From owner-freebsd-questions@freebsd.org  Fri Nov 25 11:35:08 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CC59DC54163
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Fri, 25 Nov 2016 11:35:08 +0000 (UTC)
 (envelope-from kuku@kukulies.org)
Received: from kukulies.org (mail.kukulies.org [78.47.239.221])
 by mx1.freebsd.org (Postfix) with ESMTP id 6345D2F8
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 11:35:07 +0000 (UTC)
 (envelope-from kuku@kukulies.org)
Received: from localhost (localhost [127.0.0.1])
 by kukulies.org (Postfix) with ESMTP id D2C0E4DA409
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 12:35:00 +0100 (CET)
Received: from kukulies.org ([127.0.0.1])
 by localhost (kukulies.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id idpxKBi72zFs for <freebsd-questions@freebsd.org>;
 Fri, 25 Nov 2016 12:34:58 +0100 (CET)
Received: from [172.27.4.215] (unknown [87.79.34.228])
 by kukulies.org (Postfix) with ESMTPSA id 0A2A04DA408
 for <freebsd-questions@freebsd.org>; Fri, 25 Nov 2016 12:34:58 +0100 (CET)
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
From: "Christoph P.U. Kukulies" <kuku@kukulies.org>
Subject: setting up a FreeBSD access point (hostap, natd)
Message-ID: <e59e6141-4c83-a3d9-629f-f813625f0d48@kukulies.org>
Date: Fri, 25 Nov 2016 12:34:58 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.5.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2016 11:35:08 -0000

FreeBSD-11.0 RELEASE

urtwn0: <vendor 0x7392 product 0x7811, class 0/0, rev 2.00/2.00, addr 2> 
on usbus2
urtwn0: MAC/BB RTL8188CUS, RF 6052 1T1R

rc.conf:

gateway_enable="YES"
hostname="myhostap.somedomain.de"
ifconfig_re0=" inet 172.27.2.119 netmask 255.255.0.0"
defaultrouter="172.27.2.1"

dhcpd_enable="YES"                          # dhcpd enabled?
dhcpd_flags="-q"                            # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration file
dhcpd_ifaces="wlan0"                             # ethernet interface(s)
dhcpd_withumask="022"                       # file creation mask

# I tried using pf but still not sure whether I really need it

pf_enable="YES"
pf_flags=""
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile="/var/log/pflog"  # where pflogd should store the logfile
pflog_flags=""    # additional flags for pflogd startup

hostapd_enable="YES"
wlans_urtwn0="wlan0"
create_args_wlan0="wlanmode hostap"
ifconfig_wlan0="inet 192.168.0.1 netmask 255.255.255.0"

/etc/hostapd.conf:

interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=FREEBSD-HOSTAP
channel=1
wpa=2
wpa_passphrase=<secret>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

# ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGI
C,LINKSTATE>
         ether 00:25:22:8a:ee:6e
         inet 172.27.2.1 netmask 0xffff0000 broadcast 172.27.255.255
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex,master>)
         status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
         inet 127.0.0.1 netmask 0xff000000
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
         groups: lo
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         ether 80:1f:02:e6:94:f1
         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
         media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
         status: running
         ssid NETGEAR-AC1335689 channel 1 (2412 MHz 11g) bssid 
80:1f:02:e6:94:f1
         regdomain FCC country US authmode WPA2/802.11i privacy MIXED
         deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 
scanvalid 60
         protmode CTS wme dtimperiod 1 -dfs
         groups: wlan
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33184
         groups: pflog
#

re0 ist the outbound interface (it still connects to an intranet but the 
router to the Internet is 172.27.2.1)

In this configuration I'm able to connect my iPhone to the WLAN. It 
receives an IP (192.168.0.21)
and I can ping 198.168.0.21.


Now when I start /sbin/natd -n re0

I'm getting

natd: Unable to create divert socket.: Protocol not supported

When I add a line in


loader.conf:

ipdivert_load="YES"


things get messed.


I then can start


/sbin/natd -n re0

but I then cannot login anymore through re0 from the intranet. Routing 
(nat)  from wlan0 to re0 doesn't work either.
Could anyone help a bit setting this up correctly?


--

Christoph