I wanted to set up a shorewall router using an Ubuntu 9.04 machine with three interfaces.
1) eth0 – Internet
2) eth1 – LAN
3) ath0 – WLAN
Most shorewall 3 interface tutorials explain how to set up a LAN with DMZ, which doesn’t help me at all. Most wireless shorewall tutorials, on the other hand, describe how to setup shorewall with three interfaces, two zones, and have wireless and wired on separate subnets. I don’t prefer this because, while shorewall will allow wired and wireless to communicate since they are in the same “loc” zone, the separate subnets make things more difficult such as getting samba shares to play nicely.
My solution to this problem was to add the LAN interface and the WLAN interface to a bridge, then masquerade that traffic to the internet. First i installed bridge-utils
#> apt-get install bridge-utils
Next I created my bridge
#> ifconfig eth1 0.0.0.0
#> ifconfig ath0 0.0.0.0
#> ifconfig eth1 up
#> ifconfig ath0 up
#> brctl addbr br0
#> brctl addif br0 eth1
#> brctl addif br0 ath0
Now I assigned an ip adress to my bridge
#> ifconfig br0 192.168.1.1 netmask 255.255.255.0
Now that my bridge was setup I had to configure shorewall. I copied the TWO INTERFACE example in to my /etc/shorewall folder. Notice I’m using the two-interface example since I am only using two interfaces: br0 and eth0. I edited /etc/shorewall/interfaces to include “net eth0″ and “loc br0″ I had to add “routeback” to the options for the br0 interface so that the routing would be handled correctly between the wired and wireless clients. Next i edited the masq file and changed it to say “ath0 br0″. Aside from these two changes you can follow the instructions for a standard shorewall setup with two interfaces found here.
would this work with three wired interfaces e.g eth0, eth1 and eth2 i’m trying to setup ubuntu as a router/server so my other two Pcs can access the internet
Yes you basically would bridge the two interfaces that the pcs are connected to instead of bridging the wireless and the wired interfaces. However you could also just use two interfaces in the router, eth0 and eth1. Let eth0 connect to the internet and connect a switch to eth1. This way you could connect as many pcs as you want to the switch and all the traffic from the switch would get routed to the internet.
i knew i could of used a switch but rather than using one of those i just wanted two Pcs to access the internet through my ubuntu server/router via crossover cables only one of my Pcs can access the internet through ubuntu router via crossover cable i followed this tutorial http://ubuntulinuxhowto.blogspot.com/2006/06/setup-your-computer-to-be-router.html however rather than creating another subnet i though your idea would be better also how would i config shorewall for the bridge ? thanks for sharing
Sorry for the delay. What you want to do is set eth0 to dhcp and connect it to your dsl/cable modem. Next, do:
‘ifconfig eth1 0.0.0.0′
‘ifconfig eth2 0.0.0.0′
Now you will want to create a bridge br0 and add these two interfaces to the bridge.
‘brctl addbr br0′
‘brctl addif br0 eth1′
‘brctl addif br0 eth2′
Now assign an ip address and mask to the bridge
ifconfig br0 192.168.1.1 netmask 255.255.255.0
After that you can configure shorewall by following the two-interface example on their website because as far as your ubuntu machine is concerned there are only two interfaces eth0 and br0. (Set shorewall to masq all traffic from br0 to eth0 and tell dnsmasq to hand out ips to br0) Make sense?
Is the bridge required? I have two interfaces one wired one wireless, I want to connect the wired to the internet and use the wireless as an access point, so essentially the box is an access point and firewall. Any ideas?
Hello drew, no the bridge is not required. In your situation you would want to set up the firewall as I’ve outlined above, except instead of creating a bridge simply masquerade your wireless interface to you ethernet interface. You do this by placing the names of the two interfaces in your your shorewall masq file. Sorry for the delay but I’ve been away for the holidays.