[juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions

  • From: "Myron Davis" <myrond@xxxxxxxxxxx>
  • To: juneau-lug@xxxxxxxxxxxxx
  • Date: Mon, 18 Oct 2004 12:15:06 -0800 (AKDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yep, you need to change all entries to point to your bridge, your dhcp
server, and yes you need to change your pf.conf rules so that bridge0 is
the internal interface.

At this point it is almost like your wireless and wired segments are
non-existent, the only interface that matters is the bridge interface.

- -Myron

> Thanks for your reply.  I also think that going with a bridge is probably
> the easiest solution but I still have some questions/problems.  I setup my
> bridge between my wireless interface and my internal ethernet interface.
> I can connect to the AP but my wlan clients still end up with IPs like
> this, 169.254.92.9.  On my router I get an arp error saying: 'arplookup:
> unable to enter address for 169.254.92.9'.
>
> Now that I've setup a bridge between my wireless and internal interfaces
> do I need to change all my pf.conf rules so that bridge0 is considered the
> internal interface?  I'm not quite sure what do from now on out.
>
>
> ----- Original Message -----
> From: Myron Davis <myrond@xxxxxxxxxxx>
> Date: Monday, October 18, 2004 1:30 am
> Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Any and all of them, personally I'd go w/ a bridge, easy to setup
>> and run
>> with.  You could of course setup different networks for both
>> wireless and
>> wired.  Big thing about a bridge after you create it, if you have
>> anythingpointing to your local ethernet interfaces you should point
>> change the
>> pointer to the bridge interface instead.  You don't even need IP
>> addressess for your wireless interface or your ethernet interface
>> anymore.
>> Not sure about BSD land but I know on linux side there are several
>> different drivers for wireless and some create different interfaces
>> forthe different types of methods of interacting with wireless
>> clients.(i.e. your mail interface is wifi0, if you sniff data there
>> you'll see
>> link layer traffic, then if you want regular ethernet filters
>> traffic you
>> connect to wlan0, if you want wds traffic you connect to wlan0wdsX
>> where x
>> is the wds network, or if you want a station interface and your in
>> mastermode you connect to wlan0sta).  But different drivers (and
>> differentversions of drivers) do things quite a bit differently.
>>
>> - -Myron
>>
>> > Hello,  I've been to a few meetings so you may or may not
>> remember me but
>> > I was hoping that someone with some OBSD experience could help me
>> out.> I'm trying to build a OpenBSD based router/gateway/firewall
>> for my home
>> > lan.  The whole thing should look similar to this:
>> >
>> > Internet --> Cable Modem --> OBSD --> Hub --> LAN Clients
>> >
>> > The gateway has three interfaces(external, internal and
>> wireless).  I've
>> > been able to get pf to do NAT and packet filtering between the two
>> > ethernet external and internal interfaces.  I've also been able
>> to get
>> > dhcpd to pass out leases to LAN clients on the internal
>> interface.  This
>> > all works more or less.  The big problem is the wireless.
>> >
>> > I've been able to create my access point with the following script.
>> >
>> > #!/bin/sh
>> > #Used HOWTO -->
>> http://www.unixcircle.com/features/802.11b_openbsd.php> ifconfig
>> wi0 inet up nwid hogwarts media DS11 mediaopt hostap
>> > wicontrol -e 1
>> > wicontrol -k 0xblahblahblah -v 1
>> > wicontrol -T 1
>> > wicontrol -f 11
>> > wicontrol -s "OpenBSD_AP"
>> >
>> > This script is run by rc.local and creates the interface as shown:
>> >
>> > wi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> mtu 1500
>> >         address: 00:05:5d:ee:6e:3e
>> >         nwid hogwarts
>> >         nwkey blahblahblah
>> >         powersave off
>> >         media: IEEE802.11 DS11 hostap
>> >         status: active
>> >         inet6 fe80::205:5dff:feee:6e3e%wi0 prefixlen 64 scopeid 0x3
>> >         inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>> >
>> > As I mention previously I can connect to the resulting AP with my
>> wireless> clients.  However weird things that I don't understand
>> start happening
>> > from here on out.  For example, I can't seem to ping 192.168.1.1
>> from my
>> > wireless clients, or I my wlan clients get IPs like
>> 169.158.***.***.  This
>> > is essentially where my gas tank of knowledge runs empty.  Do I,
>> >
>> > 1)Create bridge device between my wireless and internal interfaces?
>> > 2)Create seperate NAT rules for wireless interface?
>> > 3)Run dhcpd on my wireless interface?
>> >
>> > Any advice on the matter would be appreciated.  Thanks.
>> >
>> > Kevin Elliott
>> >
>> >
>> > ------------------------------------
>> > This is the Juneau-LUG mailing list.
>> > To unsubscribe, send an e-mail to juneau-lug-
>> request@xxxxxxxxxxxxx with
>> > the word unsubscribe in the subject header.
>> >
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.5 (GNU/Linux)
>>
>> iD8DBQFBc40Uifbfg5b2FvURAk0OAKCTrNQxoeo5vG/STxoKZ1+RPO4WhQCg5pAv
>> KzJFQjdlo1m4XN3X5GpbVYE=
>> =vmPb
>> -----END PGP SIGNATURE-----
>>
>> Random Thought:
>> ---------------
>> I exercise extreme self-control. I never drink anything stronger
>> than gin before breakfast. - W. C. Fields, 1880 - 1946
>>
>> ------------------------------------
>> This is the Juneau-LUG mailing list.
>> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
>> with the word unsubscribe in the subject header.
>>
>
>
> ------------------------------------
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
> the word unsubscribe in the subject header.
>




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBdCRIifbfg5b2FvURAkw8AJ9VcPQSKeLYbAraAxRB1p7Lxk+s9QCfdpsv
Y8a4q4HQ2CSHOgU6+O+gJC0=
=N4W7
-----END PGP SIGNATURE-----

Random Thought:
---------------
A word is dead when it is said, some say. I say it just begins to live that 
day. - Emily Dickinson, 1830 - 1886

------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts:

  1. Home
  2. juneau-lug
  3. Archive
  4. 10-2004