DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 1st July 2014
EverydayDiesel EverydayDiesel is offline
Shell Scout
 
Join Date: Jan 2009
Posts: 124
Default Wireless Setup With AuthPF Help

Hello,

I am trying to understand the following article with a slight variation for my setup. This will be a dedicated old slow machine that i have laying around that will just provide wireless access with authpf. I have an extra port open on the back of my main firewall so I will be using it (I am out of available pci slots for a wireless card)
Here is the article --> http://home.nuug.no/~peter/pf/en/vegard.authpf.html

IP address of Main Firewall :192.168.1.200 # this is the output of the main firewall into the wireless firewall server
IP address of wireless firewall : 192.168.1.201 # this is the external interface on the wireless firewall

Here is the modified code that I *think is good (please correct me if i am wrong)

/etc/authpf/authpf.conf
Code:
touch /etc/authpf/authpf.conf
/etc/pf.conf
Code:
ext_if="em2"
wi_if = "athn0"

auth_web="192.168.27.20"

table <authpf_users> persist 

match out on $ext_if from $wi_if:network nat-to ($ext_if)

match in on $wi_if proto tcp from any to $myaddr port $tcp_in rdr-to $server
match in on $wi_if proto udp from any to $myaddr port $udp_in rdr-to $server

match in on on $wi_if proto tcp from ! <authpf_users> port 80 rdr-to $auth_web

anchor "authpf/*"

block all

anchor "authpf/*" in on wi0

pass in on $wi_if inet proto tcp from any to $auth_web port 80 keep state

pass in on $wi_if inet proto udp from any port 53 keep state

pass in on $wi_if inet proto udp from any to $wi_if port 67

pass in on $wi_if inet proto tcp from any to $wi_if port 22 keep state

/etc/authpf/authpf.rules
Code:
ext_if = "em2"
wi_if = "athn0"
server = "192.168.27.15"
myaddr = "213.187.n.m"

# Services which live on the internal network 
# and need to be accessible
tcp_services = "{ 22, 25, 53, 80, 110, 113, 995 }"
udp_services = "{ 53 }"
tcp_in = " { 22, 25, 53, 80, 993, 2317, pop3}"
udp_in = "{ 53 }"

pass in on $wi_if inet from <authpf_users> to ! $int_if:network keep state

pass in on $wi_if inet proto tcp from <authpf_users> to $server port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $server port $udp_in keep state

pass in on $wi_if inet proto tcp from <authpf_users> to $myaddr port $tcp_in keep state
pass in on $wi_if inet proto udp from <authpf_users> to $myaddr port $udp_in keep state
My machine is a brand new 5.5 installation so here are my questions.

1.This is the address of the web server? I will be installing apache httpd on the local machine eventually so this will be the ip of $ext_if?
Code:
auth_web="192.168.27.20"

2. This is a table that openbsd knows? (in other words I do not need to create this?)
Code:
table <authpf_users> persist

3. I do not understand this. n and m are placeholders of some sort that openbsd will replace with numbers?
Code:
myaddr = "213.187.n.m"

4. Where did wi0 come from in this example?
Code:
anchor "authpf/*" in on wi0


Sorry for so many questions and thanks in advance for your time helping me.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
authpf setup dbach OpenBSD General 14 19th January 2013 04:25 AM
authpf, authpf.rules unable to modify filters kbeaucha OpenBSD Security 16 10th May 2012 09:46 PM
transparent firewall & authpf? ll2ollvll3o OpenBSD General 2 10th April 2012 12:42 AM
Question regarding wireless setup stealintv FreeBSD General 5 19th September 2008 07:36 PM
Wireless + wired = confused network setup davidgurvich FreeBSD General 3 27th May 2008 06:10 PM


All times are GMT. The time now is 08:58 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick