ebtables interaction hostapd

Vermonden David david.vermonden
Mon Nov 17 04:01:52 PST 2008


I have setup an 802.1x with EAP-TLS environment with hostap and a
freeradius-server. XP clients can successfully authenticate themselves.

Used machines:
- one OpenSuse11 setup as a bridge with hostap, brctl and ebtables
installed
- one OpenSuse11 setup as freeradius
- one XP client machine

But the problem is how to connect the hostapd with ebtables. If a client
successfully authenticates (= Access-accept message), allow traffic from
this client to pass the bridge.

It would be feasible to parse the logs of the hostapd and adapt the
ebtable rules. F.i. if a mac-address gets an access accept message then
perform ebtables -t broute -A mac -j ACCEPT.



Instead of using ebtables, one can also use the the pae kernel module on
sourceforge. But in don't know how hostapd would interact with that
module.


Is there another way to do the interaction between ebtables and hostap?
What is the purpose of hostap if it can authenticate clients but doesn't
act on client authentication. Hostap doesn't implement the port access
entity module of 802.1x.

 

All ideas are welcome!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20081117/5ff8d5b7/attachment.htm 



More information about the Hostap mailing list