From owner-freebsd-questions@freebsd.org Wed Nov 30 10:23:33 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EAADEC5DD27 for ; Wed, 30 Nov 2016 10:23:33 +0000 (UTC) (envelope-from kuku@kukulies.org) Received: from kukulies.org (mail.kukulies.org [78.47.239.221]) by mx1.freebsd.org (Postfix) with ESMTP id 9A9171F82 for ; Wed, 30 Nov 2016 10:23:33 +0000 (UTC) (envelope-from kuku@kukulies.org) Received: from localhost (localhost [127.0.0.1]) by kukulies.org (Postfix) with ESMTP id CD5104DA409 for ; Wed, 30 Nov 2016 11:23:25 +0100 (CET) Received: from kukulies.org ([127.0.0.1]) by localhost (kukulies.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CtASU3mFdjUg for ; Wed, 30 Nov 2016 11:23:23 +0100 (CET) Received: from [172.27.4.215] (unknown [87.79.34.228]) by kukulies.org (Postfix) with ESMTPSA id 01C3C4DA408 for ; Wed, 30 Nov 2016 11:23:22 +0100 (CET) Subject: Re: setting up a FreeBSD access point (hostap, natd) To: "freebsd-questions@freebsd.org" References: From: "Christoph P.U. Kukulies" Message-ID: Date: Wed, 30 Nov 2016 11:23:24 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.5.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2016 10:23:34 -0000 May I come back to my problem. As said, the WLAN itself works, just the nat and pf don't work. Now I'm thinking of using static routes to route the net 192.168 to the re0 interface and traffic from re0 to wlan0. Like this: (Hope the ascii graphics work) FreeBSD as HOSTAP Static routes between wlan0 and re0? +---+ WiFi | | iPhone | | + +---+ | +----+--------+---------+----+ | | 192.168.0.1 | | | | wlan0 | | | | | | | | DHCPD | | | +------------------+ | | FreeBSD-11.0 Box | | hostapd,pf | | +------------------+ | | | | | | | | | | | re0 | | | | 172.27.2.119 | | +----+-------+----------+----+ | | 172.27.x.x +-------+---------+ | | | FreeBSD Box | | natd,ipfw | | | +-------+---------+ | | | + Internet Could someone help with setting up the static routes. I once setup up such a thing. It's years ago, don't quite recall, but I used host routing or interface routing, not sure what it was. -- Christoph Am 25.11.2016 um 12:34 schrieb Christoph P.U. Kukulies: > FreeBSD-11.0 RELEASE > > urtwn0: 2> on usbus2 > urtwn0: MAC/BB RTL8188CUS, RF 6052 1T1R > > rc.conf: > > gateway_enable="YES" > hostname="myhostap.somedomain.de" > ifconfig_re0=" inet 172.27.2.119 netmask 255.255.0.0" > defaultrouter="172.27.2.1" > > dhcpd_enable="YES" # dhcpd enabled? > dhcpd_flags="-q" # command option(s) > dhcpd_conf="/usr/local/etc/dhcpd.conf" # configuration file > dhcpd_ifaces="wlan0" # ethernet interface(s) > dhcpd_withumask="022" # file creation mask > > # I tried using pf but still not sure whether I really need it > > pf_enable="YES" > pf_flags="" > pf_rules="/etc/pf.conf" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" # where pflogd should store the logfile > pflog_flags="" # additional flags for pflogd startup > > hostapd_enable="YES" > wlans_urtwn0="wlan0" > create_args_wlan0="wlanmode hostap" > ifconfig_wlan0="inet 192.168.0.1 netmask 255.255.255.0" > > /etc/hostapd.conf: > > interface=wlan0 > debug=1 > ctrl_interface=/var/run/hostapd > ctrl_interface_group=wheel > ssid=FREEBSD-HOSTAP > channel=1 > wpa=2 > wpa_passphrase= > wpa_key_mgmt=WPA-PSK > wpa_pairwise=CCMP > > # ifconfig > re0: flags=8843 metric 0 mtu 1500 > options=8209b C,LINKSTATE> > ether 00:25:22:8a:ee:6e > inet 172.27.2.1 netmask 0xffff0000 broadcast 172.27.255.255 > nd6 options=29 > media: Ethernet autoselect (1000baseT ) > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=21 > groups: lo > wlan0: flags=8843 metric 0 mtu > 1500 > ether 80:1f:02:e6:94:f1 > inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 > nd6 options=29 > media: IEEE 802.11 Wireless Ethernet autoselect mode 11g > status: running > ssid NETGEAR-AC1335689 channel 1 (2412 MHz 11g) bssid > 80:1f:02:e6:94:f1 > regdomain FCC country US authmode WPA2/802.11i privacy MIXED > deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 > scanvalid 60 > protmode CTS wme dtimperiod 1 -dfs > groups: wlan > pflog0: flags=141 metric 0 mtu 33184 > groups: pflog > # > > re0 ist the outbound interface (it still connects to an intranet but > the router to the Internet is 172.27.2.1) > > In this configuration I'm able to connect my iPhone to the WLAN. It > receives an IP (192.168.0.21) > and I can ping 198.168.0.21. > > > Now when I start /sbin/natd -n re0 > > I'm getting > > natd: Unable to create divert socket.: Protocol not supported > > When I add a line in > > > loader.conf: > > ipdivert_load="YES" > > > things get messed. > > > I then can start > > > /sbin/natd -n re0 > > but I then cannot login anymore through re0 from the intranet. Routing > (nat) from wlan0 to re0 doesn't work either. > Could anyone help a bit setting this up correctly? > > > -- > > Christoph > > > > > >