Josh Webb wrote:
Unless you have a complex network with servers you want to keep in a
DMZ, you don't need to link the routers the way you have. Having done
the same thing not too long ago, here's what you'll probably want to do.
First, plug the cable modem into the Linksys and write down the DNS
servers from the status page. There's a way to get them from the OBSD
box, but I couldn't tell you how right off the top of my head.
Since the pf box will take care of the routing, you should plug its
internal interface into the LAN switch on the Linksys. My Linksys is a
diferent model (befw11s4), but I imagine yours does the same. If you
ever have to do a full reset, it will default its internal IP address to
192.168.1.1. To prevent it from confilcting with the pf box, set the
internal interface on the pf box to 192.168.1.2. (The external one, of
course, should be using DHCP). Go ahead and set the Linksys's internal
IP address to 192.168.1.1 and turn off its DHCP server, the pf box can
take care of that too.
Turn on the dhcp server on your pf box by editing rc.conf and replacing
the dhcpd_flags's NO with opening and closing double quotes ("") Make
sure you have also changed the NO to a YES on the pf entry.
Take a look at the example config files I attached.
After setting up your own dhcpd.conf and pf.conf, reboot the pf box.
Remember to either set the client system to use DHCP, or be sure to set
its gateway to 192.168.1.2 and give it the DNS servers you wrote down
before.
Also, be sure to read the PF User's Guide
http://openbsd.org/faq/pf/index.html
And I would suggest "Absolute OpenBSD" as a good introduction. For a
technical book, it's very readable. http://www.absoluteopenbsd.com/
Bob Ababurko wrote:
Hello-
I am in the process of setting up my first pf box. I am embarrassed
to say that I am having trouble even getting past the networking
portion of my network. The box I am configuring is going to be
between my cable modem and my wireless router....so this is where my
issues are coming from. I cannot seem to get the routers to talk to
each other. except in one instance which I talk about below. Here is
a diagram of the network:
Internet<----> (-Cable Modem- 24-52-224-246)/ hme0 (-pf box-)
rl0/192.168.1.1 <---------> 192.168.1.2(-Linksys WRT55G-)
192.168.69.1 .oO)) 192.168.69.50(wireless client(MAC OS X))
Ok, I hope that this will help more than hinder.
* I can communicate to the Internet from the pf box.
* I cannot ping the outside interface of the linksys(192.168.1.2) from
the pf box.
* I cannot ping the inside interface(192.168.1.1) of the pf box from
the MAC OS X(192.168.69.50)
* I can ping the outside interface(192.168.1.2) of the linksys from
the MAC OS X(192.168.69.50)
***so basically the two routers are not talking
-The pf box is set up with:
net.inet.ip.forwarding=1
-and in pf.conf:
pass in log all keep state
pass out log all keep state
It seems that the routing tables would be incorrect, but I _think_
they are ok.
***Routing table on _pf box_
/root $netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Interface
default 24-52-224-gate.knt UGS 9 38937 -
hme0
24.52.224/23 link#1 UC 1 0 -
hme0
24-52-224-gate.knt 0:50:57:1:37:2 UHLc 1 0 -
hme0
24-52-224-246.kntn localhost UGHS 0 0 33192 lo0
loopback localhost UGRS 0 0 33192 lo0
localhost localhost UH 2 2 33192 lo0
192.168.1/24 link#2 UC 2 0 - rl0
192.168.1.1 0:50:22:84:dc:6f UHLc 0 4 - lo0
192.168.1.2 0:13:10:e:83:3c UHLc 1 277 - rl0
192.168.69/24 link#2 UCS 1 0 - rl0
192.168.69.50 link#2 UHLc 0 5 - rl0
BASE-ADDRESS.MCAST localhost URS 0 0 33192 lo0
******Notice that the MAC address of the linksys WRT55G(192.168.1.2)
is in the routing table even though I cannot ping it.(Does this tell
me something?)
******Also notice that I tried pinging my MAC OS X box(192.168.69.50)
from the pf box before I pasted the output of netstat -r. No success.
**Routing table on the Linksys WRT55G
Destination LAN IP Subnet Mask Gateway Interface
192.168.69.0 255.255.255.0 0.0.0.0 LAN & Wireless
192.168.1.0 255.255.255.0 0.0.0.0 WAN (Internet)
0.0.0.0 0.0.0.0 192.168.1.1 WAN (Internet)
***The firewall is turned off on the Linksys router. Will this router
just route traffic and let everything pass?
One interesting thing. I can connect to the pf box(192.168.1.1) from
the MAC OS X(192.168.69.50) via ssh. This connection takes a very
long time to establish though. Almost like it was a dns timeout but
it is not. I know this because I put this in the sshd_config of the
pf box to make sure.....UseDNS no. I cannot ping or connect to
anything one hop beyond the pf box out on the Internet rom the MAC OS
X box.
Is there something _obvious_ here that I have not done? or
overlooking? I really think that the linksys router is the thing that
is odd here. If it was a Cisco router, I think it would be much
easier. I cant even log on to the linksys and ping or traceroute
anything. If anyone has a suggestion, I would appreciate it.
-Bob
Josh-
So, are you saying that my wireless router will become an access point
when I just use the switch? That will be really great if I can get
that to work like that......although I am skeptical that Linksys was
that smart about it. The _only_reason, I wanted to use the Linksys in
the network as I had tried, was to use the wireless access that it provides.
-Bob
