1 (edited by xt3 2011-09-15 02:02:01)

Topic: Wlan traffic seems to bypass iptables

Hi,

I have a bridge device with the wifi and wan device in it. What I want is to prevent arp poisoning/spoofing between the wifi clients or do a man in the middle attack towards the gateway, but still allow client-client communication.

I'm trying to filter traffic between two wifi clients in managed mode. When I do tcpdump on the wlan0 device I see all the traffic, but it seems that it's not going through iptables. Do I need ebtables to manipulate the bridging decision or is it more like a monitor port and the traffic never really leaves the device and I can only watch it.

What I tried than was to acitvate the isolation mode but still than it seems the traffic going through the bridge device isn"t going through iptables. Again would ebtables help here?

Is there another option to fulfill the attempt to prevent arp attacks or shall I try to route the traffic back on the gateway to get client-client communication working?

Re: Wlan traffic seems to bypass iptables

We had a similar requirement and installed ebtables, which then made the traffic accessible to iptables. Note that I didn't need all of the ebtables packages - just one or two of them, but I don't have the list in front of me right now.

Thanks

Sam

Re: Wlan traffic seems to bypass iptables

/etc/sysctl.conf:

# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0