DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th December 2010
thefronny thefronny is offline
Port Guard
 
Join Date: Oct 2008
Posts: 37
Default Need to move wireless access "inside" the firewall

I have a simple home network that uses a router with a firewall and a wireless access point, like so:

Code:
Internet (DSL/POTS line)
  |
xxx.xxx.xxx.xxx
2WIRE ROUTER
10.0.0.1
  |
10.0.0.2
4.8 FIREWALL
192.168.1.1
  |
192.168.1.0
Home Network
Right now my wife's and son's wireless devices access the internet via the router's wireless on the 10.0.0.0 network. I'd like to move them inside the firewall to 192.168.1.0, and turn off the router's wireless access point. Can I do this by putting a PCI wireless adapter on the firewall and giving them 192.168.1.0 or would I have to create a third network and a set of rules to get them into 192? Lastly, I'll take any recommendations for such wireless cards.

thx,

tf
Reply With Quote
  #2   (View Single Post)  
Old 13th December 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by thefronny View Post
...would I have to create a third network and a set of rules to get them into 192?
Yes.

You may find Hansteen's The Book of PF (second edition) to be a reasonable resource on pf(4). This book is based on an earlier work:

http://home.nuug.no/~peter/pf/

...which is freely available.
Quote:
Lastly, I'll take any recommendations for such wireless cards.
It appears that ath(4), ral(4), & perhaps athn(4) may be reasonable choices. Information on common cards supporting these chipsets can be found by studying their respective manpages.

Having an overview of what wireless drivers are currently supported by OpenBSD would be helpful knowledge. This can be generated by the following command:

$ man -k wireless

Finally, it would be more than worth your time to further research this question by studying the comments which have been made on the official misc@ mailing list. One favorite archive site is:

http://marc.info/

However, others exist. More archive sites are listed at the following:

http://www.openbsd.org/mail.html
Reply With Quote
  #3   (View Single Post)  
Old 13th December 2010
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

I have an old ral(4) card and can confirm getting it to work as a host AP under OpenBSD 4.8 ... although I haven't done much with it. It's not too hard once you read the man pages often enough. It's actually a pretty nice set-up, as I've been struggling to do the same thing with Linux and haven't gotten it to work yet.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to replace "ectags" with "ctags"? fender0107401 OpenBSD Packages and Ports 5 16th April 2013 10:01 AM
Feasibility: "Load Balance Outgoing Traffic" with 2 NICs only Tramboi FreeBSD Security 3 29th April 2010 09:13 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM


All times are GMT. The time now is 09:36 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick