Discussion:
Routing between two internal networks
(too old to reply)
Jan Danielsson
2018-05-12 21:43:09 UTC
Permalink
Hello,

I have a NetBSD router where re0 is the external interface and wm0 is
the LAN. I added a new wifi access point to wm1 and created a separate
/24 segment for it. I.e.:

re0 - external interface
wm0 - wired lan, 192.168.4.0/24
wm1 - wifi lan, 192.168.16.0/24

/etc/npf.conf contains:

map $ext_if dynamic 192.168.4.0/24 -> $ext_v4
map $ext_if dynamic 192.168.16.0/24 -> $ext_v4

This works fine, but I would like to be able to access the management
interface for the wifi access point (192.168.16.2) from the wired lan.
What's the appropriate way to make it possible to reach the wifi LAN
from the wired LAN (for the purpose of accessing the http(s)-based
management interface)?
--
Kind Regards,
Jan Danielsson

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Edgar Fuß
2018-05-13 10:51:38 UTC
Permalink
Post by Jan Danielsson
What's the appropriate way to make it possible to reach the wifi LAN
from the wired LAN
1. You need net.inet.ip.forwarding=1 on the gateway machine (you probably
have that already).
2. I don't know npf, but maybe you need to tell it not to block packets
to be routed between two private networks.
3. You need to tell the machine on the wired LAN that the wifi net is
accessable through the gateway machine, i.e. route add net 192.168.16.0
netmask 255.255.255.0 192.168.4.XXX (where XXX is the gateway machine's
address on the wired net) and the other way round. Either of these
(or both) may be already covered by default routes.
Post by Jan Danielsson
for the purpose of accessing the http(s)-based management interface
It would be easier to add a management address in the wired LAN if that's
possible.

If you try to ping the managent addr from the LAN, what's the problem?

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Andy Ruhl
2018-05-20 13:08:49 UTC
Permalink
On Sat, May 12, 2018 at 2:43 PM, Jan Danielsson
Post by Jan Danielsson
Hello,
I have a NetBSD router where re0 is the external interface and wm0 is
the LAN. I added a new wifi access point to wm1 and created a separate
re0 - external interface
wm0 - wired lan, 192.168.4.0/24
wm1 - wifi lan, 192.168.16.0/24
map $ext_if dynamic 192.168.4.0/24 -> $ext_v4
map $ext_if dynamic 192.168.16.0/24 -> $ext_v4
This works fine, but I would like to be able to access the management
interface for the wifi access point (192.168.16.2) from the wired lan.
What's the appropriate way to make it possible to reach the wifi LAN
from the wired LAN (for the purpose of accessing the http(s)-based
management interface)?
(Re-posting reply because my previous one may have been in HTML which
is filtered out by the list tool.)

You shouldn't have to do anything.

Once you put an address on the wm1 interface there should be a connected
route in the routing table, and the machine should choose that route before
any other.

If it doesn't work, it could be an npf thing in which case I don't know off
hand how to solve that. I haven't spent much time with npf yet. Turning off
npf would confirm that.

Andy

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Jan Danielsson
2018-05-22 15:40:50 UTC
Permalink
On 2018-05-20 15:08, Andy Ruhl wrote:
[---]
Post by Andy Ruhl
Once you put an address on the wm1 interface there should be a connected
route in the routing table, and the machine should choose that route before
any other.
If it doesn't work, it could be an npf thing in which case I don't know off
hand how to solve that. I haven't spent much time with npf yet. Turning off
npf would confirm that.
Yeah, I'm an idiot. I had a shell session saved in a text file which
I was supposed to paste into the original mail -- but I forgot. What it
shows is that I could ping the access point but I could not reach it via
http, so I'm pretty sure it wasn't really a routing issue.

It works now though.
--
Kind Regards,
Jan Danielsson

--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
Loading...