|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
A Very Simple Wireless Access Point
Hello everyone.
I am trying to setup a basic wireless internet using wpa2 and a dhcpd server that will hand out clients. I am following along in the book of PF and so far I am able to see the wireless adapter and connect to it. However I am not able to obtain an ip address on the client. /etc/dhcpd.interfaces Code:
athn0 Code:
up media autoselect mode 11g chan 1 nwid unwiredbsd nwkey 0x1deadbeef9 dhcp I even tried starting httpd athn0 but had no luck What am I doing wrong here? Why can I not get a ip address on the client? |
|
|||
Quote:
|
|
|||
I have not done any customizations to dhcpd except what was listed above (and i did start it via 'dhcpd athn0'
I will read it and see what i can come up with |
|
|||
That does help alot.
Here are the steps that i have done but it is still not working. dhcpd says (failed) when cat /var/log/messages i get Code:
Cant listen on athn0 - dhcpd.conf has no subnet declaration for 10.2.0.1 Code:
up media autoselect mediaopt hostap mode 11g chan 7 nwid MY_SSID wpa wpakey MY_PWD_GOES_HERE 10.2.0.1 Code:
inet 10.1.0.1 255.0.10.0 Code:
option domain-name "my.domain"; option domain-name-servers 4.4.4.4; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 10.1.0.1 range 192.168.1.32 192.168.1.127; } Code:
echo 'dhcpd_flags="athn0"' >>/etc/rc.conf.local Code:
net.inet.ip.forwarding=1 Code:
EXT_IF = "xl0" WRLS_IF = "athn0" match out on egress inet from !(egress:network) to any nat-to (egress:0) pass out on $EXT_IF from any to any pass out on $WRLS_IF from any to any pass in on $WRLS_IF from any to any |
|
||||
You might have missed a post containing an example of a dhcpd.conf in your PF-related thread. It would merely need to have the shared-network declaration removed, and the IP addresses changed to match your WiFi subnet.
For more on dhcpd configuration, you might find FAQ 6.4.2 helpful. Edited to add: Your netmasks need revision. in xl0, 255.0.10.0 isn't valid, and you have no netmask for athn0, and no "inet" declaration. |
|
|||
Thanks I changed the subnet and added a netmask to athn0 and it is handing out IP addresses.
I currently have a main firewall and then another machine(wireless server) that has a wireless card. The wireless server hands out an ip address to the client but no internet connection. on the wireless machine i have the following command to monitor pf Code:
tcpdump -n -e -ttt- i pflog0 The wireless server is able to ping the main firewall. The wireless server is able to return results from nslookup www.google.com |
|
||||
OK. Your atnh0's NIC uses the address 10.2.0.1, with some subnet which is now valid?
If so, your dhcpd.conf is using a different subnet. 192.168.1.0/24, and a range within for dynamic addresses. No wonder your network isn't communicating. |
|
|||
they are both 255.255.255.0 but still no internet.
I changed my pf.conf to look like this so I could catch the blocks Code:
EXT_IF = "xl0" WRLS_IF = "athn0" block log all match out on egress inet from !(egress:network) to any nat-to (egress:0) pass out on $EXT_IF from any to any pass out on $WRLS_IF from any to any pass in on $WRLS_IF from any to any |
|
||||
I'll try to be clearer. Please excuse me if you understood me previously, but from your last post I think you may still be confused.
Your dhcp.conf last posted above was pointing to the WRONG SUBNET. None of the 192.168 addresses referenced in that configuration file are valid. All of them must be in the range defined by your athn0 subnet, which is addressed at 10.2.0.1, and if it is a /24, then your dhcp.conf must point to addresses in 10.2.0.0/24. Here are the changes I would make, if I've understood your addressing. Code:
option domain-name "my.domain"; option domain-name-servers 4.4.4.4; subnet 10.2.0.0 netmask 255.255.255.0 { option routers 10.2.0.1 range 10.2.0.32 10.2.0.127; } |
|
|||
I will post my full config just in case i am not understanding.
/etc/hostname.athn0 Code:
up media autoselect mediaopt hostap mode 11g chan 7 nwid MY_SSID wpa wpakey MY_PWD_GOES_HERE 10.2.0.1 255.0.0.0 Code:
inet 10.1.0.1 255.0.0.0 Code:
option domain-name "my.domain"; option domain-name-servers 4.4.4.4; subnet 10.2.0.0 netmask 255.0.0.0 { option routers 10.2.0.1 range 10.2.0.32 10.2.0.99; } Code:
echo 'dhcpd_flags="athn0"' >>/etc/rc.conf.local Code:
net.inet.ip.forwarding=1 Code:
EXT_IF = "xl0" WRLS_IF = "athn0" block log all match out on egress inet from !(egress:network) to any nat-to (egress:0) pass out on $EXT_IF from any to any pass out on $WRLS_IF from any to any pass in on $WRLS_IF from any to any |
|
|||
I think my problem is in my nat.
ifconfig xl0: groups: is not showing up but ifconfig athn0 groups: wlan egress so how can i tell openbsd that xl0 is egress? |
|
||||
Each of your NICs must be in its own subnet. You seem to misunderstand IPv4 subnetting and netmasks. The mask defines the number of bits of the 32-bit address which make up the subnet. As an example, a CIDR of /24 and a netmask of 255.255.255.0 or 0xFFFFFF00 all mean the same thing:
11111111 11111111 11111111 00000000 24 bits of ones followed by 8 bits of zeros. The addresses in the zero portion make up the number of bits in the subnet. And in a subnet, the lowest address is reserved for the subnet itself, and is used in routing, and the highest address is reserved for broadcasts to all devices in the subnet. You may recall in your PF thread I mentioned a /30, the smallest subnet available except for point to point networks? A /30 netmask, in bits, looks like this: 11111111 11111111 11111111 11111100 There are two bits for addressing a /30, which is four values: 00, 01, 10, and 11. The first and last of those addresses are reserved, the remaining two are available for assignment to devices. e.g.: 192.168.39.16/30: 192.168.39.16 - the network 192.168.39.17 - first device 192.168.39.18 - second device 192.168.39.19 - broadcast Some of the tables in this Wikipedia article may help. ---- As shown in your latest post above: 1. Your hostname.athn0 is misconfigured. 1a) You have no "inet" declaration in front of the IPv4 address 1b) You have defined the netmask as 255.0.0.0. This is a /8, which has a range of 10.0.0.0 - 10.255.255.255. That is a subnet containing 16 million 177 thousand and 216 addresses, and it conflicts with your xl0 subnet. If you set this to a /24 instead, it will range from 10.2.0.0 - 10.2.0.255. 2. Your hostname.xl0 is misconfigured. It is in the same /8 subnet as your athn0 NIC, which is incorrect. If you set this to a /24 instead, it will range from 10.1.0.0 - 10.1.0.255. 3. Your dhcpd.conf is misconfigured. It is a /8, as your other NICs, and needs to match the athn0 subnet once you have corrected it. --- (NAT is not strictly required, but I will recommend retaining it for now, as if you wish to route without NAT you must add to your routing table in your outermost network.) Last edited by jggimi; 5th July 2014 at 01:50 AM. Reason: I chose the wrong base address for my /30 example. |
|
|||
One of the best (& classic...) explanations/tutorials on IPv4 addressing is the following:
http://tiszai.tricon.hu/PDF/3comip.pdf Note that this 3Com whitepaper can found at numerous sources, but be aware that the formating is incorrect at some URL's -- in the translation to PDF, exponents may not be correctly superscripted. The link provided above is correct. |
|
|||
Im a bit confused. First you said that the nics must be on seperate subnets 255.255.255.0 and then you said to make them both /24? I am assuming that /24 means 255.255.255.0 on both?
|
|
|||
Correct. 24 bits (or the first three octets in dotted decimal notation...) are used to define the network portion of the IPv4 address.
Quote:
I highly recommend study of the IPv4 addressing whitepaper provided earlier. There appears to be a number of fundamental addressing rules you need to understand in order to implement routing correctly. Last edited by ocicat; 5th July 2014 at 03:21 AM. Reason: clarity |
|
|||
thank you for the reply. I did change all the subnets to 255.255.255.0 and rebooted but still no internet.
|
|
|||
it is working now. i want to thank everyone that helped with this mess.
I will read the doc so i can understand subnet masks better in the future. Thanks again |
|
||||
Correct. The notation /24 means 24 bits of ones, followed by 8 bits of zeros.
The notation /24 is exactly the same as decimal 255.255.255.0 and is exactly the same as hexadecimal 0xFFFFFF00. All three of these mean the same thing: 24 bits of ones followed by 8 bits of zeros. The way you had the NICs configured above, with a netmask of "255.0.0.0", means 8 bits of ones followed by 24 bits of zeros. Since the first 8 bits was the same: 00001010, or decimal 10, both NICs were in the same subnet. Or would have been, if you had configured the athn0 file with the keyword "inet". This subnet begins at 10.0.0.0, the address of the network. It's broadcast address is 10.255.255.255, and between those two reserved addresses, there are 16,177,214 IP addresses which can be assigned to devices in this subnet. --- With CIDR notation, any number of bits can be used to define the size of the netmask. But for we human beings, we define our IP address in terms of four 8-bit decimal octets (bytes) with periods in between them. So CIDRs of /8, /16, and /24 are the easiest for us to see and understand, because they set the number of bits of ones at 1, 2, or 3 octet boundaries, A /24 is very handy for our small networks, for two reasons. 1) There are 256 addresses, 254 of them available for devices. 2) The three left bytes define the subnet, and the rightmost byte defines the devices within the subnet. Example: 10.0.0.1/24 and 10.0.0.207/24 are obviously in the same subnet, because only the right most octet is different. No router is needed for these two devices to communicate. However, a device at10.0.5.13/24 is in a different subnet, because the first three octets are different. IP traffic would need to be routed between the two subnets. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OpenBSD Access Point | varung90 | OpenBSD General | 1 | 2nd July 2014 10:26 AM |
Google details location services opt-out for Wi-Fi access point owners | J65nko | News | 0 | 16th November 2011 09:53 AM |
problems with wifi access point | mayuka | OpenBSD General | 60 | 4th February 2010 10:29 AM |
Wireless NIC for access point | dewarrn1 | FreeBSD General | 1 | 15th September 2009 11:01 PM |
Configuring a wireless access point | Serge | FreeBSD General | 6 | 6th June 2008 04:07 PM |