Re: DHCP pf and bridges
Greg Hennessy wrote: > On 12 Aug 2004 08:35:42 -0700, [EMAIL PROTECTED] (Brent Bolin) wrote: > > > >>Trader... >> >>pf is ported to FBSD > > > It also works fine with a bridged wireless NIC, I've used it here. > > > greg > Cheers chaps, I realise that pf is in FreeBSD - but I has assumed that wasn't in stable yet...still I'm enjoying my OpenBSD sojourn. I've built this AP before with Linux, FreeBSD and Mac OS X - all worked fine. For the past 6 months I've been using m0n0wall. which is a FreeBSD based micro-distro with a web front end - really slick, but after 6 months, as you can see, I'd forgotten how to do it myself. Those of you thinking about soekris should check out m0n0.ch - that's what it was built for originally. David chub posted this: pass in quick on $ext inet proto icmp from any to $yournet pass out quick on $ext inet proto icmp from $yournet to any pass in quick on $int inet proto icmp from $yournet to any pass out quick on $int inet proto icmp from any to $yournet pass in quick on $wlan inet proto icmp from $yournet to any pass out quick on $wlan inet proto icmp from any to $yournet ..which after commenting out the first two lines works like a charm to get pinging working both sides of the bridge. The bridge seems to be working fine, I'm writing this from a laptop hanging off the wlan - so those posts about not being able to bridge wlans seem outdated. I can surf/ftp/email whatever - the only thing not working is dhcp - which is working fine on the other side of the bridge...any thoughts? Thanks so-far - OpenBSD people seem rather chummie ;-) Pete
Re: DHCP pf and bridges
On Thu, 12 Aug 2004 17:46:07 GMT, itinerant <[EMAIL PROTECTED]> wrote: >Greg Hennessy wrote: > >> On 12 Aug 2004 08:35:42 -0700, [EMAIL PROTECTED] (Brent Bolin) wrote: >> >> >> >>>Trader... >>> >>>pf is ported to FBSD >> >> >> It also works fine with a bridged wireless NIC, I've used it here. >> >> >> greg >> >Cheers chaps, > >I realise that pf is in FreeBSD - but I has assumed that wasn't in >stable yet... Come the 3'rd of October it will be :-). greg -- Konnt ihr mich horen? Konnt ihr mich sehen? Konnt ihr mich fuhlen? Ich versteh euch nicht
Re: DHCP pf and bridges
On 12 Aug 2004 08:35:42 -0700, [EMAIL PROTECTED] (Brent Bolin) wrote: >Trader... > >pf is ported to FBSD It also works fine with a bridged wireless NIC, I've used it here. greg -- Konnt ihr mich horen? Konnt ihr mich sehen? Konnt ihr mich fuhlen? Ich versteh euch nicht
Re: DHCP pf and bridges
* Jason Opperisano <[EMAIL PROTECTED]> [2004-08-12 13:52]: > i'm not an expert on this--but i've seen it posted multiple times on > openbsd-misc that your cannot bridge with a wireless nic. bridging to a wi(4) in AP mode works just fine. bridging to a wi (and other drivers) in client or ad-hoc mode does not. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: DHCP pf and bridges
itinerant <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>...
> Hello There,
> I'm a complete newbie to OpenBSD - a veteran from FreeBSD attracted by
> the green grass of pf for a new firewall. Here's the rub - simple setup
> with nic connected to internet, nic connected to subnet, wireless card
> bridged to internal subnet. Dhcpd is running, working fine, handing out
> licenses on the internal ethernet - but no licenses on the wlan. If I
> manually configure a machine on the wireless lan - all is fine...also I
> can't ping from one side of the bridge to the other - but both sides
> reach the internet and router fine. Attached is a messy (well hacked)
> pf.conf
>
>
>
> # macros
> int_if = "rl0"
> ext_if = "le1"
> wi_if = "wi0"
> localnet = "10.0.0.0/24"
>
>
> tcp_services = "{ 20, 21, 22, 113 }"
> icmp_types = "echoreq"
>
> priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
>
> comp3 = "10.0.0.2"
>
> # options
> set block-policy return
> set loginterface $ext_if
>
> # scrub
> scrub in all
>
> # nat/rdr
> nat on $ext_if from $int_if:network to any -> ($ext_if)
> rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 \
> port 8021
> rdr on $ext_if proto tcp from any to any port 80 -> $comp3
>
> # filter rules
> block all
>
> pass quick on lo0 all
>
> block drop in quick on $ext_if from $priv_nets to any
> block drop out quick on $ext_if from any to $priv_nets
>
> pass in on $ext_if inet proto tcp from any to ($ext_if) \
> port $tcp_services flags S/SA keep state
>
> pass in on $ext_if proto tcp from any to $comp3 port 80 \
> flags S/SA synproxy state
>
> pass in inet proto icmp all icmp-type $icmp_types keep state
>
> pass in on $int_if from $int_if:network to any keep state
> pass out on $int_if from any to $int_if:network keep state
>
> pass out on $ext_if proto tcp all modulate state flags S/SA
> pass out on $ext_if proto { udp, icmp } all keep state
>
> pass out on $ext_if proto udp from any port = bootpc to { $localnet,
> 255.255.255.255 } port = bootps
> pass in on $ext_if proto udp from $localnet port = bootps to {
> $localnet, 255.255.255.255 } port = bootpc
Trader...
pf is ported to FBSD
Re: DHCP pf and bridges
On Aug 12, 2004, at 5:49 AM, Jason Opperisano wrote: Hello There, I'm a complete newbie to OpenBSD - a veteran from FreeBSD attracted by the green grass of pf for a new firewall. Here's the rub - simple setup with nic connected to internet, nic connected to subnet, wireless card bridged to internal subnet. Dhcpd is running, working fine, handing out licenses on the internal ethernet - but no licenses on the wlan. If I manually configure a machine on the wireless lan - all is fine...also I can't ping from one side of the bridge to the other - but both sides reach the internet and router fine. Attached is a messy (well hacked) pf.conf i'm not an expert on this--but i've seen it posted multiple times on openbsd-misc that your cannot bridge with a wireless nic. you're going to have to subnet wireless & wired networks and route between them. http://marc.theaimsgroup.com/?l=openbsd-misc&m=109170776211283&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=108558996927905&w=2 I'm surprised to read this, as bridging to/from a wireless interface from/to an ethernet interface is a standard behavior of the machines which populate my network -- though these are all Apple products. Is there a reason the wireless cards aren't seen as ordinary ethernet interfaces by OpenBSD? If you plug a wireless card into a Powerbook, the Powerbook sees it as an ethernet interface and you can treat it just like one for firewall and routing purposes. Are these posts still accurate? I was considering moving from my existing (workable, but suboptimal) router to a Soekris or the like running OpenBSD, but the inability to make the wireless bridge work would be a nuisance. I have configured a base station to do NAT though, and the user experience is very much like a bridge as far as talking to the Internet goes, I just worry that routing between the 10.0.1.x legs and the 192.1698.1.x legs of the lan might be tricky. Thanks, Chris
Re: DHCP pf and bridges
> Hello There, > I'm a complete newbie to OpenBSD - a veteran from FreeBSD attracted by > the green grass of pf for a new firewall. Here's the rub - simple setup > with nic connected to internet, nic connected to subnet, wireless card > bridged to internal subnet. Dhcpd is running, working fine, handing out > licenses on the internal ethernet - but no licenses on the wlan. If I > manually configure a machine on the wireless lan - all is fine...also I > can't ping from one side of the bridge to the other - but both sides > reach the internet and router fine. Attached is a messy (well hacked) > pf.conf i'm not an expert on this--but i've seen it posted multiple times on openbsd-misc that your cannot bridge with a wireless nic. you're going to have to subnet wireless & wired networks and route between them. http://marc.theaimsgroup.com/?l=openbsd-misc&m=109170776211283&w=2 http://marc.theaimsgroup.com/?l=openbsd-misc&m=108558996927905&w=2 -j
