|
|||
Wireless Setup With AuthPF Help
Hello,
I am trying to understand the following article with a slight variation for my setup. This will be a dedicated old slow machine that i have laying around that will just provide wireless access with authpf. I have an extra port open on the back of my main firewall so I will be using it (I am out of available pci slots for a wireless card) Here is the article --> http://home.nuug.no/~peter/pf/en/vegard.authpf.html IP address of Main Firewall :192.168.1.200 # this is the output of the main firewall into the wireless firewall server IP address of wireless firewall : 192.168.1.201 # this is the external interface on the wireless firewall Here is the modified code that I *think is good (please correct me if i am wrong) /etc/authpf/authpf.conf Code:
touch /etc/authpf/authpf.conf Code:
ext_if="em2" wi_if = "athn0" auth_web="192.168.27.20" table <authpf_users> persist match out on $ext_if from $wi_if:network nat-to ($ext_if) match in on $wi_if proto tcp from any to $myaddr port $tcp_in rdr-to $server match in on $wi_if proto udp from any to $myaddr port $udp_in rdr-to $server match in on on $wi_if proto tcp from ! <authpf_users> port 80 rdr-to $auth_web anchor "authpf/*" block all anchor "authpf/*" in on wi0 pass in on $wi_if inet proto tcp from any to $auth_web port 80 keep state pass in on $wi_if inet proto udp from any port 53 keep state pass in on $wi_if inet proto udp from any to $wi_if port 67 pass in on $wi_if inet proto tcp from any to $wi_if port 22 keep state /etc/authpf/authpf.rules Code:
ext_if = "em2" wi_if = "athn0" server = "192.168.27.15" myaddr = "213.187.n.m" # Services which live on the internal network # and need to be accessible tcp_services = "{ 22, 25, 53, 80, 110, 113, 995 }" udp_services = "{ 53 }" tcp_in = " { 22, 25, 53, 80, 993, 2317, pop3}" udp_in = "{ 53 }" pass in on $wi_if inet from <authpf_users> to ! $int_if:network keep state pass in on $wi_if inet proto tcp from <authpf_users> to $server port $tcp_in keep state pass in on $wi_if inet proto udp from <authpf_users> to $server port $udp_in keep state pass in on $wi_if inet proto tcp from <authpf_users> to $myaddr port $tcp_in keep state pass in on $wi_if inet proto udp from <authpf_users> to $myaddr port $udp_in keep state 1.This is the address of the web server? I will be installing apache httpd on the local machine eventually so this will be the ip of $ext_if? Code:
auth_web="192.168.27.20" 2. This is a table that openbsd knows? (in other words I do not need to create this?) Code:
table <authpf_users> persist 3. I do not understand this. n and m are placeholders of some sort that openbsd will replace with numbers? Code:
myaddr = "213.187.n.m" 4. Where did wi0 come from in this example? Code:
anchor "authpf/*" in on wi0 Sorry for so many questions and thanks in advance for your time helping me. |
|
||||
1. The "auth_web" server is where requests from an unauthenticated user to any IP address's destination port 80 are routed. That local server can place a static page telling the user to authenticate, etc. Once a user is authenticated (this means having an active SSH console session to an authpf login shell on the server running PF), this traffic is no longer intercepted and can go where the user intended.
2. The authpf_users table is described in both the AuthPF chapter of the PF User's Guide and in the authpf(8) man page. I'll quote from the Guide. Quote:
4. Anchor options are discussed in the Anchor chapter of the PF User's Guide. I'd mentioned this chapter to you two days ago, in your thread on scheduling connections. ---- Many years ago, I ran something similar in the pre-WPA days, when WEP was the only "hardware" encryption available and was known to be insecure. I later replaced the authpf solution with an IPSec solution, as it was easier for the client -- no SSH session to maintain, and its encryption wasn't proven to be broken like WEP. The IPSec solution was later replaced with WPA2, as clients could include systems that did not have IPSec capabilities. |
|
||||
Thanks for your help!
Quote:
Quote:
Code:
table <authpf_users> persist Quote:
Quote:
The best I can tell some are created in memory and defined in the actual config file and others are files that are saved on the hard drive. I will experiment with these a bit later but at the moment I am still learning. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
authpf setup | dbach | OpenBSD General | 14 | 19th January 2013 04:25 AM |
authpf, authpf.rules unable to modify filters | kbeaucha | OpenBSD Security | 16 | 10th May 2012 09:46 PM |
transparent firewall & authpf? | ll2ollvll3o | OpenBSD General | 2 | 10th April 2012 12:42 AM |
Question regarding wireless setup | stealintv | FreeBSD General | 5 | 19th September 2008 07:36 PM |
Wireless + wired = confused network setup | davidgurvich | FreeBSD General | 3 | 27th May 2008 06:10 PM |