My home network config (for now)
I configured one of my old desktop as a home router with OpenBSD 4.4 installed. It still needs more polishing but roughly this is what I have,
1) Wired LAN with static IP addresses connected to my router-desktop's rl0 interface thru a switch with a 10.10.10.0/24 network address.
2) Wireless LAN interface with DHCP'd addresses coughed up by a USB rum0 interface with a 172.168.255.0/24 network address
3) Gateway interface (vr0) connected to my ADSL router, acquires IP thru DHCP. The ADSL router's IP adress is 192.168.1.1 sitting on a 192.168.1.0/24 network.
What I wanted to do with my setup was to simply allow all my LAN (wired/wireless) devices to say "hello world" to the internet using my ADSL router. To do this, I needed a way to do NAT (pf is an obvious choice for doing this) and also, I needed a way for my LAN to get send and receive DNS packets. For the DNS thingie, I opted to use dnsmasq because I think it is the easiest to configure.
1) Wired LAN with static IP addresses connected to my router-desktop's rl0 interface thru a switch with a 10.10.10.0/24 network address.
2) Wireless LAN interface with DHCP'd addresses coughed up by a USB rum0 interface with a 172.168.255.0/24 network address
3) Gateway interface (vr0) connected to my ADSL router, acquires IP thru DHCP. The ADSL router's IP adress is 192.168.1.1 sitting on a 192.168.1.0/24 network.
What I wanted to do with my setup was to simply allow all my LAN (wired/wireless) devices to say "hello world" to the internet using my ADSL router. To do this, I needed a way to do NAT (pf is an obvious choice for doing this) and also, I needed a way for my LAN to get send and receive DNS packets. For the DNS thingie, I opted to use dnsmasq because I think it is the easiest to configure.
here's my pf.conf
LAN_IF="rl0"
WLAN_IF="rum0"
EXT_IF="vr0"
TRANS_PROTO="{tcp, udp, icmp}"
tableconst {10.10.10.0/24, 172.168.255.0/24}
scrub in all
no nat on $EXT_IF proto $TRANS_PROTO fromto
nat on $EXT_IF proto $TRANS_PROTO fromto any -> ($EXT_IF)
block log all
pass quick log on lo0
pass out quick log on $LAN_IF inet proto udp from ($LAN_IF) port 53 to any \
port 53 keep state
pass out quick log on $WLAN_IF inet proto udp from ($WLAN_IF) port 53 to any \
port 53 keep state
pass in quick log on $LAN_IF inet proto $TRANS_PROTO fromto any
pass out quick log on $LAN_IF inet proto $TRANS_PROTO from any tokeep state
pass in quick log on $WLAN_IF inet proto $TRANS_PROTO fromto any
pass out quick log on $WLAN_IF inet proto $TRANS_PROTO from any tokeep state
pass out quick log on $EXT_IF inet proto $TRANS_PROTO all keep state
And, here's my dnsmasq.conf (actually, it contains more than that but they were commented out, I'm just showing the parts that I uncommented for brevity's sake)
interface=rl0
interface=rum0
except-interface=vr0
no-dhcp-interface=rl0
no-dhcp-interface=rum0
So basically that's it. With this setup, I can connect to the Internet from inside my LANs. Although, I still run dnsmasq manually. I still haven't figured out how to run it on bootup.
If by some freak of nature somebody else other than myself happen to read this post - I'm refering to YOU, obviously - and found something wrong with the setup, most specially the pf configuration. Please, by all means, feel free to comment on it. Because at this moment, I'm having my beer and I'm too tired to check my configurations again.
If by some freak of nature somebody else other than myself happen to read this post - I'm refering to YOU, obviously - and found something wrong with the setup, most specially the pf configuration. Please, by all means, feel free to comment on it. Because at this moment, I'm having my beer and I'm too tired to check my configurations again.
No comments:
Post a Comment