Besides that interface, this "machine" has two other ports; sis0 going to the modem and sis1 is not used, but any computer may be connected.
How difficult would it be to use this machine as a router using OpenBSD? Not difficult at all!
First install your Soekris with OpenBSD.
Now login and configure a few things.# vi /etc/rc.conf.local
# Start NTP, it syncs time and requires very little maintenance.
ntpd_flags="-s"
# Start a DNS server.
named_flags=
# Clients should receive an IP-address. DHCP will only listen on sis1 and wi0, the network
# interfaces where computers will connect on. Don't start DHCP on your "modem-port".
dhcpd_flags="sis1 wi0"
# Enable Packet Filter.
pf=
# Here are the rules for PF.
pf_rules=/etc/pf.conf
Configure named, the DNS server.
# cat /var/named/etc/named.conf// $OpenBSD: named-simple.conf,v 1.9 2008/08/29 11:47:49 jakob Exp $
//
// Example file for a simple named configuration, processing both
// recursive and authoritative queries using one cache.
// Update this list to include only the networks for which you want
// to execute recursive queries. The default setting allows all hosts
// on any IPv4 networks for which the system has an interface, and
// the IPv6 localhost address.
//
acl clients {
localnets;
::1;
};
options {
version ""; // remove this to allow version queries
listen-on { any; };
listen-on-v6 { any; };
empty-zones-enable yes;
allow-recursion { clients; };
};
logging {
category lame-servers { null; };
};
// Standard zones
//
zone "." {
type hint;
file "etc/root.hint";
};
zone "localhost" {
type master;
file "standard/localhost";
allow-transfer { localhost; };
};
zone "127.in-addr.arpa" {
type master;
file "standard/loopback";
allow-transfer { localhost; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
type master;
file "standard/loopback6.arpa";
allow-transfer { localhost; };
};
zone "lan.meinit.nl" {
type master;
file "master/lan.meinit.nl";
};
zone "wifi.meinit.nl" {
type master;
file "master/wifi.meinit.nl";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "master/1.168.192.in-addr.arpa";
};
zone "2.168.192.in-addr.arpa" {
type master;
file "master/2.168.192.in-addr.arpa";
};
Now add all zones.
# cat lan.meinit.nl$ORIGIN lan.meinit.nl.
$TTL 6h
@ IN SOA lan.meinit.nl. root.meinit.nl. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS soekris.lan.meinit.nl.
soekris A 192.168.1.1
32 A 192.168.1.32
33 A 192.168.1.33
34 A 192.168.1.34
35 A 192.168.1.35
36 A 192.168.1.36
37 A 192.168.1.37
38 A 192.168.1.38
39 A 192.168.1.39
40 A 192.168.1.40
41 A 192.168.1.41
42 A 192.168.1.42
43 A 192.168.1.43
44 A 192.168.1.44
45 A 192.168.1.45
46 A 192.168.1.46
47 A 192.168.1.47
48 A 192.168.1.48
49 A 192.168.1.49
50 A 192.168.1.50
51 A 192.168.1.51
52 A 192.168.1.52
53 A 192.168.1.53
54 A 192.168.1.54
55 A 192.168.1.55
56 A 192.168.1.56
57 A 192.168.1.57
58 A 192.168.1.58
59 A 192.168.1.59
60 A 192.168.1.60
61 A 192.168.1.61
62 A 192.168.1.62
63 A 192.168.1.63
64 A 192.168.1.64
65 A 192.168.1.65
66 A 192.168.1.66
67 A 192.168.1.67
68 A 192.168.1.68
69 A 192.168.1.69
70 A 192.168.1.70
71 A 192.168.1.71
72 A 192.168.1.72
73 A 192.168.1.73
74 A 192.168.1.74
75 A 192.168.1.75
76 A 192.168.1.76
77 A 192.168.1.77
78 A 192.168.1.78
79 A 192.168.1.79
80 A 192.168.1.80
81 A 192.168.1.81
82 A 192.168.1.82
83 A 192.168.1.83
84 A 192.168.1.84
85 A 192.168.1.85
86 A 192.168.1.86
87 A 192.168.1.87
88 A 192.168.1.88
89 A 192.168.1.89
90 A 192.168.1.90
91 A 192.168.1.91
92 A 192.168.1.92
93 A 192.168.1.93
94 A 192.168.1.94
95 A 192.168.1.95
96 A 192.168.1.96
97 A 192.168.1.97
98 A 192.168.1.98
99 A 192.168.1.99
100 A 192.168.1.100
101 A 192.168.1.101
102 A 192.168.1.102
103 A 192.168.1.103
104 A 192.168.1.104
105 A 192.168.1.105
106 A 192.168.1.106
107 A 192.168.1.107
108 A 192.168.1.108
109 A 192.168.1.109
110 A 192.168.1.110
111 A 192.168.1.111
112 A 192.168.1.112
113 A 192.168.1.113
114 A 192.168.1.114
115 A 192.168.1.115
116 A 192.168.1.116
117 A 192.168.1.117
118 A 192.168.1.118
119 A 192.168.1.119
120 A 192.168.1.120
121 A 192.168.1.121
122 A 192.168.1.122
123 A 192.168.1.123
124 A 192.168.1.124
125 A 192.168.1.125
126 A 192.168.1.126
127 A 192.168.1.127
# cat wifi.meinit.nl
$ORIGIN wifi.meinit.nl.
$TTL 6h
@ IN SOA wifi.meinit.nl. root.meinit.nl. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS soekris.wifi.meinit.nl.
soekris A 192.168.2.1
32 A 192.168.2.32
33 A 192.168.2.33
34 A 192.168.2.34
35 A 192.168.2.35
36 A 192.168.2.36
37 A 192.168.2.37
38 A 192.168.2.38
39 A 192.168.2.39
40 A 192.168.2.40
41 A 192.168.2.41
42 A 192.168.2.42
43 A 192.168.2.43
44 A 192.168.2.44
45 A 192.168.2.45
46 A 192.168.2.46
47 A 192.168.2.47
48 A 192.168.2.48
49 A 192.168.2.49
50 A 192.168.2.50
51 A 192.168.2.51
52 A 192.168.2.52
53 A 192.168.2.53
54 A 192.168.2.54
55 A 192.168.2.55
56 A 192.168.2.56
57 A 192.168.2.57
58 A 192.168.2.58
59 A 192.168.2.59
60 A 192.168.2.60
61 A 192.168.2.61
62 A 192.168.2.62
63 A 192.168.2.63
64 A 192.168.2.64
65 A 192.168.2.65
66 A 192.168.2.66
67 A 192.168.2.67
68 A 192.168.2.68
69 A 192.168.2.69
70 A 192.168.2.70
71 A 192.168.2.71
72 A 192.168.2.72
73 A 192.168.2.73
74 A 192.168.2.74
75 A 192.168.2.75
76 A 192.168.2.76
77 A 192.168.2.77
78 A 192.168.2.78
79 A 192.168.2.79
80 A 192.168.2.80
81 A 192.168.2.81
82 A 192.168.2.82
83 A 192.168.2.83
84 A 192.168.2.84
85 A 192.168.2.85
86 A 192.168.2.86
87 A 192.168.2.87
88 A 192.168.2.88
89 A 192.168.2.89
90 A 192.168.2.90
91 A 192.168.2.91
92 A 192.168.2.92
93 A 192.168.2.93
94 A 192.168.2.94
95 A 192.168.2.95
96 A 192.168.2.96
97 A 192.168.2.97
98 A 192.168.2.98
99 A 192.168.2.99
100 A 192.168.2.100
101 A 192.168.2.101
102 A 192.168.2.102
103 A 192.168.2.103
104 A 192.168.2.104
105 A 192.168.2.105
106 A 192.168.2.106
107 A 192.168.2.107
108 A 192.168.2.108
109 A 192.168.2.109
110 A 192.168.2.110
111 A 192.168.2.111
112 A 192.168.2.112
113 A 192.168.2.113
114 A 192.168.2.114
115 A 192.168.2.115
116 A 192.168.2.116
117 A 192.168.2.117
118 A 192.168.2.118
119 A 192.168.2.119
120 A 192.168.2.120
121 A 192.168.2.121
122 A 192.168.2.122
123 A 192.168.2.123
124 A 192.168.2.124
125 A 192.168.2.125
126 A 192.168.2.126
127 A 192.168.2.127
# cat 1.168.192.inaddr.arpa
$ORIGIN 1.168.192.in-addr.arpa.
$TTL 6h
@ IN SOA lan.home.meinit.nl. root.meinit.nl. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS soekris.lan.meinit.nl.
1 PTR soekris.lan.meinit.nl.
$GENERATE 32-127 $ PTR $.lan.meinit.nl.
# cat 2.168.192.in-addr.arpa
$ORIGIN 2.168.192.in-addr.arpa.
$TTL 6h
@ IN SOA wifi.meinit.nl. root.meinit.nl. (
1 ; serial
1h ; refresh
30m ; retry
7d ; expiration
1h ) ; minimum
NS soekris.home.meinit.nl.
1 PTR soekris.wifi.meinit.nl.
$GENERATE 32-127 $ PTR $.wifi.meinit.nl.
And setup the DHCP server.
# cat /etc/dhcpd.confsubnet 192.168.1.0 netmask 255.255.255.0 {
option domain-name "lan.meinit.nl";
option domain-name-servers 192.168.1.1;
option routers 192.168.1.1;
range 192.168.1.32 192.168.1.127;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option domain-name "wifi.meinit.nl";
option domain-name-servers 192.168.2.1;
option routers 192.168.2.1;
range 192.168.2.32 192.168.2.127;
}
Finally configure your PF in /etc/pf.conf:
# wan is the interface to which the modem is connected.wan = sis0
# This is an extra interface, not in use right now, but you could connect a cable.
lan = sis1
# This is the (Prism 2) wireless network card. Clients will connect to this interface mostly.
wifi = wi0
scrub in all
nat on $wan from !($wan) to any -> ($wan)
Now beter reboot to activate all changes. (Sure you could start every daemon by hand...)
Courtesy : http://meinit.nl/configure-soekris-openbsd-wireless-nat-router
