Re: Firewall with 3 NIC (1 wireless) problem
Mark Moellering wrote: I am attempting to add a wireless capabilities to an existing network / firewall structure. I added a wireless NIC card to the firewall (Netgear WPN311) and followed the wireless instructions. I also added a similar card to an existing computer (Netgear WG311T). The Firewall's internal wired network is on 192.168.1.1 and the Wireless card is set to 192.168.2.1 The client computer can find the wireless network and I can ping the wireless card (192.168.2.1) However, I can get nowhere else. I cannot get to the wired subnet nor outside access to the internet. I tried adding a bridge from the wired to the wireless network interfaces but that did nothing. I tried putting the wireless Nic to 192.168.1.249 but that made things worse. Any help would be greatly appreciated. Both client and firewall are running Freebsd 6.1 Relevant (that I can think of) files from the firewall are included... The bridge is not necessary. If you're trying to make all the traffic traverse the wireless network, you'll have to change the default gateway on the client. Otherwise the traffic will traverse bge0 as indicated in the client routing table. Otherwise, I would examine the firewall. Change it to allow all traffic and see if that makes a difference. Verify that your nat configuration is correct. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall with 3 NIC (1 wireless) problem
Dennis, Thanks so much for your help. Here is the ifconfig -v and netstat (a variety) from both the client and firewall. Both the client and the firewall have an ath0 (192.168.2.1 for firewall, 192.168.2.5 for the client) and a bge0 (192.168.1.1 for firewall, 192.168.1.2 for client). After booting the client, I disconnect the ethernet cable on the bge0 interface to force traffic over the wireless ath0. I am by no means a professional, I may have missed something or be doing something fairly obviously wrong. Thanks Again, Mark Moellering On Thursday 25 May 2006 12:17 am, Dennis Olvany wrote: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=bge0, ath0 Let's have a look at ifconfig and netstat -r. Whats with this bridge? Think you'd be better off without it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Script started on Thu May 25 22:19:06 2006 AlphaOne# ifconfig -v bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet6 fe80::209:5bff:fe20:aa23%bge0 prefixlen 64 scopeid 0x1 inet 192.168.1.2 netmask 0xff00 broadcast 192.168.1.255 ether 00:09:5b:20:aa:23 media: Ethernet autoselect (none) status: no carrier ath0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::214:6cff:fe2c:a8c0%ath0 prefixlen 64 scopeid 0x2 inet 192.168.2.5 netmask 0xff00 broadcast 192.168.2.255 ether 00:14:6c:2c:a8:c0 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/24Mbps) status: associated ssid psyberation channel 1 (2412) bssid 00:0f:b5:8a:77:44 authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpowmax 37 txpower 63 rtsthreshold 2346 mcastrate 1 fragthreshold 2346 -pureg protmode CTS -wme burst roaming MANUAL bintval 100 -countermeasures plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 AlphaOne# exit exit Script done on Thu May 25 22:19:37 2006 Script started on Thu May 25 22:20:31 2006 AlphaOne# netstat Active UNIX domain sockets Address Type Recv-Q Send-QInode Conn Refs Nextref Addr c3e912bc stream 0 00 c3db97a800 /tmp/ksocket-Mark/kontactHOPVSF.slave-socket c3db97a8 stream 0 00 c3e912bc00 c3db9dac stream 0 00 c3db9c0800 /tmp/ksocket-Mark/kontactpn6RzM.slave-socket c3db9c08 stream 0 00 c3db9dac00 c3d2d7a8 stream 0 00 c3db9c9400 /tmp/.ICE-unix/dcop625-1148609162 c3db9c94 stream 0 00 c3d2d7a800 c3d2d834 stream 0 00 c3db9e3800 /tmp/.ICE-unix/646 c3db9e38 stream 0 00 c3d2d83400 c3db9af0 stream 0 00 c3db983400 /tmp/.X11-unix/X0 c3db9834 stream 0 00 c3db9af000 c3db9604 stream 0 00 c3db969000 /tmp/ksocket-Mark/klaunchersC8lmq.slave-socket c3db9690 stream 0 00 c3db960400 c3db98c0 stream 0 00 c3db994c00 /tmp/fam-Mark/fam- c3db994c stream 0 00 c3db98c000 c3e91348 stream 0 00 c3e913d400 /tmp/.ICE-unix/dcop625-1148609162 c3e913d4 stream 0 00 c3e9134800 c3e91460 stream 0 00 c3e914ec00 /tmp/.ICE-unix/dcop625-1148609162 c3e914ec stream 0 00 c3e9146000 c3e91578 stream 0 00 c3e9160400 /tmp/.ICE-unix/dcop625-1148609162 c3e91604 stream 0 00 c3e9157800 c3e91690 stream 0 00 c3e9171c00 /tmp/.ICE-unix/dcop625-1148609162 c3e9171c stream 0 00 c3e9169000 c3db9230 stream 0 00 c3db92bc00 /tmp/.ICE-unix/dcop625-1148609162 c3db92bc stream 0 00 c3db923000 c3d2dd20 stream 0 00 c3d2dc0800 /tmp/.ICE-unix/dcop625-1148609162 c3d2dc08 stream 0 00 c3d2dd2000 c3d2ddac stream 0 00 c3d2d71c00 /tmp/.ICE-unix/646 c3d2d71c stream 0 00 c3d2ddac00 c368dc94 stream 0 00 c368dc0800
RE: Firewall with 3 NIC (1 wireless) problem
This may be a wild shot in the dark. Netgear WPN311 WG311T are both CLIENT RangeMax Wireless PCI Adapter cards. Looks to me like you are missing hardware needed to make your wanted wireless network to work. On your wired LAN you cable a Nic card in your gateway box to a hub/router/switch through which all other PC's on the LAN are connected into. A wireless system works much the same way. Your gateway box should have a Nic cabled to an wireless base/router through which all other PC's on the wireless LAN broadcast/communicate with. You need a Netgear RangeMax Wireless Router WPN824 which is a stand-a-lone piece of equipment cabled to your gateway box. The Netgear WPN311 card you have in the gateway box is useless. Use it for some other PC you want on your wireless LAN. Please take note that the built in hardware wireless wep/wpa encryption security is a laugh. Any body with some free software off the internet can drive down your street and pick up your wireless base broadcast and gain access to your network and the public internet through you if you only rely on wep/wpa encryption for access security. There are many solutions out there. Review the questions list archives on wireless security for many suggestion on how to protect your wireless network. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Moellering Sent: Wednesday, May 24, 2006 10:33 AM To: freebsd-questions@freebsd.org Subject: Firewall with 3 NIC (1 wireless) problem I am attempting to add a wireless capabilities to an existing network / firewall structure. I added a wireless NIC card to the firewall (Netgear WPN311) and followed the wireless instructions. I also added a similar card to an existing computer (Netgear WG311T). The Firewall's internal wired network is on 192.168.1.1 and the Wireless card is set to 192.168.2.1 The client computer can find the wireless network and I can ping the wireless card (192.168.2.1) However, I can get nowhere else. I cannot get to the wired subnet nor outside access to the internet. I tried adding a bridge from the wired to the wireless network interfaces but that did nothing. I tried putting the wireless Nic to 192.168.1.249 but that made things worse. Any help would be greatly appreciated. Both client and firewall are running Freebsd 6.1 Relevant (that I can think of) files from the firewall are included... Thanks in Advance. Mark ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall with 3 NIC (1 wireless) problem
net.link.ether.bridge.enable=1 net.link.ether.bridge.config=bge0, ath0 Let's have a look at ifconfig and netstat -r. Whats with this bridge? Think you'd be better off without it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]