How to configure two interfaces (LAN and WLAN)?

B

balanga

Can someone suggest how I should configure two interfaces (LAN and WAN) where the LAN (em0) is connected to my internal network, and WAN (wlan0) is connected to an Internet router?

I'm trying to set up a small local network in which I removed references to wlans in /etc/rc.conf, but on rebooting the following gets 'auto-added !!!?':-

Code: 
wlans_iwn0="wlan0"
ifconfig_wlan0="WPA DHCP"

I've very surprised to see these lines appear by themselves and didn't think it was possible. Can anyone explain how this comes about?

BTW FreeBSD 13.1-RELEASE
 
Last edited by a moderator:
I guess I should set the LAN interface to static and keep the WAN interface as DHCP.... I don't see any way to specify which dhcp server a particular interface should listen to. Having said that, ifconfig seems to have a million options and my eyes glaze over when looking though them, so maybe there is something...
 
balanga said:
my eyes glaze over
Click to expand...
This is just for interfaces?
Wait until you get to pf rules.....

So you have two choices.
A firewall built by others.

pfSense® - World's Most Trusted Open Source Firewall

pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more
www.pfsense.org www.pfsense.org

Or you knuckle down and learn pf.

Book of PF, 3rd Edition

The Book of PF, 3rd Edition is the essential guide to building a secure network with PF, the OpenBSD packet filtering tool.
nostarch.com nostarch.com

Nobody can learn this for you. Every network is different.
 
OK so I have managed to configure my laptop (ThinkPad X61) so that it connects to the Internet via a wireless router (192.168.1.1) via wlan0 and to my test DHCP server (192.168.2.50) via LAN using a static IP address of 192.168.2.20 on em0. Is there any way of getting my DHCP server to access the Internet using my laptop as a router? Is it as simple as adding 'route add default 192.168.2.20' to my DHCP server?

Apologies if this is all to obvious to you network gurus...
 
balanga said:
OK so I have managed to configure my laptop (ThinkPad X61) so that it connects to the Internet via a wireless router (192.168.1.1) via wlan0 and to my test DHCP server (192.168.2.50) via LAN using a static IP address of 192.168.2.20 on em0. Is there any way of getting my DHCP server to access the Internet using my laptop as a router? Is it as simple as adding 'route add default 192.168.2.20' to my DHCP server?

Apologies if this is all to obvious to you network gurus...
Click to expand...

Forwarding needs to be on on the laptop.

The DHCP server might have other default routes, which you should remove.
 
cracauer@ said:
Forwarding needs to be on on the laptop.

The DHCP server might have other default routes, which you should remove.
Click to expand...
The laptop (em0=192.168.2.20) has a default route of 192.168.1.1 so can access the Internet as well as my test dhcp server (192.168.2.50).
I have set the server with a default route of 192.168.2.20, which it can access, as well as the the iwn0 assigned address of 192.168.1.9.
If I remove the default route it can't ping the latter.

Any suggestions about what I can do?
 
I would be willing to help you but your description is too vague.

Is this an existing network you are trying to extend with wireless?

Is this hooked to your own network gear for internet?

I am wondering why you have two subnets. It makes it all the harder.

You are aware of NAT?
 
Phishfry said:
I would be willing to help you but your description is too vague.

Is this an existing network you are trying to extend with wireless?

Is this hooked to your own network gear for internet?

I am wondering why you have two subnets. It makes it all the harder.

You are aware of NAT?
Click to expand...
Let's say I am using two subnets 192.168.1.0 and 192.168.2.0. My Internet gateway is 192.168.1.1 which is an ASUS wireless router to which I connect my laptop via Wifi. I am trying to familiarise myself with DHCP, principally to have a PXE Server available which I want to use on 192.168,2.0. I'm able to access the Internet via the wifi interface and the server via LAN. It would be handy to be able install pkgs on the server by being able to connect to the Internet, but can't figure out how to do it.

I've looked at the

30.2.3. Dual Homed Hosts​


section in https://people.freebsd.org/~blackend/en_US.ISO8859-1/books/handbook/network-routing.html

but haven't figured it out yet.
 
Structurally that is unsound. Two DHCP servers on one network is bad. Just a heads up there.
They will collide even on different subnets.
 
Phishfry said:
Structurally that is unsound. Two DHCP servers on one network is bad. Just a heads up there.
They will collide even on different subnets.
Click to expand...
Let's say I stop the dhcp server service on 192.168.2.0, how do I access the Internet using my laptop as a router?
 
yuripv79 said:
That doesn't sound right; did you find what added them back?
Click to expand...
I just checked that I wasn't making things up by deleting any reference to wlan0 in /etc/rc.conf and after rebooting it was back along with 'ifconfig_wlan="WPA DHCP"

Very strange!

dmesg mentions

wlan0: Ethernet address: 00:21:5c:42:47::75
iwn0: iwn_read_firmware: ucode rev=0xe43d0210
Click to expand...

Could the firmware update /etc/rc.conf ?

Apologies if this is a dumb question.
 
If I'm understanding correctly, you want the wlan (iwn0) interface to obtain its address from DHCP, use NAT allow hosts on the ethernet network internet access, and also assign hosts on the ethernet network addresses via DHCP.

If you're looking for a checklist, though, a basic one might look something like this:
  1. Configure the wireless interface, and make sure you've got internet connectivity
  2. Configure the ethernet interface with a static IP address appropriate for the LAN (since it will be the gateway for the LAN)
  3. Configure the system and firewall for NAT
  4. Make sure you've got LAN connectivity (perhaps by assigning a static IP to a device on the LAN)
  5. Make sure that the LAN device to which you've assigned the static IP is able to access the internet
  6. Setup up a DHCP server on the ethernet (LAN) interface.
  7. Make sure a device plugged-in to the LAN gets an address from the DHCP server running on the laptop, and can access the internet
I've assumed the use of Network Address Translation (NAT), which means you'll have to use pf or another firewall, as mentioned above. You should be able to configure and run a DHCP server on the laptop ethernet interface. pf is included in FreeBSD; see https://docs.freebsd.org/en/books/handbook/firewalls/.

You don't want two DHCP servers running on the same LAN segment (as someone mentioned above), and that includes the WiFi network. There are a handful of DHCP servers out there, but the one I'm most familiar with is dhcpd (which is ported from OpenBSD like pf). Take a look at the man page: https://man.openbsd.org/dhcpd.8.

There is a decent work-up of using pf for NAT here: https://www.openbsd.org/faq/pf/nat.html

All of that said, I have to ask -- are you using this laptop to bridge an isolated LAN to a larger network? If that's the case, rather than setting up NAT and DHCPD, it might be simpler to configure your laptop to act as a transparent bridge between the WiFi network and the ethernet network to which it connects.
 
balanga said:
I just checked that I wasn't making things up
Click to expand...
I am not saying your making up anything but what you are saying is impossible with normal FreeBSD.
You delete something in /etc/rc.conf and its gone for ever.

I have no idea what would put it back.

When I first read it I thought perhaps you had re-installed FreeBSD.
It would catch the wifi and set it up.

One way to have your PXE server is eliminate the ASUS DHCP server and use you own on the laptop.
I am sure you can disable it in the Asus.
 
geolscott said:
If I'm understanding correctly, you want the wlan (iwn0) interface to obtain its address from DHCP, use NAT allow hosts on the ethernet network internet access, and also assign hosts on the ethernet network addresses via DHCP.

If you're looking for a checklist, though, a basic one might look something like this:
  1. Configure the wireless interface, and make sure you've got internet connectivity
  2. Configure the ethernet interface with a static IP address appropriate for the LAN (since it will be the gateway for the LAN)
  3. Configure the system and firewall for NAT
  4. Make sure you've got LAN connectivity (perhaps by assigning a static IP to a device on the LAN)
  5. Make sure that the LAN device to which you've assigned the static IP is able to access the internet
  6. Setup up a DHCP server on the ethernet (LAN) interface.
  7. Make sure a device plugged-in to the LAN gets an address from the DHCP server running on the laptop, and can access the internet
I've assumed the use of Network Address Translation (NAT), which means you'll have to use pf or another firewall, as mentioned above. You should be able to configure and run a DHCP server on the laptop ethernet interface. pf is included in FreeBSD; see https://docs.freebsd.org/en/books/handbook/firewalls/.

You don't want two DHCP servers running on the same LAN segment (as someone mentioned above), and that includes the WiFi network. There are a handful of DHCP servers out there, but the one I'm most familiar with is dhcpd (which is ported from OpenBSD like pf). Take a look at the man page: https://man.openbsd.org/dhcpd.8.

There is a decent work-up of using pf for NAT here: https://www.openbsd.org/faq/pf/nat.html

All of that said, I have to ask -- are you using this laptop to bridge an isolated LAN to a larger network? If that's the case, rather than setting up NAT and DHCPD, it might be simpler to configure your laptop to act as a transparent bridge between the WiFi network and the ethernet network to which it connects.
Click to expand...
That seems to overcomplicate things.... In essence imagine there are three hosts, one them being a Broadband router/ Internet Gateway - host 1.
Host 2 is just a FreeBSD system with two interfaces where wlan0 gets its IP address via DHCP from host 1 and the other where em0 has a static IP on a different subnet say .2.0. Host 3 is another FreeBSD system where em0 is also static and also on subnet 2.0. All I want to do is to be able to ping 8.8.8.8 from host 3.
If I can setup a transparent bridge on host, would that give me what I want?

I can't honestly see why defaultrouter="192.168.2.20" in host 3's configuration doesn't work.
 
balanga said:
Is this the answer that I'm looking for?

Click to expand...
Probably not. That's a weird setup. If I understand your network correctly, you have two choices:
  1. Add a static route to your Asus access point. Network is 192.168.2.0/24. Gateway is 192.168.1.9
  2. Set up NAT on your laptop. Something like this (pf syntax) nat on iwn0 from 192.168.2.0/24 to any -> 192.168.1.9
You might want to review the Handbook section on pf(4) if you choose to try the latter:
docs.freebsd.org

Chapter 33. Firewalls

FreeBSD has three firewalls built into the base system: PF, IPFW, and IPFILTER. This chapter covers how to define packet filtering rules, the differences between the firewalls built into FreeBSD and how to use them
docs.freebsd.org docs.freebsd.org
 
Jose said:
Probably not. That's a weird setup. If I understand your network correctly, you have two choices:
  1. Add a static route to your Asus access point. Network is 192.168.2.0/24. Gateway is 192.168.1.9
Click to expand...
How specifically do I do that? ie what entries do I need in rc.conf presumably on host 3...
 
You must log in or register to reply here.
Back
Top