LinuxMCE Forums
General => Users => Topic started by: ardirtbiker on January 21, 2016, 05:28:59 pm
-
In lmce 1204 and 1404, bridging appears to have changed within the linux kernel. In 1004 i had bridged eth1 (internal NIC) with wlan0 (AP) following the instructions here:http://wiki.linuxmce.org/index.php/Access_Point (http://wiki.linuxmce.org/index.php/Access_Point)
After changing 'eth1' in the firewall to 'br0' (the bridge interface), verything worked without a hitch.
In 1204 and 1404, when the bridge is set up the same, the MDs cannot access the nfs storage drives, but my wifi devices work fine.
Is there a better route to take other than bridging? Is there something else I need to do to the firewall?
Some internet sources suggest installing ebtables and set up some rules there and add other rules to iptables. I dont quite grasp firewalls and am stuck.
Any suggestions will be greatly appreciated.
Dennis
-
Hello Dennis,
it isn't yet supported to bridge but to help you further to test this.
I need some information from you.
- /etc/network/interfaces
- /etc/default/isc-dhcp-server
- iptables -vnL
-
Thanks Alblasco,
Here is my /etc/network/interfaces file:
# Activating interfaces
auto eth0 br0 lo
#####
# Loopback interface
#####
iface lo inet loopback
#####
# IPv4 network interfaces
#####
# --- External NIC ---
iface eth0 inet dhcp
pre-up sysctl -q -e -w net.ipv6.conf.eth0.disable_ipv6=1
up /sbin/ifconfig eth0 up
down /sbin/ifconfig eth0 down
# --- Internal NIC ---
iface eth1 inet manual
pre-up sysctl -q -e -w net.ipv6.conf.eth1.disable_ipv6=1
up /sbin/ifconfig eth1 up
down /sbin/ifconfig eth1 down
#####
# --- Wireless NIC ---
iface wlan0 inet manual
# --- Bridge ---
iface br0 inet static
address 192.168.80.1
network 192.168.80.0
netmask 255.255.255.0
broadcast 192.168.80.255
gateway 192.168.1.254
pre-up /usr/sbin/hostapd -B /etc/hostapd/hostapd.conf
bridge_ports eth1 wlan0
dns-nameservers 192.168.1.254 8.8.8.8
dns-search LinuxMCE.local
down /sbin/ifconfig br0 down
Here is /etc/default/isc-dhcp-server:
INTERFACES="br0"
and here is the output of iptables -vnL
Chain INPUT (policy DROP 3 packets, 116 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1
2 92 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
492 57564 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
6 1616 ACCEPT udp -- br0 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 /* Allow_DHCP */
2 120 ACCEPT tcp -- br0 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo lo 0.0.0.0/0 0.0.0.0/0 /* Allow_Loopback */
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED /* Allow_Established */
4 2563 ACCEPT tcp -- br0 * 192.168.80.0/24 0.0.0.0/0 /* Allow_Local_Network */
Chain OUTPUT (policy ACCEPT 317 packets, 45260 bytes)
pkts bytes target prot opt in out source destination
Let me know if you need anything else.
Dennis
-
Hello Dennis,
Iptables is setup as the lmce-firewall write the iptables rules on the background.
Bridging is so far the easyest way to do this, else you need to create forward rules and change a lot of configuration files,
i'm not shure of everything will get to work that way.
there seems to be a problem with the nfs config i'm not shure where this problem is.
I check here to be shure i'm not having this issue.
Your configuration so far seems right.
-
thank you sir!
I'll keep a lookout for a resolution to the nfs issue.
Dennis
-
Alblasco,
my recent reinstall of 12.04 seems to work fine with the bridge setup.
Just after install, I ran the sql command
UPDATE Device_DeviceData SET IK_DeviceData="eth0,dhcp|br0,192.168.80.1,255.255.255.0" WHERE FK_DeviceData=32;
after my bridge was set up, then did an iptables -F followed by '/usr/pluto/bin/Network_Firewall.sh'.
I may not have needed to do all of that, but it works!
Dennis
-
Hello Dennis,
Nice that it works now. :)
I'm bulding this to set it up from the GUI but a lot of work to do before it is that way. :P
cheers Alblasco1702.
-
Alblasco we really need a working firewall before any options or features are added. Thanks. I'll be fixing firewall bugs starting this weekend if it is not working at that point. thanks.
J.
-
I value your efforts.
I was not aware the firewall was not completely up to snuff.
Yes, it would be awesome to be able to set up the bridging in website admin, but I have my config files saved on a storage drive.
Another note on the firewall.... I havent been able to get my work laptop to VPN into my work domain. Are the ports currently blocked? I think there are several that are involved.
Thanks
Dennis