Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

NDISWRAPPER & BRIDGING HOW-TO
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Lord Spector
Guru
Guru


Joined: 28 Oct 2003
Posts: 304
PostPosted: Sat Sep 11, 2004 9:33 am    Post subject: NDISWRAPPER & BRIDGING HOW-TO Reply with quote
Hi !

Bridging a wireless network that uses ndiswrapper does not work if you use
bridge-utils. What you need to do is use ipforwarding with IPTABLES instead...

I had some problems with this and found nothing like this on the net when I needed it so I decided to post this simple HOW-TO.

Ndiswrapper does not support promiscuous mode so this creates a bit of a problem that can be solved like this:

If you don't have IPTABLES running yet you should read this How-To first... get to the part where the config is posted and then continue from here (you'll need a modified confg which I posted here)

I'll presume you have 3 NIC-s in your router... if you have more just add them to the config accordingly...

In this example, one NIC (eth1) is connected to the Internet via a static IP configuration, the second NIC (eth0) is on a LAN and the third NIC (wlan0) is a wireless LAN.

so my /etc/conf.d/net file looks like this:
Code:

iface_wlan0="192.168.1.1 broadcast 192.168.1.255 netmask255.255.255.0"
iface_eth0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
iface_eth1="X.X.X.X broadcast X.X.X.255 netmask 255.255.255.0"
gateway="eth1/X.X.X.X"
(the X.X.X.X is actually my static IP)

And now we just forward packages like so:

Code:
 #!/bin/bash
IPTABLES='/sbin/iptables'

# Set interface values
EXTIF1='eth1'
EXTIF2='eth0'
INTIF1='eth0'
INTIF2='wlan0'

# enable ip forwarding in the kernel
/bin/echo "1" > /proc/sys/net/ipv4/ip_forward
                                                                               
# flush rules and delete chains
$IPTABLES -F
$IPTABLES -X
                                                                               
# enable masquerading to allow LAN internet access
$IPTABLES -t nat -A POSTROUTING -o $EXTIF1 -j MASQUERADE
                                                                               
# forward LAN traffic from $INTIF1 to Internet interface $EXTIF1
$IPTABLES -A FORWARD -i $INTIF1 -o $EXTIF1 -m state --state NEW,ESTABLISHED -j ACCEPT

# forward LAN traffic from $INTIF2 to Internet interface $EXTIF1
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF1 -m state --state NEW,ESTABLISHED -j ACCEPT

# forward LAN traffic from $INTIF2 to BRIDGE interface $EXTIF2
$IPTABLES -A FORWARD -i $INTIF2 -o $EXTIF2 -m state --state NEW,ESTABLISHED -j ACCEPT
                                                                               
#echo -e "       - Allowing access to the SSH server"
$IPTABLES -A INPUT --protocol tcp --dport 22 -j ACCEPT
                                                                               
#echo -e "       - Allowing access to the HTTP server"
#$IPTABLES -A INPUT --protocol tcp --dport 80 -j ACCEPT
                                                                               
# block out all other Internet access on $EXTIF
$IPTABLES -A INPUT -i $EXTIF1 -m state --state NEW,INVALID -j DROP
$IPTABLES -A FORWARD -i $EXTIF1 -m state --state NEW,INVALID -j DROP


you can drop the opened ports and other rules if you don't need them...
And also be sure to set the EXTIF's and INTIF's according to your network !

This is it...
If you have any more questions just ask away... :wink:
_________________
It's all about open source
Back to top
View user's profile Send private message
bLaXe
Tux's lil' helper
Tux's lil' helper


Joined: 14 Nov 2004
Posts: 81
Location: Berkshire, UK
PostPosted: Tue Dec 07, 2004 7:56 pm    Post subject: Reply with quote
Glad I found this page - I'd been trying to get bridging to work with ndiswrapper for a while (obviously with no success) so it's nice to know that it just plain won't work.

I have a wired network upstairs in my house which has access to the internet via a router/firewall box. This network has a wireless access point on it. There is no practical way to run a cable downstairs but I have a system downstairs that I would like to be able to access the rest of the network. This system has no wireless card, only a wired one.

So, I have another system downstairs which has both wired and wireless interfaces that I would like to use to 'extend' the network to downstairs by bridging the wireless network onto a small wired network.

I'm not very adept with iptables so I'm not sure what rules I need to set to achieve this.

Any help would be apreshiated. (I can post more info about the setup if it's helpful)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy