Thread: Wireless Setup With AuthPF Help
View Single Post
  #1   (View Single Post)  
Old 1st July 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
  
Join Date: Jan 2009
Posts: 124
Default Wireless Setup With AuthPF Help
Hello,

I am trying to understand the following article with a slight variation for my setup. This will be a dedicated old slow machine that i have laying around that will just provide wireless access with authpf. I have an extra port open on the back of my main firewall so I will be using it (I am out of available pci slots for a wireless card)
Here is the article --> http://home.nuug.no/~peter/pf/en/vegard.authpf.html

IP address of Main Firewall :192.168.1.200 # this is the output of the main firewall into the wireless firewall server
IP address of wireless firewall : 192.168.1.201 # this is the external interface on the wireless firewall

Here is the modified code that I *think is good (please correct me if i am wrong)

/etc/authpf/authpf.conf
Code:
touch /etc/authpf/authpf.conf
/etc/pf.conf
Code:
ext_if="em2"
wi_if = "athn0"

auth_web="192.168.27.20"

table <authpf_users> persist 

match out on $ext_if from $wi_if:network nat-to ($ext_if)

match in on $wi_if proto tcp from any to $myaddr port $tcp_in rdr-to $server
match in on $wi_if proto udp from any to $myaddr port $udp_in rdr-to $server

match in on on $wi_if proto tcp from ! <authpf_users> port 80 rdr-to $auth_web

anchor "authpf/*"

block all

anchor "authpf/*" in on wi0

pass in on $wi_if inet proto tcp from any to $auth_web port 80 keep state

pass in on $wi_if inet proto udp from any port 53 keep state

pass in on $wi_if inet proto udp from any to $wi_if port 67

pass in on $wi_if inet proto tcp from any to $wi_if port 22 keep state

/etc/authpf/authpf.rules
Code:
ext_if = "em2"
wi_if = "athn0"
server = "192.168.27.15"
myaddr = "213.187.n.m"

# Services which live on the internal network 
# and need to be accessible
tcp_services = "{ 22, 25, 53, 80, 110, 113, 995 }"
udp_services = "{ 53 }"
tcp_in = " { 22, 25, 53, 80, 993, 2317, pop3}"
udp_in = "{ 53 }"

pass in on $wi_if inet from <authpf_users> to ! $int_if:network keep state

pass in on $wi_if inet proto tcp from <authpf_users> to $server port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $server port $udp_in keep state

pass in on $wi_if inet proto tcp from <authpf_users> to $myaddr port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $myaddr port $udp_in keep state
My machine is a brand new 5.5 installation so here are my questions.

1.This is the address of the web server? I will be installing apache httpd on the local machine eventually so this will be the ip of $ext_if?
Code:
auth_web="192.168.27.20"

2. This is a table that openbsd knows? (in other words I do not need to create this?)
Code:
table <authpf_users> persist

3. I do not understand this. n and m are placeholders of some sort that openbsd will replace with numbers?
Code:
myaddr = "213.187.n.m"

4. Where did wi0 come from in this example?
Code:
anchor "authpf/*" in on wi0


Sorry for so many questions and thanks in advance for your time helping me.
Reply With Quote