Re: Is pf all I need to set up a gateway/router?

Thu, 20 Dec 2007 05:37:18 -0800 

Greetings,

On 20/12/2007, at 8:53 PM, Sunnz wrote:


Hi,

I am just trying to set up a wireless gateway/router using an old Mac
with OpenBSD 4.2 installed... I have followed through the FAQ and set
up my device, IP addresses, and DHCPD accordingly.

Now I have come to this part of the FAQ:

http://www.openbsd.org/faq/faq6.html#Setup.forward

Which has a few suggestions for exactly what I wanted to do: routing
packets... out of OpenBGPD, routed(8), mrtd, zebra, and quagga, I
attempted to look up OpenBGPD and routed(8), but couldn't really get
my head around, maybe because my lack of knowledge?

Now, I have configured pf to have an extremely nat rule just to see if
that works, and it does, I were able to my my packets across the
network and stuff... although traceroute do seem a bit slow compared
to my "stock router" that I brought some time ago... but I guess my
question is, is pf all I need to get this router going? Or do I need
to look into OpenBGPD or routed(8)? This is just for a small home
network by the way, and I really just want to have more control over
what my housemates can do, nothing in the level of enterprise ISP.
If your router is simply a gateway between a LAN and the internet then pf with NAT and (presumably) some filter rules is all you need, the kernel will handle setting up your routing table without any further assistance. If you're feeling slightly adventurous you may wish to try setting up queues in pf.conf(5) too. 

If you haven't already done so, read and re-read

        http://www.openbsd.org/faq/pf/index.html

and for a working example of what you're trying to achieve:

        http://www.openbsd.org/faq/pf/example1.html
Since you mentioned its a wireless network you will need to address the issue of wireless security sooner rather than later... there are many different opinions about the "best" approach (for the record I use IPsec for my home wireless network) but a good introduction is available [PDF warning] at 

        http://www.tinker.tv/download/pf_ch4.pdf


Thanks for your time.


It was my pleasure and best wishes with your project,

Damon

Reply via email to