|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
allowing named machines only to connect via router
Hi everybody !
Something is wrong with a router : it never conserves its wpa/wpa2 settings .. undesirable clients connect ....... Maybe because it's pretty old a router (most recent firmware upgrade dates back to 2008 :-) ) What does OpenBSD as a firewall offer me to allow some named machines to connect while disallowing all the rest ? Any help or guidance is welcome .. Thank you very much !! |
|
|||
Clarify.
|
|
|||
Sorry , again :
I need to allow just 4 named LAN hosts to connect to the router (by specifying names/MAC or IP .. I don't know really) and disallow all foreign hosts . outsiders that may discover then try connecting to router .. (mostly smartphones) can it be done using an OpenBSD firewall and still use dynamic IPs for those 4 machines ? If not possible , what can I do to disallow intruders from using my insecure router (which never keeps its security settings (WEP/WPA..) (The router has DMZ option and an option to set hosts by MAC address .. but since I can't rely on it anymore I'm asking for a solution ..) |
|
||||
I have both good news and bad news:
|
|
|||
Randomly assuming a bunch of stuff, what you could do is to swap from "router mode" to "access point" mode on the router. Connect the router to the OpenBSD box. Enable dhcpd, authpf and IPsec on the NIC connected to the access point. You could even make it an open wifi network, since no unauthorized traffic will pass anyway due to authpf.
To make the IPsec configuration mega-easy with dhcp, you could assign "fixed" dhcpd-IPs based on MACs. Note that anyone would be able to get a certain IP as long as the corresponding MAC is presented. |
|
|||
Thank you jggimi ! for the good & the bad news .. all is well, I can see that (ie wherever there is an inconvenience there is learning .. eg. if X didn't fail on Imac I'd never started learning/using tmux :-) .. as for books , even penguins are not found anywhere here let alone daemons .. Gates's narcissic gutenbergalactic hegemonism here .. but that's not the issue.
Teacher jggimi I'll spare you my silly questions coz "The lunatic is in my head" :-) .. I need to start right from basics (& jargon .. @vermaden was right : first prog lge to learn : eng ) denta , thank you very much ! When I tried the allow-by-MAC-address solution , settings (wep/wpa keys .. MAC .. Modulation Type .. ) are lost after the router is switched off .. a Jurassic piece of hw. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Rsync to compare two Synology - NAS machines? | Broodjegehaktmetmayo | Other BSD and UNIX/UNIX-like | 0 | 24th June 2012 12:02 PM |
Another Free Ruby Book named ...... | qmemo | Programming | 0 | 26th January 2011 12:41 AM |
simple named.conf with dnssec ? | mayuka | OpenBSD Security | 21 | 31st January 2010 09:47 PM |
PPPoE -> ADSL Router (Bridge) - Slow connect? | DraconianTimes | OpenBSD General | 0 | 31st December 2008 01:07 PM |
What do do with these machines? | billousek | Off-Topic | 8 | 11th June 2008 01:04 PM |