Debian Iptables 3 nic bridge
 

Hey all,
I'm a noob with a networking Question. the question in essence is "how do i do this with iptables?"

the situation is as follows;
I have a server running debian with a 2.6 kernel. 3 nics, eth0, eth1 and ath0.

eth0 has a static ip of 10.0.0.150
eth1 has a static ip of 192.168.16.1
ath0 has a static ip of 192.168.1.1

eth0 is connected to a router (ip 10.0.0.138) which maintains an internet connection
ath0 is a wireless card running in AP mode.
eth1 and ath0 have a dhcpd server running on it so clients that connect to it get an ip.

how do i transparently bridge ath0 and eth1 to form one network, and how do i allow computers connected to both the ath0 and eth1 to connect tot he internet through eth0. I'd love to have eth0 also act as a firewall not allowing connections comming from the internet but allowing everything to come from the internal lan (ath0/eth1)

can anyone give me a few pointers? I'm not really good at networking and i'm kinda stumped on how iptables works (yes i did read the manual).

thanks in advance.

For a start you don't use iptables on your Debian system, except if you want it to be a firewall. You can't have different IP address or subnets for ath0 and eth1 if you bridge them.

Install bridge-utils.
Read the manpage bridge-utils-interfaces.
Disable eth1 and ath0 using "ifdown eth1 ath0"
Configure the bridge in /etc/network/interfaces, deleting the configuration for eth1 and ath0.
Bring up the bridge using "ifup br0" or similar.
Edit /etc/sysctl.conf to enable IP forwarding.
For immediate effect: "echo 1 > /proc/sys/net/ipv4/ip_forward"
Set up the DHCP server for the bridge.

Add a route table entry to the other router.

As for firewalling, is your other router sufficient? What is your IPv6 policy?

For IPv4 the following should work: