Configure soekris as a OpenBSD wireless NAT router.

I use a Soekris device, bought mine for € 70,- with a wireless network interface. (wi0)
Besides that interface, this "machine" has two other ports; sis0 going to the modem and sis1 is not used, but any computer may be connected.

How difficult would it be to use this machine as a router using OpenBSD? Not difficult at all!

First install your Soekris with OpenBSD.

Now login and configure a few things.

# vi /etc/rc.conf.local
# Start NTP, it syncs time and requires very little maintenance.
ntpd_flags="-s"
# Start a DNS server.
named_flags=
# Clients should receive an IP-address. DHCP will only listen on sis1 and wi0, the network
# interfaces where computers will connect on. Don't start DHCP on your "modem-port".
dhcpd_flags="sis1 wi0"
# Enable Packet Filter.
pf=
# Here are the rules for PF.
pf_rules=/etc/pf.conf

Configure named, the DNS server.

# cat /var/named/etc/named.conf                                                                                      
// $OpenBSD: named-simple.conf,v 1.9 2008/08/29 11:47:49 jakob Exp $
//
// Example file for a simple named configuration, processing both
// recursive and authoritative queries using one cache.


// Update this list to include only the networks for which you want
// to execute recursive queries. The default setting allows all hosts
// on any IPv4 networks for which the system has an interface, and
// the IPv6 localhost address.
//
acl clients {
        localnets;
        ::1;
};

options {
        version "";     // remove this to allow version queries

        listen-on    { any; };
        listen-on-v6 { any; };

        empty-zones-enable yes;

        allow-recursion { clients; };
};

logging {
        category lame-servers { null; };
};

// Standard zones
//
zone "." {
        type hint;
        file "etc/root.hint";
};

zone "localhost" {
        type master;
        file "standard/localhost";
        allow-transfer { localhost; };
};

zone "127.in-addr.arpa" {
        type master;
        file "standard/loopback";
        allow-transfer { localhost; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
        type master;
        file "standard/loopback6.arpa";
        allow-transfer { localhost; };
};

zone "lan.meinit.nl" {
        type master;
        file "master/lan.meinit.nl";
};

zone "wifi.meinit.nl" {
        type master;
        file "master/wifi.meinit.nl";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "master/1.168.192.in-addr.arpa";
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "master/2.168.192.in-addr.arpa";
};

Now add all zones.

# cat lan.meinit.nl                                                                                                            
$ORIGIN lan.meinit.nl.
$TTL 6h

@       IN      SOA     lan.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.lan.meinit.nl.
soekris                 A       192.168.1.1
32                      A       192.168.1.32
33                      A       192.168.1.33
34                      A       192.168.1.34
35                      A       192.168.1.35
36                      A       192.168.1.36
37                      A       192.168.1.37
38                      A       192.168.1.38
39                      A       192.168.1.39
40                      A       192.168.1.40
41                      A       192.168.1.41
42                      A       192.168.1.42
43                      A       192.168.1.43
44                      A       192.168.1.44
45                      A       192.168.1.45
46                      A       192.168.1.46
47                      A       192.168.1.47
48                      A       192.168.1.48
49                      A       192.168.1.49
50                      A       192.168.1.50
51                      A       192.168.1.51
52                      A       192.168.1.52
53                      A       192.168.1.53
54                      A       192.168.1.54
55                      A       192.168.1.55
56                      A       192.168.1.56
57                      A       192.168.1.57
58                      A       192.168.1.58
59                      A       192.168.1.59
60                      A       192.168.1.60
61                      A       192.168.1.61
62                      A       192.168.1.62
63                      A       192.168.1.63
64                      A       192.168.1.64
65                      A       192.168.1.65
66                      A       192.168.1.66
67                      A       192.168.1.67
68                      A       192.168.1.68
69                      A       192.168.1.69
70                      A       192.168.1.70
71                      A       192.168.1.71
72                      A       192.168.1.72
73                      A       192.168.1.73
74                      A       192.168.1.74
75                      A       192.168.1.75
76                      A       192.168.1.76
77                      A       192.168.1.77
78                      A       192.168.1.78
79                      A       192.168.1.79
80                      A       192.168.1.80
81                      A       192.168.1.81
82                      A       192.168.1.82
83                      A       192.168.1.83
84                      A       192.168.1.84
85                      A       192.168.1.85
86                      A       192.168.1.86
87                      A       192.168.1.87
88                      A       192.168.1.88
89                      A       192.168.1.89
90                      A       192.168.1.90
91                      A       192.168.1.91
92                      A       192.168.1.92
93                      A       192.168.1.93
94                      A       192.168.1.94
95                      A       192.168.1.95
96                      A       192.168.1.96
97                      A       192.168.1.97
98                      A       192.168.1.98
99                      A       192.168.1.99
100                     A       192.168.1.100
101                     A       192.168.1.101
102                     A       192.168.1.102
103                     A       192.168.1.103
104                     A       192.168.1.104
105                     A       192.168.1.105
106                     A       192.168.1.106
107                     A       192.168.1.107
108                     A       192.168.1.108
109                     A       192.168.1.109
110                     A       192.168.1.110
111                     A       192.168.1.111
112                     A       192.168.1.112
113                     A       192.168.1.113
114                     A       192.168.1.114
115                     A       192.168.1.115
116                     A       192.168.1.116
117                     A       192.168.1.117
118                     A       192.168.1.118
119                     A       192.168.1.119
120                     A       192.168.1.120
121                     A       192.168.1.121
122                     A       192.168.1.122
123                     A       192.168.1.123
124                     A       192.168.1.124
125                     A       192.168.1.125
126                     A       192.168.1.126
127                     A       192.168.1.127

# cat wifi.meinit.nl                                                                                                           
$ORIGIN wifi.meinit.nl.
$TTL 6h

@       IN      SOA     wifi.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.wifi.meinit.nl.
soekris                 A       192.168.2.1
32                      A       192.168.2.32
33                      A       192.168.2.33
34                      A       192.168.2.34
35                      A       192.168.2.35
36                      A       192.168.2.36
37                      A       192.168.2.37
38                      A       192.168.2.38
39                      A       192.168.2.39
40                      A       192.168.2.40
41                      A       192.168.2.41
42                      A       192.168.2.42
43                      A       192.168.2.43
44                      A       192.168.2.44
45                      A       192.168.2.45
46                      A       192.168.2.46
47                      A       192.168.2.47
48                      A       192.168.2.48
49                      A       192.168.2.49
50                      A       192.168.2.50
51                      A       192.168.2.51
52                      A       192.168.2.52
53                      A       192.168.2.53
54                      A       192.168.2.54
55                      A       192.168.2.55
56                      A       192.168.2.56
57                      A       192.168.2.57
58                      A       192.168.2.58
59                      A       192.168.2.59
60                      A       192.168.2.60
61                      A       192.168.2.61
62                      A       192.168.2.62
63                      A       192.168.2.63
64                      A       192.168.2.64
65                      A       192.168.2.65
66                      A       192.168.2.66
67                      A       192.168.2.67
68                      A       192.168.2.68
69                      A       192.168.2.69
70                      A       192.168.2.70
71                      A       192.168.2.71
72                      A       192.168.2.72
73                      A       192.168.2.73
74                      A       192.168.2.74
75                      A       192.168.2.75
76                      A       192.168.2.76
77                      A       192.168.2.77
78                      A       192.168.2.78
79                      A       192.168.2.79
80                      A       192.168.2.80
81                      A       192.168.2.81
82                      A       192.168.2.82
83                      A       192.168.2.83
84                      A       192.168.2.84
85                      A       192.168.2.85
86                      A       192.168.2.86
87                      A       192.168.2.87
88                      A       192.168.2.88
89                      A       192.168.2.89
90                      A       192.168.2.90
91                      A       192.168.2.91
92                      A       192.168.2.92
93                      A       192.168.2.93
94                      A       192.168.2.94
95                      A       192.168.2.95
96                      A       192.168.2.96
97                      A       192.168.2.97
98                      A       192.168.2.98
99                      A       192.168.2.99
100                     A       192.168.2.100
101                     A       192.168.2.101
102                     A       192.168.2.102
103                     A       192.168.2.103
104                     A       192.168.2.104
105                     A       192.168.2.105
106                     A       192.168.2.106
107                     A       192.168.2.107
108                     A       192.168.2.108
109                     A       192.168.2.109
110                     A       192.168.2.110
111                     A       192.168.2.111
112                     A       192.168.2.112
113                     A       192.168.2.113
114                     A       192.168.2.114
115                     A       192.168.2.115
116                     A       192.168.2.116
117                     A       192.168.2.117
118                     A       192.168.2.118
119                     A       192.168.2.119
120                     A       192.168.2.120
121                     A       192.168.2.121
122                     A       192.168.2.122
123                     A       192.168.2.123
124                     A       192.168.2.124
125                     A       192.168.2.125
126                     A       192.168.2.126
127                     A       192.168.2.127

# cat 1.168.192.in-addr.arpa                                                                                                   
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 6h

@       IN      SOA     lan.home.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.lan.meinit.nl.
1                       PTR     soekris.lan.meinit.nl.
$GENERATE       32-127  $       PTR     $.lan.meinit.nl.

# cat 2.168.192.in-addr.arpa                                                                                                   
$ORIGIN 2.168.192.in-addr.arpa.
$TTL 6h

@       IN      SOA     wifi.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.home.meinit.nl.
1                       PTR     soekris.wifi.meinit.nl.
$GENERATE       32-127  $       PTR     $.wifi.meinit.nl.

And setup the DHCP server.

# cat /etc/dhcpd.conf                                                                                                          
subnet 192.168.1.0 netmask 255.255.255.0 {
        option domain-name "lan.meinit.nl";
        option domain-name-servers 192.168.1.1;
        option routers 192.168.1.1;
        range 192.168.1.32 192.168.1.127;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
        option domain-name "wifi.meinit.nl";
        option domain-name-servers 192.168.2.1;
        option routers 192.168.2.1;
        range 192.168.2.32 192.168.2.127;
}

Finally configure your PF in /etc/pf.conf:

# wan is the interface to which the modem is connected.
wan = sis0
# This is an extra interface, not in use right now, but you could connect a cable.
lan = sis1
# This is the (Prism 2) wireless network card. Clients will connect to this interface mostly.
wifi = wi0

scrub in all

nat on $wan from !($wan) to any -> ($wan)

Now beter reboot to activate all changes. (Sure you could start every daemon by hand...)