Date: Wed, 3 May 2006 15:00:09 +0200 From: guru@Sisis.de To: Fabian Keil <freebsd-listen@fabiankeil.de> Cc: freebsd-mobile@freebsd.org Subject: Re: wpa_supplicant && ipfilter && 6.0-REL Message-ID: <20060503130009.GA8205@rebelion.Sisis.de> In-Reply-To: <20060503145247.004cf234@localhost> References: <20060503090750.GA3371@rebelion.Sisis.de> <20060503145247.004cf234@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Wednesday, May 03, 2006 a las 02:52:47PM +0200, Fabian Keil escribió: > guru@Sisis.de wrote: > > > I'm using ipfilter in my 6.0-REL and this is working fine, even > > with the iwi0 interface of my W-LAN card when I'm accessing the at > > home my access point with WEP security. > > > > Now in our office we installed an AP using WPA-PSK security and > > I bring the interface up with some script like: > > > The interface iwi0 gets associated fine without any problem > > but traffic does not go out, even for the allowed ports in > > /etc/ipf.rules, like port 80 outbound and so on. First I thought > > that some how the wpa_supplicant was not working fine, but when > > I delete all ipfilter with "ipf -D" the W-LAN is working nicely. > > > What could be the problem with the ipfilter? > > Are you using a deny all configuration with macros containing > the IP addresses of the interfaces and not the interfaces themself? at work I'm using: # reload with: ipf -Fa -f /etc/ipf.rules # # No restrictions on Inside LAN Interface for private network # pass out quick on iwi0 all pass in quick on iwi0 all # # No restrictions on Loopback Interface # pass in quick on lo0 all pass out quick on lo0 all > > If you give iwi it's IP address in rc.conf, this would > explain why it's working with your AP at home, but not > with different networks. at home I bring up the iwi0 interface not with rc.conf, but with some shell script too: # cat iwiUp.sh #!/bin/sh # # set -x ssid=xxxxxxxxxxxxxxxxxxxx wepkey=0xxxxxxxxxxxxxxxxxxxxx inet=192.168.2.3 netmask=0xffffff00 ifconfig iwi0 inet ${inet} \ netmask ${netmask} \ ssid ${ssid} \ wepkey ${wepkey} \ weptxkey 1 wepmode on and with a more complex ipf.rules; as you see, in both cases after boot time and the only diff is that 1. for WPA I load some modules after boot time (I'll change this on next boot); 2. at home it is WEP and not WPA-PSK; Thx for the feedback anyway; matthias -- Matthias Apitz Manager Technical Support - OCLC PICA GmbH Gruenwalder Weg 28g - 82041 Oberhaching - Germany t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211 e <m.apitz@oclcpica.org> - w http://www.oclcpica.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060503130009.GA8205>