8.0-STABLE and wireless/wired LAN bridge

earlmred

earlmred

Previously had PF/nat working with my LAN to WAN, I've added a wireless card into the mix and have bridged the wireless to the wired LAN. I'm able to connect to the WAP, and grab an IP address via DHCP, and ping the server, but NAT doesn't seem to be working. Any help would be appreciated. What I believe to be relevant is included below.

[CMD=]uname -ar[/cmd]
Code: 
FreeBSD foghornleghorn.res.openband.net 8.0-STABLE FreeBSD 8.0-STABLE #0: Sun Dec  6 23:42:11 EST 2009     root@foghornleghorn.res.openband.net:/usr/obj/usr/src/sys/CUSTOM  amd64

[CMD=]cat /etc/rc.conf[/cmd]
Code: 
# -- sysinstall generated deltas -- # Sat Aug 29 00:39:37 2009
# Created: Sat Aug 29 00:39:37 2009
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
hostname="foghornleghorn.res.openband.net"

ifconfig_em0="DHCP"
ifconfig_re0="up"
ifconfig_wlan0="up"
wlans_ral0="wlan0"
create_args_wlan0="wlanmode hostap mode 11g"
cloned_interfaces="bridge0"
ifconfig_bridge0="inet 192.168.0.1 netmask 255.255.255.0 addm wlan0 addm re0 up"
hostapd_enable="YES"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pglogd_enable="YES"
moused_enable="NO"
moused_port="/dev/psm0"
moused_type="auto"
sshd_enable="YES"
zfs_enable="YES"
rpcbind_enable="YES"
nfs_server_enable="YES"
mountd_flags="-r"
fsck_y_enable="YES"
background_fsck="NO"
svscan_enable="YES"
dhcpd_enable="YES"
devd_enable=YES
nfs_client_enable="YES"

[CMD=]cat /etc/pf.conf[/cmd]
Code: 
ext_if          = "em0"
int_if          = "bridge0"

localnet        = $int_if:network

set loginterface $ext_if
set limit states 1250000
scrub on $ext_if

nat on $ext_if from $localnet to any                  -> ($ext_if)
antispoof for $ext_if
#block in quick on $ext_if from <blacklisted> to any
block log all
block in log quick from urpf-failed
pass on lo0

pass in on $int_if from $localnet to any keep state
pass out on $int_if from any to $localnet keep state
pass out on $ext_if proto { tcp udp icmp } all modulate state

[CMD=]cat /usr/local/etc/dhcpd.conf[/cmd]
Code: 
option domain-name "res.openband.com";
option domain-name-servers 192.168.0.1;
option subnet-mask 255.255.255.0;

default-lease-time 3600;
max-lease-time 86400;
ddns-update-style none;
subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.4 192.168.0.255;
  option routers 192.168.0.1;
}

[CMD=]netstat -rn[/cmd]
Code: 
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            10.130.4.33        UGS         0     4253    em0
10.130.4.32/29     link#2             U           0        0    em0
10.130.4.35        link#2             UHS         0        0    lo0
127.0.0.1          link#6             UH          0        0    lo0
192.168.0.0/24     link#8             U           2     5106 bridge
192.168.0.1        link#8             UHS         0        0    lo0

Protocol Family 28:
Destination        Gateway            Flags    Netif Expire
(28) 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000 (28) 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0001 0000 0000 UH        lo0
(28) 0000 0000 0000 fe80 0006 0000 0000 0000 0000 0000 0000 0000 0000 link#6             U         lo0
(28) 0000 0000 0000 fe80 0006 0000 0000 0000 0000 0000 0001 0000 0000 link#6             UHS       lo0
(28) 0000 0000 0000 ff01 0006 0000 0000 0000 0000 0000 0000 0000 0000 (28) 0000 0000 0000 fe80 0006 0000 0000 0000 0000 0000 0001 0000 0000 U         lo0
(28) 0000 0000 0000 ff02 0006 0000 0000 0000 0000 0000 0000 0000 0000 (28) 0000 0000 0000 fe80 0006 0000 0000 0000 0000 0000 0001 0000 0000 U         lo0
 
[CMD=]cat /etc/hostapd.conf[/CMD]
Code: 
[root@foghornleghorn /usr/local/etc]# cat /etc/hostapd.conf 
interface=wlan0
hw_mode=g
auth_algs=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
wpa=1
wpa_passphrase=XXXXXXXX
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP CCMP
logger_syslog=1
logger_syslog_level=4
ssid=boyd
 
[CMD=]ifconfig[/CMD]
Code: 
e0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3898<VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_UCAST,WOL_MCAST,WOL_MAGIC>
	ether 00:24:1d:5a:b7:d0
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
	ether 00:1b:21:4e:e5:2e
	inet 10.130.4.35 netmask 0xfffffff8 broadcast 10.130.4.39
	media: Ethernet autoselect (10baseT/UTP <half-duplex>)
	status: active
ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
	ether 00:25:9c:7d:58:72
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
	status: running
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
pfsync0: flags=0<> metric 0 mtu 1460
	syncpeer: 224.0.0.240 maxupd: 128
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3<RXCSUM,TXCSUM>
	inet6 fe80::1 prefixlen 64 scopeid 0x6 
	inet6 ::1 prefixlen 128 
	inet 127.0.0.1 netmask 0xff000000 
pflog0: flags=0<> metric 0 mtu 33152
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether de:2f:00:fc:c6:4f
	inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 1 priority 128 path cost 20000
	member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 9 priority 128 path cost 370370
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:25:9c:7d:58:72
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
	status: running
	ssid boyd channel 6 (2437 Mhz 11g) bssid 00:25:9c:7d:58:72
	country US authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit
	TKIP 3:128-bit txpower 0 scanvalid 60 protmode CTS dtimperiod 1 -dfs
 
This is solved, I'm dumb.

I was testing with my laptop, with both wired and wireless connected. However, since I have wired and wireless bridged on the firewall, they have the same MAC address and IP address for the gateway, so that doesn't really work does it :)

Having one or the other connected at a time from one client works fine though.
 
You must log in or register to reply here.
Back
Top