Viliam Trepak trepo
Mon Aug 9 02:28:15 PDT 2004

Hello all,

On Sun, 2004-08-08 at 23:15, nondito wrote:

> Clients on my hostap interface could communicate with
> each other when the ap_bridge_packets is set to 1 -
> which is usual. But to stop the clients from seeing
> each others shared folder I set the value to 0 and now
> they can't even ping each other (other P2P between
> them does NOT work as well).

802.11b is at layer 2. Ping (layer 3), P2P and network shares (layer 7)
are clearly above that, so they will not work with ap_bridge_packets=0

> Is ther any way I can let the clients to communicate
> with each other but block some ports using iptables?

Set ap_bridge_packets=0.
Assign a separate subnet for each of your clients.
Assign the respective gateway IP's to your hostap interface.
Disable redirects on your hostap interface.
Use iptables to filter the traffic.

> This ap_bridge_packets are imposing two different
> situations on two extremes. If set to 1, they can
> communicate unconditionally and no restriction can be
> imposed. If set to 0, they can't communicate at all.

I believe that was the original intent and nothing more.
There's no point in duplicating existing funcionality.

> Is there any work around?

See above. I would not call it a "workaround", though.

>  Am I missing something?
> Thanks,
> Nondito.

You are welcome.


