OpenWrt Forum Archive

Topic: OpenWRT (Kamikaze 7.09) - using Shorewall to seperate the Lan and WLAN

The content of this topic has been archived on 20 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
brifish
8 Jul 2008, 04:44

I have been working with my WRT54GL 1.1 quite a bit. I've been reading how to's and googling info quite a bit as well. I am trying to get the setup described in this documentation:
http://wiki.openwrt.org/OpenWrtDocs/Kam … ridgedWiFi
to work on my WRT.

I believe that I have a fairly solid understanding of the Kamikaze/WRT54GL network setup (and I think that I've got it setup correctly), I can get the interfaces setup and the DHCP working correctly.  But when I try to start shorewall,  I'm stuck with errors similar to:

/var/lib/shorewall/.start: /var/lib/shorewall/.start: 1374: ip: not found
ERROR: Unable to determine the routes through interface "wl0"

This causes my shorewall to fail out and not start. This happens whether I try to start shorewall with '/etc/init.d/shorewall start' or '/sbin/shorewall start', the latter being more verbose in it's progress. I have also disabled the built in firewall with the '/etc/config/firewall disable' command prior to trying to start shorewall.

I thought that this may have something to do with the routes on the system (as the error describes). So, I have manually entered routes. (route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 dev wl0). This shows correct (to my knowledge) in the '#route' command. But, I get the same errors when I try to start shorewall after the route is in place. If I disable the wl0 interface and only do the lan and wan interfaces (eth0.0 and eth0.1), I get similar errors referencing the eth0.0 interface.

I found out that installing the shorewall package from the ipkg package didn't get all the required pre-requisite packages and I have run the following to get what I think is necessary prior to installing the shorewall package:

#ipkg install iptables iptables-mod-extra iptables-mod-iprange iptables-mod-ipset iptables-mod-nat iptables-mod-ulog iptables-utils

Does anyone see anything obvious that I'm missing or have a direction to point me in? Help much appreciated.

I would edit the iptables directly, but frankly, I don't know enough about iptables and hoped that shorewall would give me an abstraction layer that would help to get the firewall setup in place.

-b

Post #3
brifish
8 Jul 2008, 17:51

Thank you!! That worked and it has put to rest hours of searching around.

For other novices like me, this is the format that I've used for loading needed pre-requisite packages (and the shorewall package) to get shorewall running:

#ipkg update
#ipkg install ip iptables iptables-mod-extra iptables-mod-iprange iptables-mod-ipset iptables-mod-nat iptables-mod-ulog iptables-utils shorewall

Note the 'ip' entry at the beginning of the 2nd line. After I loaded ip as suggested above, all appears to be working correctly. Charlie, thanks again.

-Brian

The discussion might have continued from here.