ufw configuration on a server question

Jay Ridgley jridgley2 at austin.rr.com
Sun Apr 14 23:28:47 UTC 2013 

Folks,

I am having trouble with configuring ufw on my firewall(server). I have the 
wired side of my network up and running however the wireless side does not want 
to work properly.

My network is defined in two sub nets:

192.168.1xx.0/24 - the wired side

192.168.1xx.32/24 - wireless side

I have configured ufw as follows:

cdjsys at mateo:~$ sudo ufw status verbose
[sudo] password for cdjsys:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
Anywhere                   ALLOW IN    192.168.139.0/24

I changed /etc/default/ufw ro read:

# Next line changed from "DROP" to "ACCEPT" to allow IP Masquarding, per UFW docs.
# By CDJ Systems on  04/13/2013 - CDJSYS

DEFAULT_FORWARD_POLICY="ACCEPT"

per instructions in the documentation about using Masquerading an also the file
/etc/ufw/sysctl.conf was changed to read:

# Uncomment this to allow this host to route packets between interfaces
# Next line activated from comment by CDJ Systems on 04/13/2013 - CDJSYS

net/ipv4/ip_forward=1
#net/ipv6/conf/default/forwarding=1

and finally /etc/ufw/before.rules was modified to read:


# Next lines inserted by CDJ Systems on 04/13/2013 - CDJSYS

# nat Table rulles
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from eth1 and eth2 through eth0.
-A POSTROUTING -s 192.168.1xx.0/24 -o eth0 -j MASQUERADE

# Forward traffic from eth2 through eth0.
#-A POSTROUTING -s 192.168.1xx.32/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT

# end inserted lines

PLEASE NOTE: the address range was changed from the one in the documentation 
which read:

-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

That entry FAILED to allow even the wired network to function.

My question is how do a configure a separate entry for the wireless sub net?

I can use the wireless ONLY within my local network NOTHING to or from the
internet!


Thanks,
Jay

-- 


Jay Ridgley
jridgley2 at austin.rr.com
Registered Linux User ID - 9115
https://linuxcounter.net/cert/9115.png
Registered Ubuntu User ID - 23320

More information about the ubuntu-users mailing list