Wireless Bridge, aaarrgghhh

Peter King peter.king-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Sun Jan 4 01:21:36 UTC 2004


 
Any help would be appreciated; I've tried looking in all the obvious
places first. Even some less obvious ones. At the moment I'm greying
quickly...

What I'd like to do is bridge two wired networks -- call them NET0 and 
NET1 -- using a Linux laptop with built-in ethernet (eth0) and a wireless
PCMCIA card (eth1). I have the laptop wired into NET0 via eth0. Now each 
interface works fine all by itself. From the laptop I can ping machines 
on NET0 with no problem, and from other machines on NET0 I can ping both
eth0 and eth1. Likewise, from the laptop I can ping machines on NET1 via
eth1, and use the internet connection on NET1. Great.

So eth0 = 192.168.0.12 on NET0 (192.168.0.xxx)
   eth1 = 192.168.0.22 on NET0

and traffic through eth1 is translated into 192.168.1.xxx addresses for
NET1. The routing table on the laptop suggests that everything is fine:
both eth0 and eth1 have destination 192.168.0.0 as routes, and there is
only a single default gateway, defined on eth1, to 192.168.0.254 (which
does the NAT).

What I can't seem to do is get the packets from NET0 to NET1, unless they
originate on the laptop. And I can't figure out why.

I've tried a variety of configurations of iptables on the laptop; none of 
them have yet worked. The most promising script ran something like this:

/sbin/iptables -F
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT

After flushing the tables and enabling the loopback device, then it allows
everything from eth0 (and hence NET0) in, to be forwarded to eth1 (and hence
NET1). It only allows established connections back. But it doesn't work; each
time I try to ping an address outside of 192.168.0.xxx from NET0, it fails,
and tells me there is no route to the address (or hostname lookup failure if
I tried using name resolution). The resolv.conf files are the same on the
laptop and on machines on NET0.

After a failed attempt to ping something, I run iptables -v -L and I can see that
the INPUT and OUTPUT chains have seen the ping packets, but not the FORWARD chain.

Where did I go wrong?

(On *this* problem, that is!)

--
Peter King			        peter.king-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Philosophy Department
University of Toronto			    (416)-978-3788 ofc
Toronto, ON   M5S 1A1			    (416)-978-8703 fax
    CANADA
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml





More information about the Legacy mailing list