Re: Firewall with 3 NIC (1 wireless) problem
Mark Moellering wrote: I am attempting to add a wireless capabilities to an existing network / firewall structure. I added a wireless NIC card to the firewall (Netgear WPN311) and followed the wireless instructions. I also added a similar card to an existing computer (Netgear WG311T). The Firewall's internal wired network is on 192.168.1.1 and the Wireless card is set to 192.168.2.1 The client computer can find the wireless network and I can ping the wireless card (192.168.2.1) However, I can get nowhere else. I cannot get to the wired subnet nor outside access to the internet. I tried adding a bridge from the wired to the wireless network interfaces but that did nothing. I tried putting the wireless Nic to 192.168.1.249 but that made things worse. Any help would be greatly appreciated. Both client and firewall are running Freebsd 6.1 Relevant (that I can think of) files from the firewall are included... The bridge is not necessary. If you're trying to make all the traffic traverse the wireless network, you'll have to change the default gateway on the client. Otherwise the traffic will traverse bge0 as indicated in the client routing table. Otherwise, I would examine the firewall. Change it to allow all traffic and see if that makes a difference. Verify that your nat configuration is correct. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Firewall with 3 NIC (1 wireless) problem
Dennis, Thanks so much for your help. Here is the ifconfig -v and netstat (a variety) from both the client and firewall. Both the client and the firewall have an ath0 (192.168.2.1 for firewall, 192.168.2.5 for the client) and a bge0 (192.168.1.1 for firewall, 192.168.1.2 for client). After booting the client, I disconnect the ethernet cable on the bge0 interface to force traffic over the wireless ath0. I am by no means a professional, I may have missed something or be doing something fairly obviously wrong. Thanks Again, Mark Moellering On Thursday 25 May 2006 12:17 am, Dennis Olvany wrote: > > net.link.ether.bridge.enable=1 > > net.link.ether.bridge.config=bge0, ath0 > > Let's have a look at ifconfig and netstat -r. Whats with this bridge? > Think you'd be better off without it. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" Script started on Thu May 25 22:19:06 2006 AlphaOne# ifconfig -v bge0: flags=8843 mtu 1500 options=1b inet6 fe80::209:5bff:fe20:aa23%bge0 prefixlen 64 scopeid 0x1 inet 192.168.1.2 netmask 0xff00 broadcast 192.168.1.255 ether 00:09:5b:20:aa:23 media: Ethernet autoselect (none) status: no carrier ath0: flags=8843 mtu 1500 inet6 fe80::214:6cff:fe2c:a8c0%ath0 prefixlen 64 scopeid 0x2 inet 192.168.2.5 netmask 0xff00 broadcast 192.168.2.255 ether 00:14:6c:2c:a8:c0 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/24Mbps) status: associated ssid psyberation channel 1 (2412) bssid 00:0f:b5:8a:77:44 authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpowmax 37 txpower 63 rtsthreshold 2346 mcastrate 1 fragthreshold 2346 -pureg protmode CTS -wme burst roaming MANUAL bintval 100 -countermeasures plip0: flags=108810 mtu 1500 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 AlphaOne# exit exit Script done on Thu May 25 22:19:37 2006 Script started on Thu May 25 22:20:31 2006 AlphaOne# netstat Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c3e912bc stream 0 00 c3db97a800 /tmp/ksocket-Mark/kontactHOPVSF.slave-socket c3db97a8 stream 0 00 c3e912bc00 c3db9dac stream 0 00 c3db9c0800 /tmp/ksocket-Mark/kontactpn6RzM.slave-socket c3db9c08 stream 0 00 c3db9dac00 c3d2d7a8 stream 0 00 c3db9c9400 /tmp/.ICE-unix/dcop625-1148609162 c3db9c94 stream 0 00 c3d2d7a800 c3d2d834 stream 0 00 c3db9e3800 /tmp/.ICE-unix/646 c3db9e38 stream 0 00 c3d2d83400 c3db9af0 stream 0 00 c3db983400 /tmp/.X11-unix/X0 c3db9834 stream 0 00 c3db9af000 c3db9604 stream 0 00 c3db969000 /tmp/ksocket-Mark/klaunchersC8lmq.slave-socket c3db9690 stream 0 00 c3db960400 c3db98c0 stream 0 00 c3db994c00 /tmp/fam-Mark/fam- c3db994c stream 0 00 c3db98c000 c3e91348 stream 0 00 c3e913d400 /tmp/.ICE-unix/dcop625-1148609162 c3e913d4 stream 0 00 c3e9134800 c3e91460 stream 0 00 c3e914ec00 /tmp/.ICE-unix/dcop625-1148609162 c3e914ec stream 0 00 c3e9146000 c3e91578 stream 0 00 c3e9160400 /tmp/.ICE-unix/dcop625-1148609162 c3e91604 stream 0 00 c3e9157800 c3e91690 stream 0 00 c3e9171c00 /tmp/.ICE-unix/dcop625-1148609162 c3e9171c stream 0 00 c3e9169000 c3db9230 stream 0 00 c3db92bc00 /tmp/.ICE-unix/dcop625-1148609162 c3db92bc stream 0 00 c3db923000 c3d2dd20 stream 0 00 c3d2dc0800 /tmp/.ICE-unix/dcop625-1148609162 c3d2dc08 stream 0 00 c3d2dd2000 c3d2ddac stream 0 00 c3d2d71c00 /tmp/.ICE-unix/646 c3d2d71c stream 0 00 c3d2ddac00 c368dc94 stream 0 00 c368dc0800 /tmp/.X11-unix/X0 c368dc08 stream 0 00 c368dc9400 c368c4ec stream 0 00 c368c46000 /tmp/.ICE-unix/dcop
Re: Firewall with 3 NIC (1 wireless) problem
net.link.ether.bridge.enable=1 net.link.ether.bridge.config=bge0, ath0 Let's have a look at ifconfig and netstat -r. Whats with this bridge? Think you'd be better off without it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Firewall with 3 NIC (1 wireless) problem
This may be a wild shot in the dark. Netgear WPN311 & WG311T are both CLIENT RangeMax Wireless PCI Adapter cards. Looks to me like you are missing hardware needed to make your wanted wireless network to work. On your wired LAN you cable a Nic card in your gateway box to a hub/router/switch through which all other PC's on the LAN are connected into. A wireless system works much the same way. Your gateway box should have a Nic cabled to an wireless base/router through which all other PC's on the wireless LAN broadcast/communicate with. You need a Netgear RangeMax Wireless Router WPN824 which is a stand-a-lone piece of equipment cabled to your gateway box. The Netgear WPN311 card you have in the gateway box is useless. Use it for some other PC you want on your wireless LAN. Please take note that the built in hardware wireless wep/wpa encryption security is a laugh. Any body with some free software off the internet can drive down your street and pick up your wireless base broadcast and gain access to your network and the public internet through you if you only rely on wep/wpa encryption for access security. There are many solutions out there. Review the questions list archives on wireless security for many suggestion on how to protect your wireless network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Moellering Sent: Wednesday, May 24, 2006 10:33 AM To: freebsd-questions@freebsd.org Subject: Firewall with 3 NIC (1 wireless) problem I am attempting to add a wireless capabilities to an existing network / firewall structure. I added a wireless NIC card to the firewall (Netgear WPN311) and followed the wireless instructions. I also added a similar card to an existing computer (Netgear WG311T). The Firewall's internal wired network is on 192.168.1.1 and the Wireless card is set to 192.168.2.1 The client computer can find the wireless network and I can ping the wireless card (192.168.2.1) However, I can get nowhere else. I cannot get to the wired subnet nor outside access to the internet. I tried adding a bridge from the wired to the wireless network interfaces but that did nothing. I tried putting the wireless Nic to 192.168.1.249 but that made things worse. Any help would be greatly appreciated. Both client and firewall are running Freebsd 6.1 Relevant (that I can think of) files from the firewall are included... Thanks in Advance. Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Firewall with 3 NIC (1 wireless) problem
I am attempting to add a wireless capabilities to an existing network /
firewall structure. I added a wireless NIC card to the firewall (Netgear
WPN311) and followed the wireless instructions. I also added a similar card
to an existing computer (Netgear WG311T).
The Firewall's internal wired network is on 192.168.1.1 and the
Wireless card
is set to 192.168.2.1
The client computer can find the wireless network and I can ping the
wireless
card (192.168.2.1) However, I can get nowhere else. I cannot get to the
wired subnet nor outside access to the internet. I tried adding a bridge
from the wired to the wireless network interfaces but that did nothing. I
tried putting the wireless Nic to 192.168.1.249 but that made things worse.
Any help would be greatly appreciated.
Both client and firewall are running Freebsd 6.1 Relevant (that I can
think
of) files from the firewall are included...
Thanks in Advance.
Mark
interface=ath0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=6
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=mynet
wpa=1
wpa_passphrase=secretword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
# $FreeBSD: src/share/examples/pf/faq-example1,v 1.1 2004/09/14 01:07:18 mlaier
Exp $
# $OpenBSD: faq-example1,v 1.2 2003/08/06 16:04:45 henning Exp $
#
# Firewall for Home or Small Office
# http://www.openbsd.org/faq/pf/example1.html
#
# macros
int_if = "bge0"
wint_if = "ath0"
ext_if = "rl0"
tcp_services = "{ 22, 113 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
# options
set block-policy return
set loginterface $ext_if
# scrub
scrub in all
# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $wint_if:network to any -> ($ext_if)
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $wint_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
# filter rules
block all
pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass in on $ext_if inet proto tcp from any to ($ext_if) \
port $tcp_services flags S/SA keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass in on $wint_if from $wint_if:network to any keep state
pass out on $wint_if from $wint_if:network to any keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass in on $ext_if inet proto tcp from any to ($ext_if) \
user proxy keep state
# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
net.link.ether.bridge.enable=1
net.link.ether.bridge.config=bge0, ath0
# -- sysinstall generated deltas -- # Thu May 11 16:26:43 2006
# Created: Thu May 11 16:26:43 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
gateway_enable="YES"
linux_enable="YES"
moused_enable="YES"
usbd_enable="YES"
#Internal Wired Network
ifconfig_bge0="inet 192.168.1.1 netmask 255.255.255.0"
hostname="Firewall.mynet.com"
#Wireless Network
ifconfig_ath0="192.168.2.1 netmask 255.255.255.0 ssid mynet mode 11g mediaopt
hostap"
hostapd_enable="YES"
#External Gateway Interface
ifconfig_rl0="DHCP"
inetd_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="var/log/pflog"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
