[juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
- From: "Myron Davis" <myrond@xxxxxxxxxxx>
- To: juneau-lug@xxxxxxxxxxxxx
- Date: Mon, 18 Oct 2004 17:25:16 -0800 (AKDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Yeah you need to give bridge0 and IP address and remove the ip address
from your ethernet and wireless interfcaes.
You _SHOULD_ be able to find dhcpd to the bridge interface... try giving
it an IP and try again.
- -Myron
> Okay, I was trying to change all my refrences to my internal interface
> over to the bridge interface and I ran into some problems. First here's
> the output of 'brconfig -a'.
>
> bridge0: flags=41<UP,RUNNING>
> Configuration:
> priority 32768 hellotime 2 fwddelay 15 maxage 20
> Interfaces:
> wi0 flags=3<LEARNING,DISCOVER>
> port 3 ifpriority 128 ifcost 55
> dc0 flags=3<LEARNING,DISCOVER>
> port 1 ifpriority 128 ifcost 55
> Addresses (max cache: 100, timeout: 240):
> 00:50:da:cf:b3:27 dc0 1 flags=0<>
> 00:40:33:d3:8e:be dc0 1 flags=0<>
>
> As far as I can tell the bridge is up and running. ifconfig -a confirms
> this too. Now a couple of problems I ran into. First dhcpd won't bind to
> bridge0. When I try to start dhcpd from the command line manually using
> 'dhcpd bridge0' I get the error, "dhcpd: bridge0: not found'. Maybe dhcpd
> can't run on bridges? Also of note I get the same result if I try to
> start dhcpd on the wireless interface.
>
> Furthermore when I run pf the rule 'nat on $ext_if from bridge0 ->
> ($ext_if)' results in the error "no IP address found for bridge0".
>
> Am I missing something? Does the bridge need it's own IP? Once again
> thanks for your help.
>
> ----- Original Message -----
> From: Myron Davis <myrond@xxxxxxxxxxx>
> Date: Monday, October 18, 2004 12:15 pm
> Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Yep, you need to change all entries to point to your bridge, your dhcp
>> server, and yes you need to change your pf.conf rules so that
>> bridge0 is
>> the internal interface.
>>
>> At this point it is almost like your wireless and wired segments are
>> non-existent, the only interface that matters is the bridge interface.
>>
>> - -Myron
>>
>> > Thanks for your reply. I also think that going with a bridge is
>> probably> the easiest solution but I still have some
>> questions/problems. I setup my
>> > bridge between my wireless interface and my internal ethernet
>> interface.> I can connect to the AP but my wlan clients still end
>> up with IPs like
>> > this, 169.254.92.9. On my router I get an arp error saying:
>> 'arplookup:> unable to enter address for 169.254.92.9'.
>> >
>> > Now that I've setup a bridge between my wireless and internal
>> interfaces> do I need to change all my pf.conf rules so that
>> bridge0 is considered the
>> > internal interface? I'm not quite sure what do from now on out.
>> >
>> >
>> > ----- Original Message -----
>> > From: Myron Davis <myrond@xxxxxxxxxxx>
>> > Date: Monday, October 18, 2004 1:30 am
>> > Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions
>> >
>> >> -----BEGIN PGP SIGNED MESSAGE-----
>> >> Hash: SHA1
>> >>
>> >> Any and all of them, personally I'd go w/ a bridge, easy to setup
>> >> and run
>> >> with. You could of course setup different networks for both
>> >> wireless and
>> >> wired. Big thing about a bridge after you create it, if you have
>> >> anythingpointing to your local ethernet interfaces you should point
>> >> change the
>> >> pointer to the bridge interface instead. You don't even need IP
>> >> addressess for your wireless interface or your ethernet interface
>> >> anymore.
>> >> Not sure about BSD land but I know on linux side there are several
>> >> different drivers for wireless and some create different interfaces
>> >> forthe different types of methods of interacting with wireless
>> >> clients.(i.e. your mail interface is wifi0, if you sniff data there
>> >> you'll see
>> >> link layer traffic, then if you want regular ethernet filters
>> >> traffic you
>> >> connect to wlan0, if you want wds traffic you connect to wlan0wdsX
>> >> where x
>> >> is the wds network, or if you want a station interface and your in
>> >> mastermode you connect to wlan0sta). But different drivers (and
>> >> differentversions of drivers) do things quite a bit differently.
>> >>
>> >> - -Myron
>> >>
>> >> > Hello, I've been to a few meetings so you may or may not
>> >> remember me but
>> >> > I was hoping that someone with some OBSD experience could help me
>> >> out.> I'm trying to build a OpenBSD based router/gateway/firewall
>> >> for my home
>> >> > lan. The whole thing should look similar to this:
>> >> >
>> >> > Internet --> Cable Modem --> OBSD --> Hub --> LAN Clients
>> >> >
>> >> > The gateway has three interfaces(external, internal and
>> >> wireless). I've
>> >> > been able to get pf to do NAT and packet filtering between the
>> two>> > ethernet external and internal interfaces. I've also been
>> able>> to get
>> >> > dhcpd to pass out leases to LAN clients on the internal
>> >> interface. This
>> >> > all works more or less. The big problem is the wireless.
>> >> >
>> >> > I've been able to create my access point with the following
>> script.>> >
>> >> > #!/bin/sh
>> >> > #Used HOWTO -->
>> >> http://www.unixcircle.com/features/802.11b_openbsd.php> ifconfig
>> >> wi0 inet up nwid hogwarts media DS11 mediaopt hostap
>> >> > wicontrol -e 1
>> >> > wicontrol -k 0xblahblahblah -v 1
>> >> > wicontrol -T 1
>> >> > wicontrol -f 11
>> >> > wicontrol -s "OpenBSD_AP"
>> >> >
>> >> > This script is run by rc.local and creates the interface as
>> shown:>> >
>> >> > wi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> >> mtu 1500
>> >> > address: 00:05:5d:ee:6e:3e
>> >> > nwid hogwarts
>> >> > nwkey blahblahblah
>> >> > powersave off
>> >> > media: IEEE802.11 DS11 hostap
>> >> > status: active
>> >> > inet6 fe80::205:5dff:feee:6e3e%wi0 prefixlen 64
>> scopeid 0x3
>> >> > inet 192.168.1.1 netmask 0xffffff00 broadcast
>> 192.168.1.255>> >
>> >> > As I mention previously I can connect to the resulting AP with my
>> >> wireless> clients. However weird things that I don't understand
>> >> start happening
>> >> > from here on out. For example, I can't seem to ping 192.168.1.1
>> >> from my
>> >> > wireless clients, or I my wlan clients get IPs like
>> >> 169.158.***.***. This
>> >> > is essentially where my gas tank of knowledge runs empty. Do I,
>> >> >
>> >> > 1)Create bridge device between my wireless and internal
>> interfaces?>> > 2)Create seperate NAT rules for wireless interface?
>> >> > 3)Run dhcpd on my wireless interface?
>> >> >
>> >> > Any advice on the matter would be appreciated. Thanks.
>> >> >
>> >> > Kevin Elliott
>> >> >
>> >> >
>> >> > ------------------------------------
>> >> > This is the Juneau-LUG mailing list.
>> >> > To unsubscribe, send an e-mail to juneau-lug-
>> >> request@xxxxxxxxxxxxx with
>> >> > the word unsubscribe in the subject header.
>> >> >
>> >>
>> >>
>> >> -----BEGIN PGP SIGNATURE-----
>> >> Version: GnuPG v1.2.5 (GNU/Linux)
>> >>
>> >> iD8DBQFBc40Uifbfg5b2FvURAk0OAKCTrNQxoeo5vG/STxoKZ1+RPO4WhQCg5pAv
>> >> KzJFQjdlo1m4XN3X5GpbVYE=
>> >> =vmPb
>> >> -----END PGP SIGNATURE-----
>> >>
>> >> Random Thought:
>> >> ---------------
>> >> I exercise extreme self-control. I never drink anything stronger
>> >> than gin before breakfast. - W. C. Fields, 1880 - 1946
>> >>
>> >> ------------------------------------
>> >> This is the Juneau-LUG mailing list.
>> >> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
>> >> with the word unsubscribe in the subject header.
>> >>
>> >
>> >
>> > ------------------------------------
>> > This is the Juneau-LUG mailing list.
>> > To unsubscribe, send an e-mail to juneau-lug-
>> request@xxxxxxxxxxxxx with
>> > the word unsubscribe in the subject header.
>> >
>>
>>
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.5 (GNU/Linux)
>>
>> iD8DBQFBdCRIifbfg5b2FvURAkw8AJ9VcPQSKeLYbAraAxRB1p7Lxk+s9QCfdpsv
>> Y8a4q4HQ2CSHOgU6+O+gJC0=
>> =N4W7
>> -----END PGP SIGNATURE-----
>>
>> Random Thought:
>> ---------------
>> A word is dead when it is said, some say. I say it just begins to
>> live that day. - Emily Dickinson, 1830 - 1886
>>
>> ------------------------------------
>> This is the Juneau-LUG mailing list.
>> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx
>> with the word unsubscribe in the subject header.
>>
>
>
> ------------------------------------
> This is the Juneau-LUG mailing list.
> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with
> the word unsubscribe in the subject header.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBdGz8ifbfg5b2FvURAuE/AJwNxNIwtwAxXDZwBrfpRlbzHvO59ACg872z
gB4v1fQ82uHJ2lLj+QjOt8Q=
=UjZA
-----END PGP SIGNATURE-----
Random Thought:
---------------
Better to be nouveau than never to have been riche at all.
------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the
word unsubscribe in the subject header.
Other related posts:
