I am trying to setup a server on my internal network to only allow
authenticated traffic through. I have a wireless access point
setup without a connection to an external network. My server machine
is directly connected to the wap, so if a wireless user gains access
to the wap, the server is the only place they may connect to. On the
server, I am running sshd. When I connect to the server through the
wap connection using dynamic forwarding, I am not able to get out on
to the external network. I'm not sure if this is a routing issue,
but it sounds like it to me.
I'm not sure if my problems are caused by having two private networks
behind my external router, or if it is something caused by the
server. I have tried forwarding packets, but this did not work when
I restricted all incoming traffic from the wap to the internal
interface on port 22 (sshd). I'm thinking I may have to bridge the
two interfaces, but I'm not sure how this would work if I need to
restrict access on the internal interface.
My firewall rules are:
# start firewall rules
# eth1 is the internal interface
iptables -F
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -i eth1 --dport ssh -j ACCEPT
iptables -A INPUT -j DROP
# end firewall rules
I have tried this with the firewall rules loaded, as well as dropping
all rules. Neither solution worked.
I would appreciate it if anyone could help me out with getting this
setup to work. I am running Ubuntu 5.10 currently, but if I should
use a more "compatible" distribution, I would be happy to switch. I
am familiar with the command line and editing configuration files by
hand if need be. Thank you very much.
Network Topology
wap external router
192.168.1.1 internal interface external interface 192.168.0.1
|---------| 192.168.1.2 192.168.0.2 |----------|
| | | |-------------| | | out |
| |--------------| |---------------| to |->
| | |-------------| | internet |
|---------| ubuntu box |----------|
|
Similar Threads
Linear Mode
