Date: Wed, 3 May 2006 15:00:09 +0200 From: guru@Sisis.de To: Fabian Keil <freebsd-listen@fabiankeil.de> Cc: freebsd-mobile@freebsd.org Subject: Re: wpa_supplicant && ipfilter && 6.0-REL Message-ID: <20060503130009.GA8205@rebelion.Sisis.de> In-Reply-To: <20060503145247.004cf234@localhost> References: <20060503090750.GA3371@rebelion.Sisis.de> <20060503145247.004cf234@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
El día Wednesday, May 03, 2006 a las 02:52:47PM +0200, Fabian Keil escribió:
> guru@Sisis.de wrote:
>
> > I'm using ipfilter in my 6.0-REL and this is working fine, even
> > with the iwi0 interface of my W-LAN card when I'm accessing the at
> > home my access point with WEP security.
> >
> > Now in our office we installed an AP using WPA-PSK security and
> > I bring the interface up with some script like:
>
> > The interface iwi0 gets associated fine without any problem
> > but traffic does not go out, even for the allowed ports in
> > /etc/ipf.rules, like port 80 outbound and so on. First I thought
> > that some how the wpa_supplicant was not working fine, but when
> > I delete all ipfilter with "ipf -D" the W-LAN is working nicely.
>
> > What could be the problem with the ipfilter?
>
> Are you using a deny all configuration with macros containing
> the IP addresses of the interfaces and not the interfaces themself?
at work I'm using:
# reload with: ipf -Fa -f /etc/ipf.rules
#
# No restrictions on Inside LAN Interface for private network
#
pass out quick on iwi0 all
pass in quick on iwi0 all
#
# No restrictions on Loopback Interface
#
pass in quick on lo0 all
pass out quick on lo0 all
>
> If you give iwi it's IP address in rc.conf, this would
> explain why it's working with your AP at home, but not
> with different networks.
at home I bring up the iwi0 interface not with rc.conf, but with
some shell script too:
# cat iwiUp.sh
#!/bin/sh
#
# set -x
ssid=xxxxxxxxxxxxxxxxxxxx
wepkey=0xxxxxxxxxxxxxxxxxxxxx
inet=192.168.2.3
netmask=0xffffff00
ifconfig iwi0 inet ${inet} \
netmask ${netmask} \
ssid ${ssid} \
wepkey ${wepkey} \
weptxkey 1 wepmode on
and with a more complex ipf.rules;
as you see, in both cases after boot time and the only diff is that
1. for WPA I load some modules after boot time (I'll change this on next
boot);
2. at home it is WEP and not WPA-PSK;
Thx for the feedback anyway;
matthias
--
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <m.apitz@oclcpica.org> - w http://www.oclcpica.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060503130009.GA8205>