Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Jan 2009 11:53:44 -0900
From:      Mel <fbsd.questions@rachie.is-a-geek.net>
To:        freebsd-questions@freebsd.org
Cc:        regis505 <regis505@gmail.com>
Subject:   Re: wireless nic - access point
Message-ID:  <200901131153.44962.fbsd.questions@rachie.is-a-geek.net>
In-Reply-To: <21437407.post@talk.nabble.com>
References:  <21437407.post@talk.nabble.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 13 January 2009 06:00:08 regis505 wrote:
> I installed a D-Link WDA-2320 (Atheros chipset) wireless nic on my FreeBSD
> 7.1 system. I configured it as an access point. I read many posts on that
> topic and I am confused whether I need to bridge the wireless network to
> the wired network or just let the FreeBSD gateway to manage that.
>
> So far, I can connect from a wireless client to the FreeBSD Access Point (I
> can ping any machines on the wired network) but I cannot go beyond that and
> I would be very pleased if someone would explain what to do in terms of
> ipfilter NAT or routing to access the Internet from a wireless client. I
> have 3 network cards: ath0 (wireless - 10.0.2.0/24), bge0 (wired-
> 10.0.0.0/24), bce0 (Internet - DHCP). The wired network is behind an
> ipfilter firewall (10.0.0.1) and wired computers are NATed.

If what you're saying is "I cannot reach the internet", then you're missing a 
NAT rule for 10.0.2.0/24 to any. If you're unable to ping hosts on the 
wireless network other then the AP, then apbridge is likely turned off.

Otherwise, in pf syntax:
pass in on $int_if from $int_if:network to $wire_if:network             \
        tag WLAN_LAN keep state label "wlan_lan"
pass in on $wire_if from $wire_if:network to $int_if:network            \
        tag LAN_WLAN keep state label "lan_wlan"

should be enough to allow traffic from wireless to wire if you're default 
blocking. I don't know of a real advantage to bridge these, as traffic will 
go through AP physically regardless.
-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901131153.44962.fbsd.questions>