Date: Mon, 10 Mar 2014 20:41:43 -0400 From: Joe Nosay <superbisquit@gmail.com> To: Jason Hellenthal <jhellenthal@dataix.net> Cc: =?ISO-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, John-Mark Gurney <jmg@funkthat.com> Subject: Re: Using pf.conf with public access points. Message-ID: <CA%2BWntOsxDk2J6pOxFB2Va1o7=xiAKVZ-ZFv5kA96faeGABh7xA@mail.gmail.com> In-Reply-To: <AF2D3781-6A50-4B92-9EF3-201A5E9687F6@dataix.net> References: <CA%2BWntOsQG-OeF8AmiftKt6-7upXTN7Pnv4ogZJmt6kjZ0GsZAA@mail.gmail.com> <20140309231829.GG32089@funkthat.com> <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net> <CAPBZQG3jzWnLk_Ea-VwkpTg2wHCF21M4faKzsYfVDAy9SAw3mg@mail.gmail.com> <71CCF277-8BF7-4C3B-9F9E-2095EA4CC060@dataix.net> <CA%2BWntOusW84FL0iERf=CqVJxO3cxqM86365=HVbhwhBoW9=_EA@mail.gmail.com> <AF2D3781-6A50-4B92-9EF3-201A5E9687F6@dataix.net>
index | next in thread | previous in thread | raw e-mail
On Mon, Mar 10, 2014 at 7:57 PM, Jason Hellenthal <jhellenthal@dataix.net>wrote: > I feel as if you are over thinking this project just a little. > > dhclient has nothing to do with the bssid. > wlanX can be setup to use DHCP and for wep or wpa or open connections in > rc.conf. > You can't control others firewalls only your own so why the worry about > that ? > > > -- > Jason Hellenthal > Voice: 95.30.17.6/616 > JJH48-ARIN > > On Mar 10, 2014, at 16:41, Joe Nosay <superbisquit@gmail.com> wrote: > > > > > On Mon, Mar 10, 2014 at 2:56 PM, Jason Hellenthal <jhellenthal@dataix.net>wrote: > >> I nearly forgot all about that feature thank you for the reminder. >> >> >> -- >> Jason Hellenthal >> Voice: 95.30.17.6/616 >> JJH48-ARIN >> >> On Mar 10, 2014, at 10:20, Ermal Luçi <eri@freebsd.org> wrote: >> >> Usually pf(4) does support having dynamic ips inside its ruleset. >> For example just putting the interface name as address or putting >> $iface:0 for first address etc... >> >> Take a look an man page of pf.conf and search for the string 'Interface >> names and interface group names can' >> >> >> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal <jhellenthal@dataix.net >> > wrote: >> >>> You'll want to not use up addresses in your pf.conf >>> >>> Block on default and then open up by definition of ports instead. Forget >>> the whole IPAddr thing and treat this as a roaming client firewall. >>> >>> >>> -- >>> Jason Hellenthal >>> Voice: 95.30.17.6/616 >>> JJH48-ARIN >>> >>> > On Mar 9, 2014, at 19:18, John-Mark Gurney <jmg@funkthat.com> wrote: >>> > >>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400: >>> >> 2. How do I compensate for the use of public access points when the IP >>> >> addresses will always be different? >>> > >>> > it doesn't appear that pf has this ability, but it looks like ipfw >>> > has this, from ipfw(8): >>> > me matches any IP address configured on an interface >>> in the >>> > system. >>> > >>> > So, maybe switching to ipfw might be an option.. >>> > >>> > -- >>> > John-Mark Gurney Voice: +1 415 225 5579 >>> > >>> > "All that I will do, has been done, All that I have, has not." >>> > _______________________________________________ >>> > freebsd-net@freebsd.org mailing list >>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> >> >> >> -- >> Ermal >> >> > > Has anyone thought about putting themselves in an environment similar to > mine- not everything- when it comes to networking? You would have to set > everything up with the following parameters: > 1. Because you are at more than one place, you cannot setup wlanX or the > wlandev in rc.conf. They must always be created after booting and logging > in. > 2. Dhclient cannot be automatic because a public access area may have more > than one available bssid for connecting. > 3. Since each public access will have different firewalls, streaming and > web services may not be able to be ran. > 4. A script would probably work better than static settings in this case. > > > Apologies. I am trying different ways of setting up jailed networking. After setting up the sysctl variables and chrooting into the jail, the difficulty comes in connecting. I am going to try what is suggested by the ezjail page and see if that helps. Stepping back, I see that I should enable wlan0 to be created in rc.conf but not enable dhcp on it. Would that be the proper thing to do?home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BWntOsxDk2J6pOxFB2Va1o7=xiAKVZ-ZFv5kA96faeGABh7xA>