DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 24th November 2009
amorphousone amorphousone is offline
Port Guard
 
Join Date: Nov 2009
Posts: 11
Thanked 0 Times in 0 Posts
Default Network configuration issue (gateway(s))

hello all.
total noob to networking, but not entirely to unix (no expert either).

after all the reading i've done (Complete FreeBSD, Linux Network Admin, OpenBSD online manual, man pages, web how-tos), i still can't grok the routing i want for my first network.

here is a simple setup with extra computers removed for simplicity. i'm using static ips because dhcp didn'tseem necessary (fixed set of computers; am i wrong)?

i've attached a txt diagram of my landscape.

as may be apparent, i intend to use openbsdbox as a gateway/firewall/nat/yaddayadda

the box talks to the internet fine (i can ssh into it).
rl0 is up.
i haven't messed with the wifi part of this yet (laptop1).

at this point i just want desktop1 to talk to openbsdbox (in an attempt to keep my learning process simple; after that i guess i'll turn on packet forwarding so desktop1 can reach the internet). in my reading, i see information which conflicts (only in my mind i know).

1.WHICH of the ips listed above do i set to default gateway?
2. What is the minimum set of routes i add to get desktop1 to talk to openbsdbox?

i usually don't ask to be spoon fed answers, especially on this since i'm really trying to learn the guts of unix, but i've been beating my head against a wall for a week trying to learn networking so i can get this set up, and something's eluding me.

any help is GREATLY appreciated!

-scott

Code:
desktop1                     laptop1
192.168.0.201              192.168.0.202
      |                     |
      |_192.168.0.2_________|
            |
            |
        TRENDnet (wireless router)
        192.168.10.1
            |
            |
  +-----rl0   192.168.0.120-----+ (ip i assigned)
  |                             |
  |           openbsdbox        |
  |                             |
  +-----dc0   192.168.0.110------+
            |
            |
        cradlepoint (mobile broadband to ethernet converter)
        192.168.0.1
            |
            |
         internet
Attached Files
File Type: txt diagram.txt (592 Bytes, 10 views)

Last edited by J65nko; 24th November 2009 at 11:45 PM. Reason: Added diagram inline using code and /code tags
Reply With Quote
  #2   (View Single Post)  
Old 24th November 2009
ai-danno's Avatar
ai-danno ai-danno is offline
Spam Deminer
 
Join Date: May 2008
Location: Boca Raton, Florida
Posts: 284
Thanked 35 Times in 31 Posts
Default Lots of birds, and one stone won't kill them all

Welcome! It's been awhile for me on this forum but I got the message and love helping with networking noobs interested in OBSD... so here goes.

Attached is the diagram you submitted with my changes. Let's review some changes and other points here-
  • trendnet should bridge, not route
    Introducing multiple routed hops in a small lan should be avoided, and the wireless switch should be used for just that- wireless switching. Allow the OBSD box to be the router for the network. Later down the road this will lay the foundation for further securing your wireless internet access in your LAN (let's call that chapter 2).
  • The wireless switch can still maintain it's addressing...
    So that it can have a placeholder address for management purposes, but that will need to change from the 192.168.10.0/24 it's currently showing as being assigned to in your original diagram to the 192.168.0.0/24 network that the desktops and the OBSDbox belong to.
  • default gateway for desktops should be 192.168.0.120
    This is your rl0 interface that directly attaches to the Trendnet wireless switch (I know, it's a router, but we are just going to use it as a wireless switch between your desktop and your OBSDbox).
  • obsd box should nat between the 192.168.0.0/24 and 10.0.0.0/24
    This will require not only a bit of learning/work in pf (which we can assist in, of course) but will also require turning on forwarding in the OBSDbox (# sysctl net.inet.ip.forwarding=1 or permanently edit /etc/sysctl.conf)
  • cradlepoint will of course nat between public and 10.0.0.0/24
    The way you had the whole network using the 192.168.0.0/24 made it a flat network, but we want a routed breakpoint in the network to allow for NAT. That means the cradlepoint will need to speak to the OBSDbox on a different private network than the OBSDbox uses to talk to the desktops across the wireless switch.
  • don't worry about dhcp for now,
    but there are some really good reasons to use it in your network

    I'm sure I've left something out, but this should get you started. Remember to reference the diagram I attached back with the changes.

Code:
desktop1                     laptop1
192.168.0.201              192.168.0.202
      |                     |
      |_192.168.0.2_________|
            |
            |
        TRENDnet (wireless router)- USE AS A BRIDGE ONLY, NOT AS A ROUTER.
        192.168.0.1
            |
            |
  +-----rl0   192.168.0.120-----+ (ip i assigned)
  |                             |
  |           openbsdbox        |
  |                             |
  +-----dc0   10.0.0.110------+
            |
            |
        cradlepoint (mobile broadband to ethernet converter)
        10.0.0.1
            |
            |
         internet


The default gateway of your desktops should be 192.168.0.120
The TRENDnet should bridge, not route, packets from desktop to obsdbox
Obsdbox should nat between the two private networks (192.168.0.0/24 and
10.0.0.0/24) unless the cradlepoint will have routing intelligence back
to the 192.168.0.0/24 network.
Attached Files
File Type: txt dannodiagram.txt (932 Bytes, 11 views)
__________________
Network Firefighter

Last edited by J65nko; 25th November 2009 at 12:04 AM. Reason: Added diagram inline ;) Come on boys, where does this diagram attachment disease come from?
Reply With Quote
  #3   (View Single Post)  
Old 25th November 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default

Ai-danno beat me in answering. I took the liberty to add the diagrams inline so it easier for everybody to follow
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 25th November 2009
amorphousone amorphousone is offline
Port Guard
 
Join Date: Nov 2009
Posts: 11
Thanked 0 Times in 0 Posts
Default

ai-danno,
thanks so much for the response! i'll mull this stuff over and be back in a few days with some questions that will inevitably arise as a result.

and thanks to you too J65nko for the inline diagram!

-scott
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
WindowMaker 0.92.0p7 (OpenBSD 4.4/i386 Packages) configuration issue. xixobrax OpenBSD General 1 3rd May 2009 04:04 PM
Nvidia nForce MCP77 network adapter issue padmanabh FreeBSD Installation and Upgrading 5 17th January 2009 12:18 PM
antivirus gateway milo974 OpenBSD Security 9 14th September 2008 04:02 AM
FreeBSD Gateway tad1214 FreeBSD Ports and Packages 4 11th July 2008 05:31 AM
Dual WAN gateway. LordZ OpenBSD Security 2 2nd June 2008 09:00 AM


All times are GMT. The time now is 10:32 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick