-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah you need to give bridge0 and IP address and remove the ip address from your ethernet and wireless interfcaes. You _SHOULD_ be able to find dhcpd to the bridge interface... try giving it an IP and try again. - -Myron > Okay, I was trying to change all my refrences to my internal interface > over to the bridge interface and I ran into some problems. First here's > the output of 'brconfig -a'. > > bridge0: flags=41<UP,RUNNING> > Configuration: > priority 32768 hellotime 2 fwddelay 15 maxage 20 > Interfaces: > wi0 flags=3<LEARNING,DISCOVER> > port 3 ifpriority 128 ifcost 55 > dc0 flags=3<LEARNING,DISCOVER> > port 1 ifpriority 128 ifcost 55 > Addresses (max cache: 100, timeout: 240): > 00:50:da:cf:b3:27 dc0 1 flags=0<> > 00:40:33:d3:8e:be dc0 1 flags=0<> > > As far as I can tell the bridge is up and running. ifconfig -a confirms > this too. Now a couple of problems I ran into. First dhcpd won't bind to > bridge0. When I try to start dhcpd from the command line manually using > 'dhcpd bridge0' I get the error, "dhcpd: bridge0: not found'. Maybe dhcpd > can't run on bridges? Also of note I get the same result if I try to > start dhcpd on the wireless interface. > > Furthermore when I run pf the rule 'nat on $ext_if from bridge0 -> > ($ext_if)' results in the error "no IP address found for bridge0". > > Am I missing something? Does the bridge need it's own IP? Once again > thanks for your help. > > ----- Original Message ----- > From: Myron Davis <myrond@xxxxxxxxxxx> > Date: Monday, October 18, 2004 12:15 pm > Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Yep, you need to change all entries to point to your bridge, your dhcp >> server, and yes you need to change your pf.conf rules so that >> bridge0 is >> the internal interface. >> >> At this point it is almost like your wireless and wired segments are >> non-existent, the only interface that matters is the bridge interface. >> >> - -Myron >> >> > Thanks for your reply. I also think that going with a bridge is >> probably> the easiest solution but I still have some >> questions/problems. I setup my >> > bridge between my wireless interface and my internal ethernet >> interface.> I can connect to the AP but my wlan clients still end >> up with IPs like >> > this, 169.254.92.9. On my router I get an arp error saying: >> 'arplookup:> unable to enter address for 169.254.92.9'. >> > >> > Now that I've setup a bridge between my wireless and internal >> interfaces> do I need to change all my pf.conf rules so that >> bridge0 is considered the >> > internal interface? I'm not quite sure what do from now on out. >> > >> > >> > ----- Original Message ----- >> > From: Myron Davis <myrond@xxxxxxxxxxx> >> > Date: Monday, October 18, 2004 1:30 am >> > Subject: [juneau-lug] Re: OpenBSD Gateway; A Whole Heap of Questions >> > >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Hash: SHA1 >> >> >> >> Any and all of them, personally I'd go w/ a bridge, easy to setup >> >> and run >> >> with. You could of course setup different networks for both >> >> wireless and >> >> wired. Big thing about a bridge after you create it, if you have >> >> anythingpointing to your local ethernet interfaces you should point >> >> change the >> >> pointer to the bridge interface instead. You don't even need IP >> >> addressess for your wireless interface or your ethernet interface >> >> anymore. >> >> Not sure about BSD land but I know on linux side there are several >> >> different drivers for wireless and some create different interfaces >> >> forthe different types of methods of interacting with wireless >> >> clients.(i.e. your mail interface is wifi0, if you sniff data there >> >> you'll see >> >> link layer traffic, then if you want regular ethernet filters >> >> traffic you >> >> connect to wlan0, if you want wds traffic you connect to wlan0wdsX >> >> where x >> >> is the wds network, or if you want a station interface and your in >> >> mastermode you connect to wlan0sta). But different drivers (and >> >> differentversions of drivers) do things quite a bit differently. >> >> >> >> - -Myron >> >> >> >> > Hello, I've been to a few meetings so you may or may not >> >> remember me but >> >> > I was hoping that someone with some OBSD experience could help me >> >> out.> I'm trying to build a OpenBSD based router/gateway/firewall >> >> for my home >> >> > lan. The whole thing should look similar to this: >> >> > >> >> > Internet --> Cable Modem --> OBSD --> Hub --> LAN Clients >> >> > >> >> > The gateway has three interfaces(external, internal and >> >> wireless). I've >> >> > been able to get pf to do NAT and packet filtering between the >> two>> > ethernet external and internal interfaces. I've also been >> able>> to get >> >> > dhcpd to pass out leases to LAN clients on the internal >> >> interface. This >> >> > all works more or less. The big problem is the wireless. >> >> > >> >> > I've been able to create my access point with the following >> script.>> > >> >> > #!/bin/sh >> >> > #Used HOWTO --> >> >> http://www.unixcircle.com/features/802.11b_openbsd.php> ifconfig >> >> wi0 inet up nwid hogwarts media DS11 mediaopt hostap >> >> > wicontrol -e 1 >> >> > wicontrol -k 0xblahblahblah -v 1 >> >> > wicontrol -T 1 >> >> > wicontrol -f 11 >> >> > wicontrol -s "OpenBSD_AP" >> >> > >> >> > This script is run by rc.local and creates the interface as >> shown:>> > >> >> > wi0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> >> >> mtu 1500 >> >> > address: 00:05:5d:ee:6e:3e >> >> > nwid hogwarts >> >> > nwkey blahblahblah >> >> > powersave off >> >> > media: IEEE802.11 DS11 hostap >> >> > status: active >> >> > inet6 fe80::205:5dff:feee:6e3e%wi0 prefixlen 64 >> scopeid 0x3 >> >> > inet 192.168.1.1 netmask 0xffffff00 broadcast >> 192.168.1.255>> > >> >> > As I mention previously I can connect to the resulting AP with my >> >> wireless> clients. However weird things that I don't understand >> >> start happening >> >> > from here on out. For example, I can't seem to ping 192.168.1.1 >> >> from my >> >> > wireless clients, or I my wlan clients get IPs like >> >> 169.158.***.***. This >> >> > is essentially where my gas tank of knowledge runs empty. Do I, >> >> > >> >> > 1)Create bridge device between my wireless and internal >> interfaces?>> > 2)Create seperate NAT rules for wireless interface? >> >> > 3)Run dhcpd on my wireless interface? >> >> > >> >> > Any advice on the matter would be appreciated. Thanks. >> >> > >> >> > Kevin Elliott >> >> > >> >> > >> >> > ------------------------------------ >> >> > This is the Juneau-LUG mailing list. >> >> > To unsubscribe, send an e-mail to juneau-lug- >> >> request@xxxxxxxxxxxxx with >> >> > the word unsubscribe in the subject header. >> >> > >> >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> >> Version: GnuPG v1.2.5 (GNU/Linux) >> >> >> >> iD8DBQFBc40Uifbfg5b2FvURAk0OAKCTrNQxoeo5vG/STxoKZ1+RPO4WhQCg5pAv >> >> KzJFQjdlo1m4XN3X5GpbVYE= >> >> =vmPb >> >> -----END PGP SIGNATURE----- >> >> >> >> Random Thought: >> >> --------------- >> >> I exercise extreme self-control. I never drink anything stronger >> >> than gin before breakfast. - W. C. Fields, 1880 - 1946 >> >> >> >> ------------------------------------ >> >> This is the Juneau-LUG mailing list. >> >> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx >> >> with the word unsubscribe in the subject header. >> >> >> > >> > >> > ------------------------------------ >> > This is the Juneau-LUG mailing list. >> > To unsubscribe, send an e-mail to juneau-lug- >> request@xxxxxxxxxxxxx with >> > the word unsubscribe in the subject header. >> > >> >> >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.5 (GNU/Linux) >> >> iD8DBQFBdCRIifbfg5b2FvURAkw8AJ9VcPQSKeLYbAraAxRB1p7Lxk+s9QCfdpsv >> Y8a4q4HQ2CSHOgU6+O+gJC0= >> =N4W7 >> -----END PGP SIGNATURE----- >> >> Random Thought: >> --------------- >> A word is dead when it is said, some say. I say it just begins to >> live that day. - Emily Dickinson, 1830 - 1886 >> >> ------------------------------------ >> This is the Juneau-LUG mailing list. >> To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx >> with the word unsubscribe in the subject header. >> > > > ------------------------------------ > This is the Juneau-LUG mailing list. > To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with > the word unsubscribe in the subject header. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBdGz8ifbfg5b2FvURAuE/AJwNxNIwtwAxXDZwBrfpRlbzHvO59ACg872z gB4v1fQ82uHJ2lLj+QjOt8Q= =UjZA -----END PGP SIGNATURE----- Random Thought: --------------- Better to be nouveau than never to have been riche at all. ------------------------------------ This is the Juneau-LUG mailing list. To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the word unsubscribe in the subject header.