From owner-freebsd-mobile Thu Sep 26 9:47:40 2002 Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8494637B401 for ; Thu, 26 Sep 2002 09:47:39 -0700 (PDT) Received: from zephir.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16DA943E42 for ; Thu, 26 Sep 2002 09:47:39 -0700 (PDT) (envelope-from leth@primus.ca) Received: from dialin-157-161.tor.primus.ca ([216.254.157.161]) by zephir.primus.ca with esmtp (Exim 3.33 #16) id 17ubnf-0005mL-0A; Thu, 26 Sep 2002 12:47:39 -0400 Date: Thu, 26 Sep 2002 12:47:54 -0400 (EDT) From: Jason Hunt X-X-Sender: leth@lethargic.dyndns.org To: mobile@FreeBSD.ORG Cc: Jacques Caron , Bruce M Simpson , Dan Langille Subject: Re: getting wi running as a bridge In-Reply-To: Message-ID: <20020926112828.N52066-100000@lethargic.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-mobile@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 26 Sep 2002, Jacques Caron wrote: > And this won't work with two boxes configured as APs: they won't talk to > each other (only stations talk to APs). And regular stations can't > bridge (because of differences in the 802.11 frame format depending on > whether the source/destination MAC addresses match the wireless cards or > something else). > > To obtain a real 802.11 bridge, you need the cards to be able to run in > so-called WDS mode, but I'm not even sure this is supported with the > PRISM cards, let alone the Orinocos. Do you mean it's not supported by the driver in FreeBSD? I ask this because I have one of those Apple Airports (an older one), and they use Orinoco Silver cards. > Your only options are: > - route instead of bridging: this requires 3 subnets (one for each LAN > and a /30 for the wireless link), and IP forwarding enabled > - set up some form of tunnel > - a specific case of the above, setup an IPsec VPN between the two > boxes. > > Note that the latter options probably require some sort of routing too, > or you'll need to do some fun things with proxy ARP or promiscuous mode > somehow... An IPSec VPN is a form of a tunnel (well, IPsec goes inside a tunnel, but whatever), which would require routing like you described in the first option. I have an article in my notes at home that gives an excellent setup for a wireless gateway. It shows how to setup the network so that the gateway won't forward packets unless they come through the IPSec tunnel (there's no default route on the gateway). This prevents just anyone from getting an IP and gaining access to the Internet (or whatever is on the other side of the gateway). I'll post that link later tonight. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-mobile" in the body of the message