Bridge between two LANs with OpenBSD

My router is sharing the internet connection for an ethernet network and a Wi-Fi network. Both of them where on their own sub-networks.

On my iPhone (using the Wi-Fi network), I have the Remote application, allowing to control the iTunes on my Mac (which is using the ethernet network). Since they are not in the same network, it doesn't work (even if routes are properly specified). The solution is to create a bridge for those two networks.

I already blogged about how I configured Wi-Fi on my OpenBSD router.

Bridge configuration

Here is the configuration of the interfaces (rl0 is the ethernet interface and rum0 is the Wi-Fi interface):

/etc/hostname.rl1

inet 192.168.2.254 255.255.255.0 NONE

Nothing specific as expected.

/etc/hostname.rum0

up media autoselect mode 11g mediaopt hostap nwid <SSID> wpa wpaprotos wpa2 wpaakms psk wpapsk <SHARED KEY>

Here there is a slight modification, an IP address is not needed anymore. Bridge configuration:

/etc/bridgename.bridge0

add rl1
add rum0
up

PF

Be sure that PF is allowing packets between the two interfaces, in /etc/pf.conf you should have something like this:

int_if="rl1"
wlan_if="rum0"

pass quick on $int_if no state
pass quick on $wlan_if no state

It's a bit simplistic, you may write more sophisticated filtering rules depending on your needs.

DHCP

My router is also acting as a DHCP for ethernet and Wi-Fi devices. To activate DHCP, add the following line in /etc/rc.conf.local:

dhcpd_flags=""

Tell dhcpd to listen on rl1 only (rum0 does not have any IP so we don't have to bind dhcpd to it):

/etc/dhcpd.interfaces

rl1

dhcpd configuration:

/etc/dhcpd.conf

shared-network LAN {
  option domain-name "example.net";
  option domain-name-servers <primary_dns_ip>, <secondary_dns_ip>;

  subnet 192.168.2.0 netmask 255.255.255.0 {
    option routers 192.168.2.254;
    range 192.168.2.32 192.168.2.127;
  }
}

Links

• http://www.openbsd.org/faq/faq6.html#Bridge
• http://www.openbsd.org/faq/pf/index.html