[juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
- From: Steven Elliot <patches5@xxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Mon, 18 Oct 2004 16:44:09 -0800
Okay, I was trying to change all my refrences to my internal interface over to
the bridge interface and I ran into some problems. First here's the output of
'brconfig -a'.
bridge0: flags=41<UP,RUNNING>
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
Interfaces:
wi0 flags=3<LEARNING,DISCOVER>
port 3 ifpriority 128 ifcost 55
dc0 flags=3<LEARNING,DISCOVER>
port 1 ifpriority 128 ifcost 55
Addresses (max cache: 100, timeout: 240):
00:50:da:cf:b3:27 dc0 1 flags=0<>
00:40:33:d3:8e:be dc0 1 flags=0<>
As far as I can tell the bridge is up and running. ifconfig -a confirms this
too. Now a couple of problems I ran into. First dhcpd won't bind to bridge0.
When I try to start dhcpd from the command line manually using 'dhcpd bridge0'
I get the error, "dhcpd: bridge0: not found'. Maybe dhcpd can't run on
bridges? Also of note I get the same result if I try to start dhcpd on the
wireless interface.
Furthermore when I run pf the rule 'nat on $ext_if from bridge0 -> ($ext_if)'
results in the error "no IP address found for bridge0".
Am I missing something? Does the bridge need it's own IP? Once again thanks
for your help.
----- Original Message -----
From: Myron Davis <myrond@xxxxxxxxxxx>
Date: Monday, October 18, 2004 12:15 pm
Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yep, you need to change all entries to point to your bridge, your dhcp
> server, and yes you need to change your pf.conf rules so that
> bridge0 is
> the internal interface.
>
> At this point it is almost like your wireless and wired segments are
> non-existent, the only interface that matters is the bridge interface.
>
> - -Myron
>
> > Thanks for your reply. I also think that going with a bridge is
> probably> the easiest solution but I still have some
> questions/problems. I setup my
> > bridge between my wireless interface and my internal ethernet
> interface.> I can connect to the AP but my wlan clients still end
> up with IPs like
> > this, 169.254.92.9. On my router I get an arp error saying:
> 'arplookup:> unable to enter address for 169.254.92.9'.
> >
> > Now that I've setup a bridge between my wireless and internal
> interfaces> do I need to change all my pf.conf rules so that
> bridge0 is considered the
> > internal interface? I'm not quite sure what do from now on out.
> >
> >
> > ----- Original Message -----
> > From: Myron Davis <myrond@xxxxxxxxxxx>
> > Date: Monday, October 18, 2004 1:30 am
> > Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
> >
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Any and all of them, personally I'd go w/ a bridge, easy to setup
> >> and run
> >> with. You could of course setup different networks for both
> >> wireless and
> >> wired. Big thing about a bridge after you create it, if you have
> >> anythingpointing to your local ethernet interfaces you should point
> >> change the
> >> pointer to the bridge interface instead. You don't even need IP
> >> addressess for your wireless interface or your ethernet interface
> >> anymore.
> >> Not sure about BSD land but I know on linux side there are several
> >> different drivers for wireless and some create different interfaces
> >> forthe different types of methods of interacting with wireless
> >> clients.(i.e. your mail interface is wifi0, if you sniff data there
> >> you'll see
> >> link layer traffic, then if you want regular ethernet filters
> >> traffic you
> >> connect to wlan0, if you want wds traffic you connect to wlan0wdsX
> >> where x
> >> is the wds network, or if you want a station interface and your in
> >> mastermode you connect to wlan0sta). But different drivers (and
> >> differentversions of drivers) do things quite a bit differently.
> >>
> >> - -Myron
> >>
> >> > Hello, I've been to a few meetings so you may or may not
> >> remember me but
> >> > I was hoping that someone with some OBSD experience could help me
> >> out.> I'm trying to build a OpenBSD based router/gateway/firewall
> >> for my home
> >> > lan. The whole thing should look similar to this:
> >> >
> >> > Internet --> Cable Modem --> OBSD --> Hub --> LAN Clients
> >> >
> >> > The gateway has three interfaces(external, internal and
> >> wireless). I've
> >> > been able to get pf to do NAT and packet filtering between the
> two>> > ethernet external and internal interfaces. I've also been
> able>> to get
> >> > dhcpd to pass out leases to LAN clients on the internal
> >> interface. This
> >> > all works more or less. The big problem is the wireless.
> >> >
> >> > I've been able to create my access point with the following
> script.>> >
> >> > #!/bin/sh
> >> > #Used HOWTO -->
> >> http://www.unixcircle.com/features/802.11b_openbsd.php> ifconfig
> >> wi0 inet up nwid hogwarts media DS11 mediaopt hostap
> >> > wicontrol -e 1
> >> > wicontrol -k 0xblahblahblah -v 1
> >> > wicontrol -T 1
> >> > wicontrol -f 11
> >> > wicontrol -s "OpenBSD_AP"
> >> >
> >> > This script is run by rc.local and creates the interface as
> shown:>> >
> >> > wi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> >> mtu 1500
> >> > address: 00:05:5d:ee:6e:3e
> >> > nwid hogwarts
> >> > nwkey blahblahblah
> >> > powersave off
> >> > media: IEEE802.11 DS11 hostap
> >> > status: active
> >> > inet6 fe80::205:5dff:feee:6e3e%wi0 prefixlen 64
> scopeid 0x3
> >> > inet 192.168.1.1 netmask 0xffffff00 broadcast
> 192.168.1.255>> >
> >> > As I mention previously I can connect to the resulting AP with my
> >> wireless> clients. However weird things that I don't understand
> >> start happening
> >> > from here on out. For example, I can't seem to ping 192.168.1.1
> >> from my
> >> > wireless clients, or I my wlan clients get IPs like
> >> 169.158.***.***. This
> >> > is essentially where my gas tank of knowledge runs empty. Do I,
> >> >
> >> > 1)Create bridge device between my wireless and internal
> interfaces?>> > 2)Create seperate NAT rules for wireless interface?
> >> > 3)Run dhcpd on my wireless interface?
> >> >
> >> > Any advice on the matter would be appreciated. Thanks.
> >> >
> >> > Kevin Elliott
> >> >
> >> >
> >> > ------------------------------------
> >> > This is the Juneau-LUG mailing list.
> >> > To unsubscribe, send an e-mail to juneau-lug-
> >> request@xxxxxxxxxxxxx with
> >> > the word unsubscribe in the subject header.
> >> >
> >>
> >>
> >> -----BEGIN PGP SIGNATURE-----
> >> Version: GnuPG v1.2.5 (GNU/Linux)
> >>
> >> iD8DBQFBc40Uifbfg5b2FvURAk0OAKCTrNQxoeo5vG/STxoKZ1+RPO4WhQCg5pAv
> >> KzJFQjdlo1m4XN3X5GpbVYE=
> >> =vmPb
> >> -----END PGP SIGNATURE-----
> >>
> >> Random Thought:
> >> ---------------
> >> I exercise extreme self-control. I never drink anything stronger
> >> than gin before breakfast. - W. C. Fields, 1880 - 1946
> >>
> >> ------------------------------------
> >> This is the Juneau-LUG mailing list.
> >> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
> >> with the word unsubscribe in the subject header.
> >>
> >
> >
> > ------------------------------------
> > This is the Juneau-LUG mailing list.
> > To unsubscribe, send an e-mail to juneau-lug-
> request@xxxxxxxxxxxxx with
> > the word unsubscribe in the subject header.
> >
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> iD8DBQFBdCRIifbfg5b2FvURAkw8AJ9VcPQSKeLYbAraAxRB1p7Lxk+s9QCfdpsv
> Y8a4q4HQ2CSHOgU6+O+gJC0=
> =N4W7
> -----END PGP SIGNATURE-----
>
> Random Thought:
> ---------------
> A word is dead when it is said, some say. I say it just begins to
> live that day. - Emily Dickinson, 1830 - 1886
>
> ------------------------------------
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
> with the word unsubscribe in the subject header.
>
------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
