I think the routing is set up and with the option FW_STOP_KEEP_ROUTING_STATE="yes" for keeping the routing up when SuSEFirewall2 is unloaded I think I can access the server in the LAN. I thought of using bridging because it's more transparent. What variables would I have to fiddle around with in /etc/sysconfig/SuSEFirewall2 when using another zone with "FW_ZONES"? On Montag 21 November 2005 10:51, Ludwig Nussel wrote:
David Huecking wrote:
Now I added a wireless-card for the router also acting as a wireless access-point: - ath0 is interface of wireless-card running in hostap-mode Then I build a bridge-interface from eth0 and ath0 and gave it the former IP of eth0. - br0 bridge made of ath0 and eth0 Routing from the wired and wireless clients to the internet works like a charm. What does not work ist bridging from physical interface eth0 to ath0 so that I can reach my server attached to the LAN-switch from my wireless notebook. I get logging-entries like that: SFW2-FWDint-DROP-DEFLT IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=ath0 SRC=192.168.42.6 DST=192.168.42.2
Could anybody tell me what to write into /etc/sysconfig/SUSEFirewall2 or in /etc/sysconfig/scripts/SuSEfirewall2-custom to accept packets crossing my bridge.
I don't have such a setup myself so I can't help you here. I wouldn't use bridging with the LAN though. With newer SuSEfirewall2 you can define a new zone for the WLAN and then use normal routing for WLAN-Inet and WLAN-LAN. You can also abuse the DMZ rules for that purpose if you don't have a real DMZ.
-- Eat, sleep and go running, David Hücking. Encrypted eMail welcome! GnuPG/ PGP-Key: 0x57809216. Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216