Configure soekris as a OpenBSD wireless NAT router.

I use a Soekris device, bought mine for € 70,- with a wireless network interface. (wi0)
Besides that interface, this "machine" has two other ports; sis0 going to the modem and sis1 is not used, but any computer may be connected.

How difficult would it be to use this machine as a router using OpenBSD? Not difficult at all!

First install your Soekris with OpenBSD.

Now login and configure a few things.

# vi /etc/rc.conf.local
# Start NTP, it syncs time and requires very little maintenance.
ntpd_flags="-s"
# Start a DNS server.
named_flags=
# Clients should receive an IP-address. DHCP will only listen on sis1 and wi0, the network
# interfaces where computers will connect on. Don't start DHCP on your "modem-port".
dhcpd_flags="sis1 wi0"
# Enable Packet Filter.
pf=
# Here are the rules for PF.
pf_rules=/etc/pf.conf

Configure named, the DNS server.

# cat /var/named/etc/named.conf                                                                                      
// $OpenBSD: named-simple.conf,v 1.9 2008/08/29 11:47:49 jakob Exp $
//
// Example file for a simple named configuration, processing both
// recursive and authoritative queries using one cache.


// Update this list to include only the networks for which you want
// to execute recursive queries. The default setting allows all hosts
// on any IPv4 networks for which the system has an interface, and
// the IPv6 localhost address.
//
acl clients {
        localnets;
        ::1;
};

options {
        version "";     // remove this to allow version queries

        listen-on    { any; };
        listen-on-v6 { any; };

        empty-zones-enable yes;

        allow-recursion { clients; };
};

logging {
        category lame-servers { null; };
};

// Standard zones
//
zone "." {
        type hint;
        file "etc/root.hint";
};

zone "localhost" {
        type master;
        file "standard/localhost";
        allow-transfer { localhost; };
};

zone "127.in-addr.arpa" {
        type master;
        file "standard/loopback";
        allow-transfer { localhost; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
        type master;
        file "standard/loopback6.arpa";
        allow-transfer { localhost; };
};

zone "lan.meinit.nl" {
        type master;
        file "master/lan.meinit.nl";
};

zone "wifi.meinit.nl" {
        type master;
        file "master/wifi.meinit.nl";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        file "master/1.168.192.in-addr.arpa";
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "master/2.168.192.in-addr.arpa";
};

Now add all zones.

# cat lan.meinit.nl                                                                                                            
$ORIGIN lan.meinit.nl.
$TTL 6h

@       IN      SOA     lan.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.lan.meinit.nl.
soekris                 A       192.168.1.1
32                      A       192.168.1.32
33                      A       192.168.1.33
34                      A       192.168.1.34
35                      A       192.168.1.35
36                      A       192.168.1.36
37                      A       192.168.1.37
38                      A       192.168.1.38
39                      A       192.168.1.39
40                      A       192.168.1.40
41                      A       192.168.1.41
42                      A       192.168.1.42
43                      A       192.168.1.43
44                      A       192.168.1.44
45                      A       192.168.1.45
46                      A       192.168.1.46
47                      A       192.168.1.47
48                      A       192.168.1.48
49                      A       192.168.1.49
50                      A       192.168.1.50
51                      A       192.168.1.51
52                      A       192.168.1.52
53                      A       192.168.1.53
54                      A       192.168.1.54
55                      A       192.168.1.55
56                      A       192.168.1.56
57                      A       192.168.1.57
58                      A       192.168.1.58
59                      A       192.168.1.59
60                      A       192.168.1.60
61                      A       192.168.1.61
62                      A       192.168.1.62
63                      A       192.168.1.63
64                      A       192.168.1.64
65                      A       192.168.1.65
66                      A       192.168.1.66
67                      A       192.168.1.67
68                      A       192.168.1.68
69                      A       192.168.1.69
70                      A       192.168.1.70
71                      A       192.168.1.71
72                      A       192.168.1.72
73                      A       192.168.1.73
74                      A       192.168.1.74
75                      A       192.168.1.75
76                      A       192.168.1.76
77                      A       192.168.1.77
78                      A       192.168.1.78
79                      A       192.168.1.79
80                      A       192.168.1.80
81                      A       192.168.1.81
82                      A       192.168.1.82
83                      A       192.168.1.83
84                      A       192.168.1.84
85                      A       192.168.1.85
86                      A       192.168.1.86
87                      A       192.168.1.87
88                      A       192.168.1.88
89                      A       192.168.1.89
90                      A       192.168.1.90
91                      A       192.168.1.91
92                      A       192.168.1.92
93                      A       192.168.1.93
94                      A       192.168.1.94
95                      A       192.168.1.95
96                      A       192.168.1.96
97                      A       192.168.1.97
98                      A       192.168.1.98
99                      A       192.168.1.99
100                     A       192.168.1.100
101                     A       192.168.1.101
102                     A       192.168.1.102
103                     A       192.168.1.103
104                     A       192.168.1.104
105                     A       192.168.1.105
106                     A       192.168.1.106
107                     A       192.168.1.107
108                     A       192.168.1.108
109                     A       192.168.1.109
110                     A       192.168.1.110
111                     A       192.168.1.111
112                     A       192.168.1.112
113                     A       192.168.1.113
114                     A       192.168.1.114
115                     A       192.168.1.115
116                     A       192.168.1.116
117                     A       192.168.1.117
118                     A       192.168.1.118
119                     A       192.168.1.119
120                     A       192.168.1.120
121                     A       192.168.1.121
122                     A       192.168.1.122
123                     A       192.168.1.123
124                     A       192.168.1.124
125                     A       192.168.1.125
126                     A       192.168.1.126
127                     A       192.168.1.127

# cat wifi.meinit.nl                                                                                                           
$ORIGIN wifi.meinit.nl.
$TTL 6h

@       IN      SOA     wifi.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.wifi.meinit.nl.
soekris                 A       192.168.2.1
32                      A       192.168.2.32
33                      A       192.168.2.33
34                      A       192.168.2.34
35                      A       192.168.2.35
36                      A       192.168.2.36
37                      A       192.168.2.37
38                      A       192.168.2.38
39                      A       192.168.2.39
40                      A       192.168.2.40
41                      A       192.168.2.41
42                      A       192.168.2.42
43                      A       192.168.2.43
44                      A       192.168.2.44
45                      A       192.168.2.45
46                      A       192.168.2.46
47                      A       192.168.2.47
48                      A       192.168.2.48
49                      A       192.168.2.49
50                      A       192.168.2.50
51                      A       192.168.2.51
52                      A       192.168.2.52
53                      A       192.168.2.53
54                      A       192.168.2.54
55                      A       192.168.2.55
56                      A       192.168.2.56
57                      A       192.168.2.57
58                      A       192.168.2.58
59                      A       192.168.2.59
60                      A       192.168.2.60
61                      A       192.168.2.61
62                      A       192.168.2.62
63                      A       192.168.2.63
64                      A       192.168.2.64
65                      A       192.168.2.65
66                      A       192.168.2.66
67                      A       192.168.2.67
68                      A       192.168.2.68
69                      A       192.168.2.69
70                      A       192.168.2.70
71                      A       192.168.2.71
72                      A       192.168.2.72
73                      A       192.168.2.73
74                      A       192.168.2.74
75                      A       192.168.2.75
76                      A       192.168.2.76
77                      A       192.168.2.77
78                      A       192.168.2.78
79                      A       192.168.2.79
80                      A       192.168.2.80
81                      A       192.168.2.81
82                      A       192.168.2.82
83                      A       192.168.2.83
84                      A       192.168.2.84
85                      A       192.168.2.85
86                      A       192.168.2.86
87                      A       192.168.2.87
88                      A       192.168.2.88
89                      A       192.168.2.89
90                      A       192.168.2.90
91                      A       192.168.2.91
92                      A       192.168.2.92
93                      A       192.168.2.93
94                      A       192.168.2.94
95                      A       192.168.2.95
96                      A       192.168.2.96
97                      A       192.168.2.97
98                      A       192.168.2.98
99                      A       192.168.2.99
100                     A       192.168.2.100
101                     A       192.168.2.101
102                     A       192.168.2.102
103                     A       192.168.2.103
104                     A       192.168.2.104
105                     A       192.168.2.105
106                     A       192.168.2.106
107                     A       192.168.2.107
108                     A       192.168.2.108
109                     A       192.168.2.109
110                     A       192.168.2.110
111                     A       192.168.2.111
112                     A       192.168.2.112
113                     A       192.168.2.113
114                     A       192.168.2.114
115                     A       192.168.2.115
116                     A       192.168.2.116
117                     A       192.168.2.117
118                     A       192.168.2.118
119                     A       192.168.2.119
120                     A       192.168.2.120
121                     A       192.168.2.121
122                     A       192.168.2.122
123                     A       192.168.2.123
124                     A       192.168.2.124
125                     A       192.168.2.125
126                     A       192.168.2.126
127                     A       192.168.2.127

# cat 1.168.192.in-addr.arpa                                                                                                   
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 6h

@       IN      SOA     lan.home.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.lan.meinit.nl.
1                       PTR     soekris.lan.meinit.nl.
$GENERATE       32-127  $       PTR     $.lan.meinit.nl.

# cat 2.168.192.in-addr.arpa                                                                                                   
$ORIGIN 2.168.192.in-addr.arpa.
$TTL 6h

@       IN      SOA     wifi.meinit.nl. root.meinit.nl. (
                        1       ; serial
                        1h      ; refresh
                        30m     ; retry
                        7d      ; expiration
                        1h )    ; minimum

                        NS      soekris.home.meinit.nl.
1                       PTR     soekris.wifi.meinit.nl.
$GENERATE       32-127  $       PTR     $.wifi.meinit.nl.

And setup the DHCP server.

# cat /etc/dhcpd.conf                                                                                                          
subnet 192.168.1.0 netmask 255.255.255.0 {
        option domain-name "lan.meinit.nl";
        option domain-name-servers 192.168.1.1;
        option routers 192.168.1.1;
        range 192.168.1.32 192.168.1.127;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
        option domain-name "wifi.meinit.nl";
        option domain-name-servers 192.168.2.1;
        option routers 192.168.2.1;
        range 192.168.2.32 192.168.2.127;
}

Finally configure your PF in /etc/pf.conf:

# wan is the interface to which the modem is connected.
wan = sis0
# This is an extra interface, not in use right now, but you could connect a cable.
lan = sis1
# This is the (Prism 2) wireless network card. Clients will connect to this interface mostly.
wifi = wi0

scrub in all

nat on $wan from !($wan) to any -> ($wan)

Now beter reboot to activate all changes. (Sure you could start every daemon by hand...)

About Consultancy Articles Contact




References Red Hat Certified Architect By Robert de Bock Robert de Bock
Curriculum Vitae By Fred Clausen +31 6 14 39 58 72
By Nelson Manning [email protected]