From owner-freebsd-questions@FreeBSD.ORG Wed May 24 14:33:06 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CD2816A606 for ; Wed, 24 May 2006 14:33:06 +0000 (UTC) (envelope-from mark@msen.com) Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88B3943D49 for ; Wed, 24 May 2006 14:33:04 +0000 (GMT) (envelope-from mark@msen.com) Received: from alphaone.psyberation.com (c-68-61-202-251.hsd1.mi.comcast.net[68.61.202.251]) by comcast.net (rwcrmhc12) with ESMTP id <20060524143303m1200ptt0ne>; Wed, 24 May 2006 14:33:03 +0000 From: Mark Moellering To: freebsd-questions@freebsd.org Date: Wed, 24 May 2006 10:32:48 -0400 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: Multipart/Mixed; boundary="Boundary-00=_Q6GdEl0mmsX/8cO" Message-Id: <200605241032.48356.mark@msen.com> Subject: Firewall with 3 NIC (1 wireless) problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 May 2006 14:33:17 -0000 --Boundary-00=_Q6GdEl0mmsX/8cO Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline I am attempting to add a wireless capabilities to an existing network / firewall structure. I added a wireless NIC card to the firewall (Netgear WPN311) and followed the wireless instructions. I also added a similar card to an existing computer (Netgear WG311T). The Firewall's internal wired network is on 192.168.1.1 and the Wireless card is set to 192.168.2.1 The client computer can find the wireless network and I can ping the wireless card (192.168.2.1) However, I can get nowhere else. I cannot get to the wired subnet nor outside access to the internet. I tried adding a bridge from the wired to the wireless network interfaces but that did nothing. I tried putting the wireless Nic to 192.168.1.249 but that made things worse. Any help would be greatly appreciated. Both client and firewall are running Freebsd 6.1 Relevant (that I can think of) files from the firewall are included... Thanks in Advance. Mark --Boundary-00=_Q6GdEl0mmsX/8cO Content-Type: text/plain; charset="us-ascii"; name="hostapd.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="hostapd.conf" interface=ath0 driver=bsd logger_syslog=-1 logger_syslog_level=0 logger_stdout=-1 logger_stdout_level=0 debug=6 dump_file=/tmp/hostapd.dump ctrl_interface=/var/run/hostapd ctrl_interface_group=wheel ssid=mynet wpa=1 wpa_passphrase=secretword wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP --Boundary-00=_Q6GdEl0mmsX/8cO Content-Type: text/plain; charset="us-ascii"; name="pf.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="pf.conf" # $FreeBSD: src/share/examples/pf/faq-example1,v 1.1 2004/09/14 01:07:18 mlaier Exp $ # $OpenBSD: faq-example1,v 1.2 2003/08/06 16:04:45 henning Exp $ # # Firewall for Home or Small Office # http://www.openbsd.org/faq/pf/example1.html # # macros int_if = "bge0" wint_if = "ath0" ext_if = "rl0" tcp_services = "{ 22, 113 }" icmp_types = "echoreq" priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }" # options set block-policy return set loginterface $ext_if # scrub scrub in all # nat/rdr nat on $ext_if from $int_if:network to any -> ($ext_if) nat on $ext_if from $wint_if:network to any -> ($ext_if) rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 rdr on $wint_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021 # filter rules block all pass quick on lo0 all block drop in quick on $ext_if from $priv_nets to any block drop out quick on $ext_if from any to $priv_nets pass in on $ext_if inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state pass in inet proto icmp all icmp-type $icmp_types keep state pass in on $int_if from $int_if:network to any keep state pass out on $int_if from any to $int_if:network keep state pass in on $wint_if from $wint_if:network to any keep state pass out on $wint_if from $wint_if:network to any keep state pass out on $ext_if proto tcp all modulate state flags S/SA pass out on $ext_if proto { udp, icmp } all keep state pass in on $ext_if inet proto tcp from any to ($ext_if) \ user proxy keep state --Boundary-00=_Q6GdEl0mmsX/8cO Content-Type: text/plain; charset="us-ascii"; name="sysctl.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="sysctl.conf" # $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. # # Uncomment this to prevent users from seeing information about processes that # are being run under another UID. #security.bsd.see_other_uids=0 net.link.ether.bridge.enable=1 net.link.ether.bridge.config=bge0, ath0 --Boundary-00=_Q6GdEl0mmsX/8cO Content-Type: text/plain; charset="us-ascii"; name="rc.conf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="rc.conf" # -- sysinstall generated deltas -- # Thu May 11 16:26:43 2006 # Created: Thu May 11 16:26:43 2006 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. gateway_enable="YES" linux_enable="YES" moused_enable="YES" usbd_enable="YES" #Internal Wired Network ifconfig_bge0="inet 192.168.1.1 netmask 255.255.255.0" hostname="Firewall.mynet.com" #Wireless Network ifconfig_ath0="192.168.2.1 netmask 255.255.255.0 ssid mynet mode 11g mediaopt hostap" hostapd_enable="YES" #External Gateway Interface ifconfig_rl0="DHCP" inetd_enable="YES" pf_enable="YES" pf_rules="/etc/pf.conf" pflog_enable="YES" pflog_logfile="var/log/pflog" --Boundary-00=_Q6GdEl0mmsX/8cO--