From owner-freebsd-net@FreeBSD.ORG Tue Mar 11 00:41:44 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C1F042B8; Tue, 11 Mar 2014 00:41:44 +0000 (UTC) Received: from mail-ob0-x230.google.com (mail-ob0-x230.google.com [IPv6:2607:f8b0:4003:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 7905B768; Tue, 11 Mar 2014 00:41:44 +0000 (UTC) Received: by mail-ob0-f176.google.com with SMTP id wp18so7764448obc.21 for ; Mon, 10 Mar 2014 17:41:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QRf0nMnh5911BtVhPXSvCK6dM3OYMeFZNt4jUrtHy1M=; b=pjVUH+cMuh6HqrYmj+HJhCe9tkQjBnvXYE/JeCgyp9ul0Mie30tdkN0mKVGZ6p6Fmi AZFFeqD1+6ugjmzqnCvoV36MpEDctdf1OBN631suF7fb9x3xePBwUeL9KX57rjjW7Dwb rKEybQ7tNVCY7OK25Ee3SGRpfUJNVwPgP9wisFnJWGLuwNd2HRWPNs6zlJtODnHAt7Fc DLs29svZS/MMHaoMzxh2lo5dbp2irbmpwSFcNNbXLVMZ4BwKG2+TMuIolsoFjYBjNaI7 uVFDz47lh+r9kBaKa0ht5P1zjOqIg+IhLPy5XEAc/9jhBPU7lFJwXk61aCfn275npedV O/uQ== MIME-Version: 1.0 X-Received: by 10.182.19.132 with SMTP id f4mr30662871obe.14.1394498503775; Mon, 10 Mar 2014 17:41:43 -0700 (PDT) Received: by 10.182.76.201 with HTTP; Mon, 10 Mar 2014 17:41:43 -0700 (PDT) In-Reply-To: References: <20140309231829.GG32089@funkthat.com> <9C40270E-18E0-4993-B7C5-BD8B5A24C95D@dataix.net> <71CCF277-8BF7-4C3B-9F9E-2095EA4CC060@dataix.net> Date: Mon, 10 Mar 2014 20:41:43 -0400 Message-ID: Subject: Re: Using pf.conf with public access points. From: Joe Nosay To: Jason Hellenthal Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: =?ISO-8859-1?Q?Ermal_Lu=E7i?= , "freebsd-net@freebsd.org" , John-Mark Gurney X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Mar 2014 00:41:44 -0000 On Mon, Mar 10, 2014 at 7:57 PM, Jason Hellenthal w= rote: > I feel as if you are over thinking this project just a little. > > dhclient has nothing to do with the bssid. > wlanX can be setup to use DHCP and for wep or wpa or open connections in > rc.conf. > You can't control others firewalls only your own so why the worry about > that ? > > > -- > Jason Hellenthal > Voice: 95.30.17.6/616 > JJH48-ARIN > > On Mar 10, 2014, at 16:41, Joe Nosay wrote: > > > > > On Mon, Mar 10, 2014 at 2:56 PM, Jason Hellenthal wrote: > >> I nearly forgot all about that feature thank you for the reminder. >> >> >> -- >> Jason Hellenthal >> Voice: 95.30.17.6/616 >> JJH48-ARIN >> >> On Mar 10, 2014, at 10:20, Ermal Lu=E7i wrote: >> >> Usually pf(4) does support having dynamic ips inside its ruleset. >> For example just putting the interface name as address or putting >> $iface:0 for first address etc... >> >> Take a look an man page of pf.conf and search for the string 'Interface >> names and interface group names can' >> >> >> On Sun, Mar 9, 2014 at 11:27 PM, Jason Hellenthal > > wrote: >> >>> You'll want to not use up addresses in your pf.conf >>> >>> Block on default and then open up by definition of ports instead. Forge= t >>> the whole IPAddr thing and treat this as a roaming client firewall. >>> >>> >>> -- >>> Jason Hellenthal >>> Voice: 95.30.17.6/616 >>> JJH48-ARIN >>> >>> > On Mar 9, 2014, at 19:18, John-Mark Gurney wrote: >>> > >>> > Joe Nosay wrote this message on Sun, Mar 09, 2014 at 15:36 -0400: >>> >> 2. How do I compensate for the use of public access points when the = IP >>> >> addresses will always be different? >>> > >>> > it doesn't appear that pf has this ability, but it looks like ipfw >>> > has this, from ipfw(8): >>> > me matches any IP address configured on an interface >>> in the >>> > system. >>> > >>> > So, maybe switching to ipfw might be an option.. >>> > >>> > -- >>> > John-Mark Gurney Voice: +1 415 225 5579 >>> > >>> > "All that I will do, has been done, All that I have, has not." >>> > _______________________________________________ >>> > freebsd-net@freebsd.org mailing list >>> > http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org= " >>> >> >> >> >> -- >> Ermal >> >> > > Has anyone thought about putting themselves in an environment similar to > mine- not everything- when it comes to networking? You would have to set > everything up with the following parameters: > 1. Because you are at more than one place, you cannot setup wlanX or the > wlandev in rc.conf. They must always be created after booting and logging > in. > 2. Dhclient cannot be automatic because a public access area may have mor= e > than one available bssid for connecting. > 3. Since each public access will have different firewalls, streaming and > web services may not be able to be ran. > 4. A script would probably work better than static settings in this case. > > > Apologies. I am trying different ways of setting up jailed networking. After setting up the sysctl variables and chrooting into the jail, the difficulty comes in connecting. I am going to try what is suggested by the ezjail page and see if that helps. Stepping back, I see that I should enable wlan0 to be created in rc.conf but not enable dhcp on it. Would that be the proper thing to do?