wpa_supplicant && ipfilter && 6.0-REL

guru at Sisis.de guru at Sisis.de
Wed May 3 13:00:39 UTC 2006 

El día Wednesday, May 03, 2006 a las 02:52:47PM +0200, Fabian Keil escribió:

> guru at Sisis.de wrote:
> 
> > I'm using ipfilter in my 6.0-REL and this is working fine, even
> > with the iwi0 interface of my W-LAN card when I'm accessing the at
> > home my access point with WEP security.
> > 
> > Now in our office we installed an AP using WPA-PSK security and
> > I bring the interface up with some script like:
> 
> > The interface iwi0 gets associated fine without any problem
> > but traffic does not go out, even for the allowed ports in
> > /etc/ipf.rules, like port 80 outbound and so on. First I thought
> > that some how the wpa_supplicant was not working fine, but when
> > I delete all ipfilter with "ipf -D" the W-LAN is working nicely.
> 
> > What could be the problem with the ipfilter?
> 
> Are you using a deny all configuration with macros containing
> the IP addresses of the interfaces and not the interfaces themself?

at work I'm using:

# reload with: ipf   -Fa -f /etc/ipf.rules
#
# No restrictions on Inside LAN Interface for private network
#
pass out quick on iwi0 all
pass in  quick on iwi0 all

#
# No restrictions on Loopback Interface
#
pass in  quick on lo0 all
pass out quick on lo0 all

> 
> If you give iwi it's IP address in rc.conf, this would
> explain why it's working with your AP at home, but not
> with different networks. 

at home I bring up the iwi0 interface not with rc.conf, but with
some shell script too:

# cat iwiUp.sh
#!/bin/sh
#

# set -x

ssid=xxxxxxxxxxxxxxxxxxxx
wepkey=0xxxxxxxxxxxxxxxxxxxxx
inet=192.168.2.3
netmask=0xffffff00

ifconfig iwi0 inet ${inet} \
         netmask ${netmask} \
         ssid ${ssid} \
         wepkey ${wepkey} \
         weptxkey 1 wepmode on

and with a more complex ipf.rules;

as you see, in both cases after boot time and the only diff is that

1. for WPA I load some modules after boot time (I'll change this on next
   boot);
2. at home it is WEP and not WPA-PSK;

Thx for the feedback anyway;

	matthias
-- 
Matthias Apitz
Manager Technical Support - OCLC PICA GmbH
Gruenwalder Weg 28g - 82041 Oberhaching - Germany
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e <m.apitz at oclcpica.org> - w http://www.oclcpica.org/

More information about the freebsd-mobile mailing list