Home arrow BrainDump arrow Maintaining a Linux Wireless Access Point

Maintaining a Linux Wireless Access Point

In this fourth part of a five-part series on building a Linux wireless access point, you'll learn about firewalling, routing, and more. This article is excerpted from chapter four of the Linux Networking Cookbook, written by Carla Schroder (O'Reilly; ISBN: 0596102488). Copyright © 2008 O'Reilly Media, Inc. All rights reserved. Used with permission from the publisher. Available from booksellers or direct from O'Reilly Media.

  1. Maintaining a Linux Wireless Access Point
  2. 4.12 Using Routing Instead of Bridging
  3. 4.13 Probing Your Wireless Interface Card
  4. 4.14 Changing the Pyramid Routerís Hostname
By: O'Reilly Media
Rating: starstarstarstarstar / 1
February 08, 2010

print this article



4.11 Connecting to the Internet and Firewalling 


Itís high time to finish up with these LAN chores and bring the Internet to your LAN. Your wireless is encrypted, your LAN services are working, and your users want Internet. So youíre ready to configure your WAN interface and build a nice stout iptables firewall.


Easy as pie. First, configure your WAN interface, then set up an iptables firewall. (See Chapter 3 to learn how to do these things.) Youíll need to make some simple changes to /usr/local/bin/fw-nat to enable traffic to flow across your bridge. Add these two lines:

  $ipt -A INPUT -p ALL -i $LAN_IFACE -s -j ACCEPT
  $ipt -A FORWARD -p ALL -i $LAN_IFACE -s -j ACCEPT

Use your own subnet, of course. Then, change the value ofLAN_IFACE tobr0:


Restart and test everything according to Chapter 3, and you are set.


Ethernet bridges join subnets into a single broadcast domain, with broadcast traffic going everywhere at once. A bridge is easy to set up and is transparent to your users. Your subnets function as a single network segment, so LAN services work without any additional tweaking, such as network printing, Samba servers, and Network Neighborhood. You can move computers around without having to give them new addresses. 

Bridging is inefficient because it generates more broadcast traffic. So, it doesnít scale up very far. An Ethernet bridge operates at the data link layer (layer 2) of the OSI Model. It sees MAC addresses, but not IP addresses. Bridge traffic cannot be filtered with iptables; if you want to do this, use ebtables, which is designed for bridging firewalls.

Routing gives more control over your network segments; you can filter traffic any way you like. Itís more efficient than bridging because itís not spewing broadcasts all over the place. Routing scales up indefinitely, as demonstrated by the existence of the Internet. Its main disadvantage in the LAN is itís a bit more work to implement.

See Recipe 4.12 to learn how to use routing instead of bridging on your wireless access point.

See Also

  • Chapter 6

>>> More BrainDump Articles          >>> More By O'Reilly Media

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Apple Founder Steve Jobs Dies
- Steve Jobs` Era at Apple Ends
- Google's Chrome Developer Tool Updated
- Google's Chrome 6 Browser Brings Speed to th...
- New Open Source Update Fedora 13 is Released...
- Install Linux with Knoppix
- iPad Developers Flock To SDK 3.2
- Managing a Linux Wireless Access Point
- Maintaining a Linux Wireless Access Point
- Securing a Linux Wireless Access Point
- Configuring a Linux Wireless Access Point
- Building a Linux Wireless Access Point
- Migrating Oracle to PostgreSQL with Enterpri...
- Demystifying SELinux on Kernel 2.6
- Yahoo and Microsoft Create Ad Partnership

Developer Shed Affiliates


Dev Shed Tutorial Topics: