U 0 0 0 eth0
192.168.210.0 * 255.255.255.0 U 0 0 0 vmnet8
10.6.0.0 * 255.255.255.0 U 0 0 0 wlan0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 10.224.14.161 0.0.0.0 UG 0 0 0 eth0
If anyone can help get this working with SuSEFirewall2 it would be
much appriciated.
Thanks In Advance
--
Grant Limberg
GPG Key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8C8E3D99
to the network, get an IP address from dhcpd, can ping the the desktop
machine running as the AP, and can resolve hostnames from the DNS
server running on the desktop machine. Unfortunately it seems like
masquerading/routing arent working.
I did have to make a few hacks in /etc/sysconfig/network/ in order for
the wireless card to even work. I had to make a symlink from
/etc/sysconfig/network/ifcfg-wlan-bus-pci-0000:01:07.0 to
/etc/sysconfig/network/ifcfg-wlan0. Without doing this 'ifup wlan0'
resulted in:
virus:/etc/sysconfig/network # ifup wlan0
wlan0
ERROR: No configuration found for wlan0
below is /etc/sysconfig/SuSEFirewall2:
FW_QUICKMODE="no"
FW_DEV_EXT="eth-id-00:a0:cc:50:c7:5a"
FW_DEV_INT="wlan0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="20374 2084 2106:2706 4662 4665 http rsync smtp ssh"
FW_SERVICES_EXT_IP=""
FW_SERVICES_EXT_RPC=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_DMZ_RPC=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
FW_SERVICES_INT_RPC=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="yes"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="no"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="no"
FW_LOG_ACCEPT_ALL="no"
FW_KERNEL_SECURITY="yes"
FW_ANTISPOOF="no"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="int"
FW_IGNORE_FW_BROADCAST="no"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
FW_IPv6=""
FW_IPv6_REJECT_OUTGOING="yes"
FW_IPSEC_TRUST="no"
FW_IPSEC_MARK=""
FW_LOG=""
And below is the routing setup
virus:/etc/sysconfig/network # route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.224.14.160 * 255.255.255.248 U 0 0 0 eth0
192.168.210.0 * 255.255.255.0 U 0 0 0 vmnet8
10.6.0.0 * 255.255.255.0 U 0 0 0 wlan0
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 10.224.14.161 0.0.0.0 UG 0 0 0 eth0
If anyone can help get this working with SuSEFirewall2 it would be
much appriciated.
Thanks In Advance
--
Grant Limberg
GPG Key:
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8C8E3D99
| < Previous | Next > |