Date: 06 Jun 2002 08:49:39 +0000 From: Wayne Pascoe <freebsd@penguinpowered.org.uk> To: Jordi YC <jordi_yc@lycos.es> Cc: questions@FreeBSD.ORG Subject: Re: Wireless had-hoc gateway with IPsec/IPFilter/IPNat? Message-ID: <m24rgg6bbw.fsf@set.ehsrealtime.com> In-Reply-To: <200206060020.41934.jordi_yc@lycos.es> References: <200206060020.41934.jordi_yc@lycos.es>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordi YC <jordi_yc@lycos.es> writes: > I would like to know if I can have 1 (one) FreeBSD server doing > ipfilter, ipnat, and ipsec for a small intranet. Basically, is a > home LAN connected through a cable modem + a wireless network card > that connects 2 users. I would like to use ipsec instead of PPTP, so > I can avoid "dialing" in order to secure the connection and save me > some routing issues. Yes. I have been doing this for some time now. The important lines from /etc/start_if.wi0 (or the appropriate script that is run when your wireless adaptor initialises) are: wicontrol -i wi0 -c 1 wicontrol -i wi0 -e 1 wicontrol -i wi0 -n "yourwirelessnetname" You should then supply a key with wicontrol -i wi0 -k "blah" In your ipfilter scripts, block or pass on the device unless you have a fixed IP address. e.g. pass in quick on wi0 from 192.168.1.0/24 to any port = 22 flags S/SA \ keep state The above line will allow all machines on your network to ssh to the world. HTH. -- - Wayne Pascoe - http://www.penguinpowered.org.uk/wayne/ Give me enough medals, and I'll win any war. - Napolean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m24rgg6bbw.fsf>