FreeBSD gateway

Maxiu

Maxiu

I want to do gateway on FreeBSD on HP 8460p with this web interfaces.


Code: 
root@komputer:/home/komputer # ifconfig -a
em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether e4:11:5b:27:2b:fd
        hwaddr e4:11:5b:27:2b:fd
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
ue0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:e0:4c:53:44:58
        hwaddr 00:e0:4c:53:44:58
        inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 24:77:03:22:26:0c
        hwaddr 24:77:03:22:26:0c
        inet 192.168.43.112 netmask 0xffffff00 broadcast 192.168.43.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
        status: associated
        ssid internet channel 6 (2437 MHz 11g ht/20) bssid 64:db:43:49:78:81
        regdomain FCC country US authmode WPA2/802.11i privacy ON
        deftxkey UNDEF AES-CCM 2:128-bit txpower 30 bmiss 10 scanvalid 60
        protmode CTS ampdulimit 64k -amsdutx amsdurx shortgi -stbc wme
        roaming MANUAL
        groups: wlan

On wlan0 is estabish connection, I want to route it on em0 or ue0. Is it possible on this network card?
I tried to do some solution and second computer can't estabish connection.

/etc/rc.conf

Code: 
ifconfig_ue0="inet 10.1.1.1 netmask 255.255.255.0"
#create_args_ue0="mode hostap"
#create_args_ue0="wlanmode hostap"
#hostapd_enable="YES"
gateway_enable="YES"

defaultrouter="192.168.43.1"

dhcpd_enable="YES"
dhcpd_ifaces="ue0"
dhcpd_conf="/usr/local/etc/dhcpd.conf"
#dhcpd_withumask="022"
#dhcpd_flags="-q"


wlans_iwn0="wlan0"
ifconfig_wlan0="WPA SYNCDHCP"

/usr/local/etc/dhcpd.conf
Code: 
subnet 10.1.1.0 netmask 255.255.255.0 {
        range 10.1.1.10 10.1.1.254;
        option broadcast-address 10.10.1.255;
        option routers 10.1.1.1;
        option domain-name-servers 194.204.152.34
        }

Code: 
root@komputer:/home/komputer # netstat -nr
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.43.1       UGS       wlan0
10.1.1.0/24        link#4             U           ue0
10.1.1.1           link#4             UHS         lo0
127.0.0.1          link#2             UH          lo0
192.168.43.0/24    link#3             U         wlan0
192.168.43.112     link#3             UHS         lo0
 
So if I understand you correctly. You have a wlan0 connection that you want to share with wired interfaces em0 and ue0?
Does your wlan0 connection get its IP via DHCP?

I think you need something like dns/dnsmasq to assign IP's to your wired clients(not dhcpd). wlan0 probably gets IP via DHCP.
So you would create a static network for both em0 and ue0. That or bridge them, which is more complex.
 
1# So if I understand you correctly. You have a wlan0 connection that you want to share with wired interfaces em0 and ue0?
2# Does your wlan0 connection get its IP via DHCP?
Click to expand...

1. Yes.
2. Yes. I am use it for test for future move configs for...
https://forums.freebsd.org/threads/tor-torilla-on-freebsd.65567/
https://forums.freebsd.org/threads/...net-card-10-100-1000-will-be-supported.65566/
Using some tunnel for IPsec or something 13.7.1. https://www.freebsd.org/doc/handbook/ipsec.html

And finally VPN over this.



I'am lost ; on the option domain-name-servers :D

Now connection is established but I can't to connect to any site on second computer...

part of ifconfig from Linux Mint
Code: 
inet addr:10.1.1.10 Bcast:10.1.1.255 Mask:255.255.255.0

PS. Only backdor can stop me ;)

So is needed to forward packet using some firewall or, NAT or something?
 
OK so you need to install net/dnsmasq.
Here is a /etc/rc.conf for you.
Code: 
ifconfig_ue0="inet 10.1.1.1 netmask 255.255.255.0"
ifconfig_em0="inet 10.1.2.1 netmask 255.255.255.0"
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"
dnsmasq_enable="YES"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pflog_enable="YES"
pflog_logfile=/var/log/pflog
defaultrouter="192.168.43.1"

/usr/local/etc/dnsmasq.conf
Code: 
domain-needed
server=8.8.8.8
server=8.8.4.4
dhcp-range=set:ue0,10.1.1.2,10.1.1.200,255.255.255.0,24h
dhcp-range=set:em0,10.1.2.2,10.1.2.200,255.255.255.0,24h
dhcp-option=ue0,option:router,10.1.1.1
dhcp-option=em0,option:router,10.1.2.1
log-facility=/var/log/dnsmasq.log
log-dhcp
log-async
/etc/pf.conf Ths provides ONLY NAT
Code: 
ext_if="wlan0"
set skip on lo
nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)

Good Luck and Ask any questions you need.
ISC dhcp-server would probably also work. In FreeBSD there is no base DHCP server only the dhcp-client.
The ISC DHCP client dhclient is the default FreeBSD client.
net/isc-dhcp43-server is not in base install.
dns/dnsmasq does more for you though with dns too..
 
I see from the file directory of this file that this must be the isc dhcp-server you are talking about.

/usr/local/etc/dhcpd.conf

subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.10 10.1.1.254;
option broadcast-address 10.10.1.255;
option routers 10.1.1.1;
option domain-name-servers 194.204.152.34
}

Do you see the wrong address for option broadcast-address? Should'nt that be 10.1.1.255
I have never used the isc dhcp server.

Have you tried Google DNS for the "option domain-name-servers" setting? I think that is what it wants.
option domain-name-servers 8.8.8.8 8.8.4.4
 
Perfect. It work with IPFW.

Now, I have a TOR at 127.0.0.1:10001 as SOCK5 or 127.0.0.1:20001 as HTTP, Did You have idea how to rediret it on ue0 or em0?
 
I would not be able to cope without you :)

Code: 
ext_if="wlan0"                                  
int_if="ue0"                                    
                                                 
set skip on lo                                  
nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)
rdr pass on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 9040
rdr pass on $int_if proto tcp from any to any port 443 -> 127.0.0.1 port 9040
                                                 
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass out on $ext_if inet proto tcp from any to any port www keep state
pass out on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
pass in on $ext_if inet proto tcp from any to any port www keep state
 
Ok. I Have a TOR DNS on 9053. If I add it

Code: 
 no-resolv
server=127.0.0.1#9053
listen-address=127.0.0.1

to dnsmasq then hardware at LAN side do not working. Probably is looking DNS in own loopback, not into server loopback. Did You know how to redirect connection to DNS TOR dns?
 
Edit:

Code: 
ext_if="wlan0"
int_if="ue0"

rdr pass on $int_if proto tcp from any to any port 53 -> 127.0.0.1 port 9053
rdr pass on $int_if proto udp from any to any port 53 -> 127.0.0.1 port 9053
Screenshot from 2018-05-31 15-15-52.png

They do it self harming :)
 
Just remember that toor was originally developed by the US Navy.
So you must salute the flag everytime you use it. No seriously it is only so secure.

There is a setting in dnsmasq.conf for the loopback.
interface=wlan0,lo0
exclude=something?
I can update this later.
 
You must log in or register to reply here.
Back
Top