Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th December 2010
thefronny thefronny is offline
Port Guard
Join Date: Oct 2008
Posts: 37
Default Need to move wireless access "inside" the firewall

I have a simple home network that uses a router with a firewall and a wireless access point, like so:

Internet (DSL/POTS line)
Home Network
Right now my wife's and son's wireless devices access the internet via the router's wireless on the network. I'd like to move them inside the firewall to, and turn off the router's wireless access point. Can I do this by putting a PCI wireless adapter on the firewall and giving them or would I have to create a third network and a set of rules to get them into 192? Lastly, I'll take any recommendations for such wireless cards.


Reply With Quote
  #2   (View Single Post)  
Old 13th December 2010
ocicat ocicat is offline
Join Date: Apr 2008
Posts: 3,309

Originally Posted by thefronny View Post
...would I have to create a third network and a set of rules to get them into 192?

You may find Hansteen's The Book of PF (second edition) to be a reasonable resource on pf(4). This book is based on an earlier work:


...which is freely available.
Lastly, I'll take any recommendations for such wireless cards.
It appears that ath(4), ral(4), & perhaps athn(4) may be reasonable choices. Information on common cards supporting these chipsets can be found by studying their respective manpages.

Having an overview of what wireless drivers are currently supported by OpenBSD would be helpful knowledge. This can be generated by the following command:

$ man -k wireless

Finally, it would be more than worth your time to further research this question by studying the comments which have been made on the official misc@ mailing list. One favorite archive site is:


However, others exist. More archive sites are listed at the following:

Reply With Quote
  #3   (View Single Post)  
Old 13th December 2010
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,006

I have an old ral(4) card and can confirm getting it to work as a host AP under OpenBSD 4.8 ... although I haven't done much with it. It's not too hard once you read the man pages often enough. It's actually a pretty nice set-up, as I've been struggling to do the same thing with Linux and haven't gotten it to work yet.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to replace "ectags" with "ctags"? fender0107401 OpenBSD Packages and Ports 5 16th April 2013 10:01 AM
Feasibility: "Load Balance Outgoing Traffic" with 2 NICs only Tramboi FreeBSD Security 3 29th April 2010 09:13 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM

All times are GMT. The time now is 01:34 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick