guibzh
02-02-2010, 11:14 AM
Hi everyone,
My radio tests are done now and I decided to go with airmax product line.
So i'm working on the network design and I came out with something I'm now trying to configure.
I use 3 vlans:
vlan 1: data
vlan 10: admin
vlan 30: voice
I successfully passt vlan through my Ap (rocket M5) by bridging ath0 and eth0 and creating br0.1, br0.10 and br0.30.
Now I configured my cpe (NSM5) by unbridging every interfaces and creating ath0.1, ath0.10 and ath0.30. Then I bridged like this:
br0: ath0.1 + eth0_real
br1: ath0.30 + eth1_real
Everything is working great i can ping my router through each vlan.
Now I tried to enable IP forward from my ethernet (eth0) port by using ebtables.
I tried a lot of commands and it blocks EVERYTHING. It COMPLETELY IGNORES THE RULESET, the only thing it doesn't ignore is the policy: ebtables -P FORWARD DROP.
I tried:
ebtables -A FORWARD -p IPv4 -j ACCEPT
ebtables -A FORWARD -i eth0_real -o ath0.1 -j ACCEPT
ebtables -A FORWARD -i ath0.1 -o eth0_real -j ACCEPT
Another thing, I noticed that by default there is this set of rules and I don't really get what they do:
ebtables -t nat -A PREROUTING --in-interface ath0 -j arpnat --arpnat-target ACCEPT
ebtables -t nat -A POSTROUTING --out-interface ath0 -j arpnat --arpnat-target ACCEPT
When I use them I forward everything and it's not what I want. I just want port eth0 to be able to use vlan1 and eth1 be able to forward on vlan 30 and vlan10 not forwarded.
Well thanks for your help.
Guillaume
My radio tests are done now and I decided to go with airmax product line.
So i'm working on the network design and I came out with something I'm now trying to configure.
I use 3 vlans:
vlan 1: data
vlan 10: admin
vlan 30: voice
I successfully passt vlan through my Ap (rocket M5) by bridging ath0 and eth0 and creating br0.1, br0.10 and br0.30.
Now I configured my cpe (NSM5) by unbridging every interfaces and creating ath0.1, ath0.10 and ath0.30. Then I bridged like this:
br0: ath0.1 + eth0_real
br1: ath0.30 + eth1_real
Everything is working great i can ping my router through each vlan.
Now I tried to enable IP forward from my ethernet (eth0) port by using ebtables.
I tried a lot of commands and it blocks EVERYTHING. It COMPLETELY IGNORES THE RULESET, the only thing it doesn't ignore is the policy: ebtables -P FORWARD DROP.
I tried:
ebtables -A FORWARD -p IPv4 -j ACCEPT
ebtables -A FORWARD -i eth0_real -o ath0.1 -j ACCEPT
ebtables -A FORWARD -i ath0.1 -o eth0_real -j ACCEPT
Another thing, I noticed that by default there is this set of rules and I don't really get what they do:
ebtables -t nat -A PREROUTING --in-interface ath0 -j arpnat --arpnat-target ACCEPT
ebtables -t nat -A POSTROUTING --out-interface ath0 -j arpnat --arpnat-target ACCEPT
When I use them I forward everything and it's not what I want. I just want port eth0 to be able to use vlan1 and eth1 be able to forward on vlan 30 and vlan10 not forwarded.
Well thanks for your help.
Guillaume
