From owner-freebsd-questions@FreeBSD.ORG Tue Jan 13 20:53:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FD3A1065676 for ; Tue, 13 Jan 2009 20:53:47 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id A97CF8FC1A for ; Tue, 13 Jan 2009 20:53:46 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 66E5EAFBC3C; Tue, 13 Jan 2009 11:53:45 -0900 (AKST) From: Mel To: freebsd-questions@freebsd.org Date: Tue, 13 Jan 2009 11:53:44 -0900 User-Agent: KMail/1.9.10 References: <21437407.post@talk.nabble.com> In-Reply-To: <21437407.post@talk.nabble.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200901131153.44962.fbsd.questions@rachie.is-a-geek.net> Cc: regis505 Subject: Re: wireless nic - access point X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jan 2009 20:53:47 -0000 On Tuesday 13 January 2009 06:00:08 regis505 wrote: > I installed a D-Link WDA-2320 (Atheros chipset) wireless nic on my FreeBSD > 7.1 system. I configured it as an access point. I read many posts on that > topic and I am confused whether I need to bridge the wireless network to > the wired network or just let the FreeBSD gateway to manage that. > > So far, I can connect from a wireless client to the FreeBSD Access Point (I > can ping any machines on the wired network) but I cannot go beyond that and > I would be very pleased if someone would explain what to do in terms of > ipfilter NAT or routing to access the Internet from a wireless client. I > have 3 network cards: ath0 (wireless - 10.0.2.0/24), bge0 (wired- > 10.0.0.0/24), bce0 (Internet - DHCP). The wired network is behind an > ipfilter firewall (10.0.0.1) and wired computers are NATed. If what you're saying is "I cannot reach the internet", then you're missing a NAT rule for 10.0.2.0/24 to any. If you're unable to ping hosts on the wireless network other then the AP, then apbridge is likely turned off. Otherwise, in pf syntax: pass in on $int_if from $int_if:network to $wire_if:network \ tag WLAN_LAN keep state label "wlan_lan" pass in on $wire_if from $wire_if:network to $int_if:network \ tag LAN_WLAN keep state label "lan_wlan" should be enough to allow traffic from wireless to wire if you're default blocking. I don't know of a real advantage to bridge these, as traffic will go through AP physically regardless. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.