Latest LQ Deal: Linux Power User Bundle
Go Back > Blogs > Musings on technology, philosophy, and life in the corporate world
User Name


Hi. I'm a Unix Administrator, mathematics enthusiast, and amateur philosopher. This is where I rant about that which upsets me, laugh about that which amuses me, and jabber about that which holds my interest most: Unix.
Rate this Entry

I am a networking idiot

Posted 10-01-2012 at 10:36 PM by rocket357
Updated 10-02-2012 at 09:22 AM by rocket357

So a while back I got my hands on a Cisco 2948 for my home network. Sure, it's only 10/100. Sure, it's an older model. Sure, it's EOL.

But damn it's sexy in my livingroom...48 ports of Cisco goodness. Port security! VLANS! So much more than my other "dumb" switches! Imagine the possibilities! I set off flipping knobs and tweaking everything as tight as I can. Months of restful sleep ensue, with my world protected by pf and a locked down switch.

Then I get this bright idea to "flip" my wireless network. See, when I get on my firewall, I want to run pfctl -ss and see what wireless clients are sucking up bandwidth...not just the NAT ip of the WAP. My WAP isn't that bright (ok, it manages ok with the *wireless* side of the house, but other than that it's crap). So I'd like to flip it.

Flip it, you say? Well, yes. I'd like to make the WAP network the same as my LAN. Nonsense, you say! That would allow attackers to get direct access to your LAN! Indeed, I reply...unless I'm filtering on a bridge...

I get a machine, install OpenBSD 5.2. I configure the bridge exactly like the OpenBSD FAQ says. I plug the WAP's *LAN* port into the second NIC of the bridge. Realize I have wireless isolation turned on on the WAP, and turn it off. Then, in the moment of truth, I ping across the bridge.

ping: sendto: Host is down

Sigh. I check my local settings (a brief misstep that will cost me dearly) and think...hrmmmm, I must need to refresh my dhcp lease? Two seconds later, no refresh. The wireless is borked.


Ok, I'll admit that was dumb. At first warning of broken-ness, I should have stopped typing and started thinking. It's what I typically do. But this time, I was feeling adventurous. I rechecked the bridge config. sysctl'd net.inet.ip.forwarding (dumb, I know). Set ip addresses on the bridge interfaces. Rebooted. Configured dhcrelay (yay, now I can dhcp a lease! I can't actually *USE* the lease, but I can get a lease!). Reboot again. Grumble in frustration, rewire the network (kids are wanting to watch Netflix and wife wants to use her phone again (it's been several hours, she says?). Blarg). Go to sleep pissed off.

Get home from work the next day, spend some time with friends and eat dinner. Clear headed now. Yay.

I walk over to my desk, rewire everything as it should be for the flip, and start up the bridge and such. Then I run tcpdump in a terminal and watch. Hrmmm...funny, the switch doesn't seem to be allowing...**more than one mac address per port**.

/me hangs head in shame and blogs about it.

Cisco owes me 9 hours of my life back. It'd never stand in court, obviously, but I'll take that to the grave!

Disclaimer: I don't really think Cisco owes me anything. If I did feel that way, I wouldn't be calling MYSELF an idiot in the title. Rest easy, lawyers, there will be no action here.
Posted in Uncategorized
Views 870 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 02:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration