Routing from local to remote network over WLAN

Hello, this is my first post because I just installed FreeBSD to replace Linux on my local server... just wanna try something new. Until now I'm happy with FreeBSD but now I'm stucking in a routing problem.

The constelation is as follows:

FreeBSD Server has two interfaces, re0 192.168.4.30 for LAN 192.168.4.0/24
wlan1 192.168.44.188 for 192.168.44.0/24

The LAN is provided by a DHCP Service from a FritzBox router where every host in LAN (the FreeBSD Server too) is connected to.

So, my whish is to send packages from every host in 192.168.0.4/24 to hosts in 192.168.44.0/24 over the BSD Server.

FritzBox is configured for routing every package adressed to 192.168.44.0/24 over the FreeBSD Server as gateway.

For example the way it should work:

HostA ----------------> FritzBox ------------------> FreeBSD -------------- WLAN --------> HostB
192.168.4.28 ------------------------ 192.168.4.30, 192.168.44.188 ----------------192.168.44.187

The Routing table in FreeBSD looks like this:
Code:
bsd# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.4.1        UGS         re0
127.0.0.1          link#2             UH          lo0
192.168.4.0/24     link#1             U           re0
192.168.4.30       link#1             UHS         lo0
192.168.44.0/24    link#4             U         wlan1
192.168.44.188     link#4             UHS         lo0
That looks good in my opinion. 192.168.44.0/24 is available over wlan1.

So it is possible to ping the WLAN host on the other side:
Code:
bsd# ping 192.168.44.187
PING 192.168.44.187 (192.168.44.187): 56 data bytes
64 bytes from 192.168.44.187: icmp_seq=0 ttl=64 time=4.555 ms
64 bytes from 192.168.44.187: icmp_seq=1 ttl=64 time=0.740 ms
...

But if I try to ping from HostA it is not possible to reach the other side:
Code:
# ping 192.168.44.187
PING 192.168.44.187 (192.168.44.187) 56(84) bytes of data.
From 192.168.4.1: icmp_seq=1 Redirect Host(New nexthop: 192.168.4.30)
^C
--- 192.168.44.187 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4000ms

But as you can see, the routing table in the FritzBox tells that the next hop is the FreeBSD interface. So my suggestion is that the routing in FreeBSD server is not correct. But why?
I enable the forwarding:
Code:
bsd# sysctl -a |grep forwarding
net.inet.ip.forwarding: 1
But still not possible to ping from local LAN to remote network over WLAN... Can you provide some help?
Thanks!
 
Host A needs a static route telling it where to find the 192.168.44.0/24 network.

But as you can see, the routing table in the FritzBox tells that the next hop is the FreeBSD interface.
ICMP redirects are generally ignored because they're a security risk.
 
Hm, that makes no difference. If I tell HostA that it can reach 192.168.44.0/24 over 192.168.4.30 that just the first hop over FritzBox disappears.

Sure, it's possible that ICMP is ignored, but no other service (like NFS) is working.

There must be something else I have to configure on the FreeBSD to the routing work. What's about pf? Do I need some kind of NAT here?
 
What's the default gateway for host b?
If it's not the FreeBSD box then it will be sending packets for the 192.168.4.0/24 network out to the wrong place and will need a static route for the 4.0/24 network via 192.168.44.188, so that the packets go back through the FreeBSD box to the FritzBox lan.
 
That's correct and there is a static route. As I told in my first post, I replaced the Linux with FreeBSD on the server. The environment is still the same as before the change and routing with Linux worked this way.
I "tcpdump"ed the WLAN interface on HostB and there never received any packages.

As additional Info: I bridged re0 and wlan0 (another WLAN interface) in one interface bridge0. But this can not be a problem isn't it?
 
Hmm I can't see why the interfaces should be bridged on the FreeBSD box. You want the FreeBSD machine to route the packets, not bridge the two networks.

Can you see the ICMP packets if you tcpdump the LAN interface on the BSD box and ping host b from a?
 
This bridge is really not relevant at this point, because I only use it for the wlan0 interface which acts as a accesspoint with hostapd for me. It uses the DHCP on the FritzBox so that every WLAN client receives an address within 192.168.4.0/24. Thats why re0 with 192.168.4.30 is bonded to wlan0 without any IP.
The connection to HostB is established over wlan1 interface. So wlan0 has no effect here and is irrelevant.

Back to your question, yes I can receive ICMP from 192.168.4.28 with target 192.168.44.187 on the BSD box, here you can see:
Code:
bsd# tcpdump -nnvXSs 0 -c2 icmp
tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:50:52.270496 IP (tos 0x0, ttl 64, id 20674, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.4.28 > 192.168.44.187: ICMP echo request, id 30157, seq 1, length 64
        0x0000:  4500 0054 50c2 4000 4001 37bf c0a8 041c  E..TP.@.@.7.....
        0x0010:  c0a8 2cbb 0800 d14b 75cd 0001 67c4 f757  ..,....Ku...g..W
        0x0020:  0000 0000 87f6 0b00 0000 0000 1011 1213  ................
        0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
        0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
        0x0050:  3435 3637                                4567
Correct source, correct target... but no will of BSD to transfer it to wlan1 interface with this table:
Code:
bsd# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.4.1        UGS         re0
127.0.0.1          link#2             UH          lo0
192.168.4.0/24     link#1             U           re0
192.168.4.30       link#1             UHS         lo0
192.168.44.0/24    link#4             U         wlan1
192.168.44.188     link#4             UHS         lo0

Is there still something I have to pay attention on to get it work?
 
Just for testing, I want to act the BSD box to work as a NAT, so that every packages which leaves BSD over wlan1 has 192.168.44.188 as source and not 192.168.4.28 (HostA).
How can I achieve that? With PF?
 
Back
Top