Terrag Posted September 20, 2018 Share Posted September 20, 2018 I am trying to use NETMODE TRANSPARENT with a WiFi adapter to facilitate external access into a network. The problem I am having is that I can't use iptables rules with the bridge. I have researched that I need to enable bridge firewalling in /etc/sysctl.conf: net.bridge.bridge-nf-call-iptables=1 And then run sysctl -p to update. I get the following error: sysctl: error: 'net.bridge.bridge-nf-call-iptables' is an unknown key It seems that there are kernel modules missing, such as br_netfilter, to allow this to work. How would I go about getting this kernel module? Also, any time I try to use OPKG to install a kernel module it has a old kernel dependency: root@squirrel:~# opkg install kmod-ebtables Installing kmod-ebtables (3.18.23-1) to root... Downloading http://downloads.openwrt.org/chaos_calmer/15.05.1/ar71xx/generic/packages/base/kmod-ebtables_3.18.23-1_ar71xx.ipk. Multiple packages (kmod-ipt-core and kmod-ipt-core) providing same name marked HOLD or PREFER. Using latest. Collected errors:* satisfy_dependencies_for: Cannot satisfy the following dependencies for kmod-ebtables:* kernel (= 3.18.23-1-b2f200610f46d20ef52d269421369d0c) * kernel (= 3.18.23-1-b2f200610f46d20ef52d269421369d0c) * kernel (= 3.18.23-1-b2f200610f46d20ef52d269421369d0c) * kernel (= 3.18.23-1-b2f200610f46d20ef52d269421369d0c) ** opkg_install_cmd: Cannot install package kmod-ebtables Any help is much appreciated. Link to comment Share on other sites More sharing options...
JDL Posted August 21, 2019 Share Posted August 21, 2019 Did you ever solve this? Having a similar problem on 3.1 firmware. Seems like I can not install any useful software from OPKG. Link to comment Share on other sites More sharing options...
Terrag Posted August 21, 2019 Author Share Posted August 21, 2019 4 hours ago, JDL said: Did you ever solve this? Having a similar problem on 3.1 firmware. Seems like I can not install any useful software from OPKG. I was able to get it working by building a custom kernel. It was a huge pain and didn't really give me a good solution as a network tap that can modify packets. So I abandoned the PacketSquirrel project for a Grapeboard. It has two 1Gb NICs and runs Ubuntu so it fit my needs better. It is more expensive but works beautifully for what I need. https://www.grapeboard.com/ Link to comment Share on other sites More sharing options...
JDL Posted August 21, 2019 Share Posted August 21, 2019 5 hours ago, Terrag said: I was able to get it working by building a custom kernel. It was a huge pain and didn't really give me a good solution as a network tap that can modify packets. So I abandoned the PacketSquirrel project for a Grapeboard. It has two 1Gb NICs and runs Ubuntu so it fit my needs better. It is more expensive but works beautifully for what I need. https://www.grapeboard.com/ Sorry to hear that. I am familiar with the Grapeboard, but it is over $200USD, plus a case, and is much larger/ pulls more power. I have a couple other SBCs that are in this ballpark, with the EspressoBIN being the go-to for a bigger option. While I am impressed by the @Hak5 hardware, the software support and stability is lacking across the product line. Link to comment Share on other sites More sharing options...
Terrag Posted August 21, 2019 Author Share Posted August 21, 2019 The EspressoBIN looks nice. I was in a hurry to get a solution together when I found the GrapeBoards. Probably would have given the EspressoBIN a shot if I found them. I completely agree with your statement on the software support and stability. Link to comment Share on other sites More sharing options...
Foxtrot Posted August 21, 2019 Share Posted August 21, 2019 11 hours ago, JDL said: Did you ever solve this? Having a similar problem on 3.1 firmware. Seems like I can not install any useful software from OPKG. What software specifically? If it's not available in the OpenWRT repositories, then I can look into building the package for you. Link to comment Share on other sites More sharing options...
JDL Posted August 21, 2019 Share Posted August 21, 2019 In this case it is the ability to install packages that seem to be available in the OpenWRT repositories, specifically ebtables and arptables. I am working on porting the principles of the 802.1x bypass capabilities here: nac_bypass as a payload for the squirrel. With the move to a kernel version above 3.2 it is possible to change the group_fwd_mask on the bridge (easily) to forward EAP packets. This brings a very important new capability to the squirrel, if we can get ebtables and arptables installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.