wpa_supplicant && ipfilter && FreeBSD 6.0-REL

Thu, 11 May 2006 06:19:13 -0700 

Hello,

I'm using ipfilter v4.1.8 in FreeBSD 6.0-REL to protect my
laptop while traveling around or at home when I'm connected
with Wi-Fi to the Internet.

At home I'm accessing my access point only with WEP security
and ipfilter / ipnat works fine and as expected.

In my office recently we installed an AP as well with WPA-PSK security
and when I launched it for the 1st time it did not work and I was
thinking in a some how missconfigured AP or W-LAN interface in my
laptop. After hours it turned out, that it works fine but only
when I remove the ipfilter with '/sbin/ipf -D' or if I remove the
entry for ipfilter from the boot file /etc/rc.conf.

It even does not work with a very simple /etc/ipf.rules file like:


    #
    # No restrictions on Wi-Fi
    #  
    pass out quick on iwi0 all
    pass in  quick on iwi0 all
    
    #
    # No restrictions on Loopback Interface
    #
    pass in  quick on lo0 all
    pass out quick on lo0 all

The Wi-Fi itselft comes up after booting with a script:

    #!/bin/sh
    #
    
    kldload -v wlan_acl wlan_wep wlan_ccmp wlan_tkip
    
    ifconfig bge0 down
    ifconfig bge0 inet 222.222.222.222
    route delete default
    
    wpa_supplicant -B -i iwi0 -c /etc/wpa_supplicant.conf
    
    sleep 1
    ifconfig iwi0 inet 193.31.10.34 netmask 255.255.255.224
    route add default 193.31.10.58

The interface iwi0 gets associated fine without any problem
but traffic does not go out.

I have the following kernel mods loaded:

# kldstat
Id Refs Address    Size     Name
 1   25 0xc0400000 63070c   kernel
 2    1 0xc0a31000 4d08     if_tap.ko
 3    1 0xc0a36000 57c8     snd_ich.ko
 4    2 0xc0a3c000 1d408    sound.ko
 5    1 0xc0a5a000 a30c     if_iwi.ko
 6    1 0xc0a65000 2c90     wlan_wep.ko
 7    1 0xc0a68000 4ac8     atapicam.ko
 8   16 0xc0a6d000 568dc    acpi.ko
 9    1 0xc27c5000 2a000    ipl.ko
10    1 0xc2916000 15000    linux.ko
11    1 0xc2d13000 3000     wlan_acl.ko
12    1 0xc2d1e000 7000     wlan_ccmp.ko
13    1 0xc2d25000 4000     wlan_tkip.ko

What could be the problem with the ipfilter?
Thx

        matthias

-- 
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <[EMAIL PROTECTED]> - w http://www.oclcpica.org/ http://guru.UnixLand.de/

Reply via email to