Hello everyone,
I'm creating a simple Wifi router with a Raspberry PI 3.
The router consists of 2 network interfaces:
1. ue0: the LAN interface connect to the internet
2. wlan0: the Wireless interface for the internal network
I'm using:
hostapd on wlan0 to create an access point,
pf for the firewall and to create a NAT for wlan0,
bind 9.16.5 for the DNS server,
and isc-dhcp 4.4.2 for the DHCP server.
With my current configuration I can connect all my devices (handy, laptop etc.) with the RPI3, the DHCP server is working, I do have internet access on all connected devices but the DNS is not working.
On the RPI3 itself the DNS is working just fine.
I tested everything with (nearly) the same configuration on my laptop where everything is working, even the DNS.
The big differences between my laptop and the RPI3 I know of are:
Latptop: amd64 RPI3: arm64
Laptop: Freebsd 12.1 RPI3: 13.0
RPI3: I cannot load kernel modules with /boot/loader.conf, I load them either manually or with kld_list (see my /etc/rc.conf)
RPI3: /etc/pf.conf has a rule to allow SSH which is not needed on my laptop and this difference shouldn't affect the DNS problem
I installed bind 9.16.5 on the RPI3 from ports because bind916 from the package manager was version 9.16.4 but on my laptop 9.16.5.
I'm using the same Wifi adapter on both machines.
My /etc/rc.conf:
My /boot/loader.conf:
My /etc/pf.conf:
In /usr/local/etc/namedb/named.conf I changed
to
.
For completeness I attached the whole file (but it is to much code to paste it directly in here).
My /usr/local/etc/dhcpd.conf:
My /etc/hostapd.conf:
My /etc/resolv.conf (currently behind another router):
This is another issue but I should mention, that I start everything manually because I cannot configure the wlan0 interface at boot time for hostap (I'm not sure how to pass the create arguments to ifconfig in rc.conf). This is how I start everything (on my laptop I do the same):
This is my first post, so I hope I have provided all necessary information and posted this in the right forum, if not please tell me so.
I'm creating a simple Wifi router with a Raspberry PI 3.
The router consists of 2 network interfaces:
1. ue0: the LAN interface connect to the internet
2. wlan0: the Wireless interface for the internal network
# uname -a
FreeBSD Turtle 13.0-CURRENT FreeBSD 13.0-CURRENT #0 r362853: Thu Jul 2 09:41:06 UTC 2020 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/arm64.aarch64/sys/GENERIC arm64
I'm using:
hostapd on wlan0 to create an access point,
pf for the firewall and to create a NAT for wlan0,
bind 9.16.5 for the DNS server,
and isc-dhcp 4.4.2 for the DHCP server.
With my current configuration I can connect all my devices (handy, laptop etc.) with the RPI3, the DHCP server is working, I do have internet access on all connected devices but the DNS is not working.
On the RPI3 itself the DNS is working just fine.
I tested everything with (nearly) the same configuration on my laptop where everything is working, even the DNS.
The big differences between my laptop and the RPI3 I know of are:
Latptop: amd64 RPI3: arm64
Laptop: Freebsd 12.1 RPI3: 13.0
RPI3: I cannot load kernel modules with /boot/loader.conf, I load them either manually or with kld_list (see my /etc/rc.conf)
RPI3: /etc/pf.conf has a rule to allow SSH which is not needed on my laptop and this difference shouldn't affect the DNS problem
I installed bind 9.16.5 on the RPI3 from ports because bind916 from the package manager was version 9.16.4 but on my laptop 9.16.5.
I'm using the same Wifi adapter on both machines.
My /etc/rc.conf:
Bash:
hostname="Turtle"
ifconfig_ue0="DHCP"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
growfs_enable="YES"
kld_list="/boot/kernel/wlan_amrr.ko /boot/kernel/wlan_acl.ko"
keymap="de.noacc.kbd"
ntpd_enable="YES"
ntpd_program="/usr/local/sbin/ntpd"
ntpdate_program='/usr/local/sbin/ntpdate'
ntpd_sync_on_start="YES"
# router
wlans_rum0="wlan0"
if_config_wlan0="inet 192.168.0.1 255.255.255.0"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_program="/sbin/pfctl"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
hostapd_enable="YES"
named_enable="YES"
named_conf="/usr/local/etc/namedb/named.conf"
dhcpd_enable="YES"
My /boot/loader.conf:
Bash:
# Configure USB OTG; see usb_template(4).
hw.usb.template=3
umodem_load="YES"
# Multiple console (serial+efi gop) enabled.
boot_multicons="YES"
boot_serial="YES"
# Disable the beastie menu and color
beastie_disable="YES"
loader_color="NO"
wlan_xauth_load="YES"
wlan_acl_load="YES"
wlan_amrr_load="YES"
loader_delay="20"
My /etc/pf.conf:
Bash:
int_if = "wlan0"
ext_if = "ue0"
localnet = $int_if:network
icmp_types = "{ echoreq, unreach }"
table <bruteforce> persist
table <reserved> { 0.0.0.0/8 10.0.0.0/8 100.64.0.0/10 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.0.0/29 192.0.2.0/24 192.88.99.0/24 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 203.0.113.0/24 \
240.0.0.0/4 255.255.255.255/32 }
set skip on lo0
scrub in all fragment reassemble max-mss 1440
nat on $ext_if inet from !($ext_if) -> ($ext_if:0)
antispoof quick for $ext_if
block in quick on egress from <reserved>
block return out quick on egress to <reserved>
block all
# allow ssh
pass in on $ext_if proto tcp to port { 22 } \
keep state (max-src-conn 15, max-src-conn-rate 3/1, \
overload <bruteforce> flush global)
pass out proto { tcp, udp } to port { 22 53 80 123 443 }
pass out inet proto icmp icmp-type $icmp_types
pass from { self $localnet } to any keep state
In /usr/local/etc/namedb/named.conf I changed
Bash:
listen-on { 127.0.0.1; };
Bash:
// listen-on { 127.0.0.1; };
For completeness I attached the whole file (but it is to much code to paste it directly in here).
My /usr/local/etc/dhcpd.conf:
Bash:
option domain-name "localnet.localdomain";
option domain-name-servers 192.168.0.1;
option netbios-name-servers 192.168.0.1;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
always-broadcast on;
authoritative;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.199;
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option routers 192.168.0.1;
My /etc/hostapd.conf:
Bash:
interface=wlan0
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=3
# dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=MY_SSID
wpa=2
wpa_passphrase=MY_PSK
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
ieee8021x=0
auth_algs=1
macaddr_acl=0
My /etc/resolv.conf (currently behind another router):
Bash:
# Generated by resolvconf
nameserver 192.168.1.1
This is another issue but I should mention, that I start everything manually because I cannot configure the wlan0 interface at boot time for hostap (I'm not sure how to pass the create arguments to ifconfig in rc.conf). This is how I start everything (on my laptop I do the same):
# ifconfig wlan0 destroy
# ifconfig wlan0 create wlandev rum0 wlanmode hostap
# ifconfig wlan0 inet 192.168.0.1 netmask 255.255.255.0
# service pf restart
# service hostap restart
# service pflog restart
# service named restart
# service isc-dhcpd restart
This is my first post, so I hope I have provided all necessary information and posted this in the right forum, if not please tell me so.