|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
wired and wifi sharing but cant use bridging
Ok, here we go...
I'm working on my network, it look like that physically: |cable isp|------|openbsd|--(wired) | | (wifi) (Disregard the graph above, forum formating messed it up) What I want to do is to share the network between the wired side and the wifi. I have considered bridging the openbsd wifi and wired nic, worked for a while but it drive my wifi adapter fubar after a few hrs. I been digging about that problem before but no luck on that side. So now here I am asking around about alternative on how to achieve a sharing between those 2 adapter without bridging. Now what I have in mind is to put each adapter on a seperate subnet and tweak the routing table but so far it's beyong my knowledge. re0 isp cable (dhcp auto) ral0 wifi 192.168.2.1 255.255.255.0 sk0 wired 192.168.1.1 255.255.255.0 what I see so far is pinging from a laptop on 192.168.2 network (wifi) will show icmp request on the wired gateway and on the wired station but no reply are sent back. Same thing if I ping from the wifi adapter to the wired netword device. request is received but no reply. work fine from wired station or from wired adapter on the openbsd to the wired network. That being said, I would appreciate your suggestions on how I could get the wifi and the wired to talk to eachother without using bridging on the wifi adapter because of the problem mentionned above. Thanks in advance. Last edited by domdurocher; 4th October 2011 at 10:48 AM. Reason: (Disregard the graph above, forum formating messed it up) |
|
|||
First of all, welcome!
Quote:
Quote:
|
|
|||
Thanks for the reply ocicat,
Yes I enabled net.inet.ip.forwarding. Both wired and wifi have access to the internet on my isp cable going trough my openbsd box and a set of pf rules. that work perfectly. Has for the route man page, I already tryed to add a route for the 192.168.2.0/24 via the 192.168.1.1 gateway but it didn't worked. still no reply to pings and no communications between wifi and wired. |
|
|||
ok, I guess i should provide more insight on my configs.
re0 isp cable (dhcp auto) ral0 wifi 192.168.2.1 255.255.255.0 Subnet controlled by dhcpd sk0 wired 192.168.1.1 255.255.255.0 Subnet controlled by dhcpd dhcpd.conf Code:
# $OpenBSD: dhcpd.conf,v 1.2 2008/10/03 11:41:21 sthen Exp $ # # DHCP server options. # See dhcpd.conf(5) and dhcpd(8) for more information. # # Network: 192.168.1.0/255.255.255.0 # Domain name: my.domain # Name servers: 192.168.1.3 and 192.168.1.5 # Default router: 192.168.1.1 # Addresses: 192.168.1.32 - 192.168.1.127 # option domain-name "domain.com"; option domain-name-servers 206.248.154.22, 206.248.154.170; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; range 192.168.1.50 192.168.1.100; host XPS { hardware ethernet 00:19:B9:3E:EF:05; fixed-address 192.168.1.10; } host Vault { hardware ethernet 00:14:FD:11:B2:94; fixed-address 192.168.1.11; } host Nano_wired { hardware ethernet 00:1e:68:c5:45:1f; fixed-address 192.168.1.14; } } subnet 192.168.2.0 netmask 255.255.255.0 { option routers 192.168.2.1; range 192.168.2.50 192.168.2.100; host Android { hardware ethernet 90:21:55:B4:35:BE; fixed-address 192.168.2.13; } host Nano_wifi { hardware ethernet 00:22:69:3D:8D:96; fixed-address 192.168.2.12; } } Code:
#PF config file # macros Ext_if = "re0" Int_if = "{sk0 ral0}" Wired = "sk0" Wifi = "ral0" # options set block-policy return set loginterface re0 set skip on lo # match rules match in all scrub (no-df) # filter rules block all pass quick on $Int_if proto icmp pass on $Int_if from 192.168.1.0/24 pass on $Int_if from 192.168.2.0/24 pass out on $Int_if to $Ext_if pass in on $Ext_if from { 192.168.1.0/24 192.168.2.0/24 } pass out on $Ext_if proto{tcp udp icmp} all modulate state pass out on $Ext_if from {192.168.1.0/24 192.168.2.0/24} to any \ nat-to (re0) Code:
media DS2 mode 11g mediaopt hostap chan 3 nwid infected2 wpakey youwish!!! wpaprotos wpa1,wpa2 inet 192.168.2.1 255.255.255.0 192.168.2.255 up Code:
inet 192.168.1.1 255.255.255.0 192.168.1.255 up Code:
dhcp net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets route show Code:
Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface 69.165.210.16/29 link#1 UC 0 0 - 4 re0 localhost localhost UH 0 86 33200 4 lo0 192.168.1/24 link#2 UC 1 0 - 4 sk0 192.168.1.10 00:19:b9:3e:ef:05 UHLc 1 83 - 4 sk0 192.168.2/24 link#5 UC 1 0 - 4 ral0 192.168.2.13 link#5 UHLc 0 8 - 4 ral0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface localhost localhost UH 0 0 33200 4 lo0 fe80::%re0/64 link#1 UC 0 0 - 4 re0 fe80::%sk0/64 link#2 UC 0 0 - 4 sk0 fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 fe80::%ral0/64 link#5 UC 0 0 - 4 ral0 ff01::%re0/32 link#1 UC 0 0 - 4 re0 ff01::%sk0/32 link#2 UC 0 0 - 4 sk0 ff01::%lo0/32 localhost UC 0 0 - 4 lo0 ff01::%ral0/32 link#5 UC 0 0 - 4 ral0 ff02::%re0/32 link#1 UC 0 0 - 4 re0 ff02::%sk0/32 link#2 UC 0 0 - 4 sk0 ff02::%lo0/32 localhost UC 0 0 - 4 lo0 ff02::%ral0/32 link#5 UC 0 0 - 4 ral0 First ping within the same subnet: ping from gateway adapter sk0 192.168.1.1 to 192.168.1.11 tcpdump on gateway # tcpdump -i sk0 icmp tcpdump: listening on sk0, link-type EN10MB 20:10:32.388756 192.168.1.1 > 192.168.1.11: icmp: echo request 20:10:32.389051 192.168.1.11 > 192.168.1.1: icmp: echo reply ping from gateway $ ping 192.168.1.11 PING 192.168.1.11 (192.168.1.11): 56 data bytes 64 bytes from 192.168.1.11: icmp_seq=0 ttl=64 time=3.621 ms --- 192.168.1.11 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.621/3.621/3.621/0.000 ms now ping from wifi subnet to wired subnet ping from gateway adapter ral0 192.168.2.1 to 192.168.1.11 tcpdump on gateway # tcpdump -i sk0 icmp tcpdump: listening on sk0, link-type EN10MB 20:15:12.994278 192.168.2.1 > 192.168.1.11: icmp: echo request 20:15:14.003019 192.168.2.1 > 192.168.1.11: icmp: echo request 20:15:15.013017 192.168.2.1 > 192.168.1.11: icmp: echo request ping from gateway $ ping -I 192.168.2.1 192.168.1.11 PING 192.168.1.11 (192.168.1.11): 56 data bytes --- 192.168.1.11 ping statistics --- 9 packets transmitted, 0 packets received, 100.0% packet loss Here it is, why do I dont get a reply on 192.168.1.11 when ping from 192.168.2.1. I have checked and tcpdump on 192.168.1.11 do not show reply either. any suggestions? |
|
||||
I think I might see the problem. I believe it is possible that the only filter rule that matches non-ICMP traffic between your two internal networks is "block all".
You can confirm this by adding "log" to all of your pass/block rules, and running tcpdump with pflog0. It will show which rule applies to any packet being examined. In particular your "pass on" multiple interfaces by $Int_if macro may not be producing the results you want. # pfctl -s rules will show you the ruleset with all expansions of macros and lists, and if you use # pfctl -vs rules you get the rule numbers that are used with the pflog tcpdump output. ---- A quick test is to change the block all rule to a pass all. If you can suddenly connect, you know that your PF configuration is the culprit. |
|
|||
jggimi,
I did the test without the deny all in pf and its still a no go. On my part if pf would be the problem I am positive that the icmp request wouldnt get to the 192.168.1.11 station. now my problem is that the request get to the station but no reply are sent back and that only when coming from 192.168.2.0/24. there are no fw on that station and I replicated the problem on several other station with different os... the problem is still present when pf is disable so can we put pf out of the loop. |
|
||||
Thank you for letting me know. Well, there goes that theory.
Unfortunately, nothing else seems obviously out-of-sorts. I note that in your routing table, only one device shows a MAC address. If that output was produced after you've run your tests and been communicating, I'd be concerned. (I'm guessing it was soon after a boot, though.) You may want to edit that post to remove your actual Internet address. |
|
|||
Quote:
I'll keep scratching my head about this, will post when I find the solution. Regards |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD, PF, bridging and 10gE | mbw | OpenBSD Security | 6 | 5th January 2012 08:51 PM |
Wired/Optical Microsoft IntelliMouse Explorer 3.0 installation | vigol | FreeBSD General | 2 | 17th November 2009 12:34 PM |
FTP users sharing same home directory | phreud | FreeBSD General | 6 | 11th November 2008 10:11 PM |
Request for Opinions: A secure way of sharing modules | TerryP | Off-Topic | 2 | 10th August 2008 07:18 PM |
Wireless + wired = confused network setup | davidgurvich | FreeBSD General | 3 | 27th May 2008 06:10 PM |