From owner-freebsd-questions@FreeBSD.ORG Sun Feb 7 10:29:04 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FD34106566B for ; Sun, 7 Feb 2010 10:29:04 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id AAD598FC08 for ; Sun, 7 Feb 2010 10:29:03 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o17ASw2p071115 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sun, 7 Feb 2010 10:28:59 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk o17ASw2p071115 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1265538539; bh=9Z4+AQmwBjNe1UjynFJmP+99rEYYFMNH86hBICG7i1k=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding:Cc:Content-Type: Date:From:In-Reply-To:Message-ID:Mime-Version:References:To; z=Message-ID:=20<4B6E95EA.6090009@infracaninophile.co.uk>|Date:=20S un,=2007=20Feb=202010=2010:28:58=20+0000|From:=20Matthew=20Seaman= 20|Organization:=20Infracaninophi le|User-Agent:=20Mozilla/5.0=20(Macintosh=3B=20U=3B=20Intel=20Mac= 20OS=20X=2010.6=3B=20en-GB=3B=20rv:1.9.1.7)=20Gecko/20100111=20Thu nderbird/3.0.1|MIME-Version:=201.0|To:=20Bill=20Tillman=20|CC:=20freebsd-questions@freebsd.org|Subject:=20Re:= 20Wireless=20Access=20Point|References:=20<704081.59220.qm@web3650 4.mail.mud.yahoo.com>|In-Reply-To:=20<704081.59220.qm@web36504.mai l.mud.yahoo.com>|X-Enigmail-Version:=201.0|Content-Type:=20text/pl ain=3B=20charset=3DUTF-8|Content-Transfer-Encoding:=207bit; b=YM6lKxZ2sJCVfLayhaw4h0pIsYb5nWh6Z8m73cg/JiCrktPEMvsnCBt8/XmTU/WfC bls6usyQLiCDRvvBS1qUreIuIUPMQTrD0pifhY2z3WVwu3nxqr2PFYfGa3vX4ORFnF fszykcwYVxOD8Fr7wXlQb7tgT0Fg7BGwWrO6ISIU= Message-ID: <4B6E95EA.6090009@infracaninophile.co.uk> Date: Sun, 07 Feb 2010 10:28:58 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1 MIME-Version: 1.0 To: Bill Tillman References: <704081.59220.qm@web36504.mail.mud.yahoo.com> In-Reply-To: <704081.59220.qm@web36504.mail.mud.yahoo.com> X-Enigmail-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.4 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,SPF_FAIL autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: Wireless Access Point X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2010 10:29:04 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/02/2010 18:38, Bill Tillman wrote: > Okay I have finally decided to scrap my old D-Link wireless router in favor of my FreeBSD-8.0 server with a wireless NIC ral0. I have thus far got the NIC to come up and work as an access point. I can connect to this AP with my laptop computer via wireless. I'm running dhcpd on the FreeBSD server so my laptop is also assigned an IP address as well. > > My existing setup has a FreeBSD server running as a router/gateway for my entire LAN. This router has two NICs one connected to the cable modem from my ISP and one connected to a switch on 10.0.0.0/24 Lan. > > The existing D-Link router has it's WAN port connected to this same switch and it gets a 10.0.0.0/24 IP address from another FreeBSD server running dhcpd. This D-Link router is running dhcpd and it assigns 192.168.0.0/24 IP addresses to all wireless clients. When a wireless client boots up in my house they connect to this D-Link router and all is well. OK, now I've done what I should have in the first place, and re-read the thread it its entirety. > This setup is working fine as all the workstations on 10.0.0.0/24 can access the Internet and all wireless clients on 192.168.0.0/24 can access the Internet. > > Now my new FreeBSD-8.0-STABLE server seems to be almost ready to take over for the D-Link router and my old FreeBSD server. I have two NIC's in this server, an ethernet cable one (bge0) and the wireless NIC (ral0) or wlan0. > > I can ping outside addresses from this new server but of course it's using the 10.0.0.0/24 segment which I knew would work. But even though the wireless clients can connect to the wirless NIC and be assigned an IP address and can ping the IP address of the server, both of them, I cannot access the Internet from any of the wireless machines. I could use some advice on what to do to correct this. You've got two FreeBSD servers. For the sake of clarity let me name them thus: Server A is your external gateway, and connects to your cable modem. Server B has the wireless card and is the gateway between your WLAN and your private wired network. The way I'd handle this is: * Don't run NAT at all on Server B. Instead, just treat it as a plain router between the wired and wireless networks. * To make that work, Server B should have fixed addresses, and you will need to add static routes on machines on your wired network so they know how to get packets to the WLAN. * You don't need to run a DHCP server on Server B -- you can hang it all of the DHCP server on Server A. You will need to run DHCP-relay on Server B, but that's a very much simpler program. * The DHCPd on Server A will have to be configured to supply addresses for the range used on your WLAN. You will also need to check and possible amend your firewall on Server A so that it will NAT for the address range used on your WLAN as well as the range on your wired net. Does that make sense to you? If not I am happy to expound further. Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAktuleoACgkQ8Mjk52CukIwhwgCfbROQ90szIAFFZXMTa4+zKkEX D3IAnRKpp5vC+uFw9t7YxdGl/77PLBSx =e76a -----END PGP SIGNATURE-----