sis0, configured with DHCP.
supersede domain-name "narf.ssji.net";
The internal network is both an ethernet link and a WPA protected wireless network. Both interfaces are bridged together so that they actually are a single segment. For some reason, it seems that the wireless interface has to be configured with an address for it to be brought up properly.
ath0, static IP, access point.
group internal inet 192.168.103.1 255.255.255.0 192.168.103.255 \ media autoselect mode 11b mediaopt hostap chan 11 \ nwid narf wpa wpapsk `wpa-psk narf MYWPAKEY` inet6 alias 2001:6f8:3d8:103::1 64 inet6 alias 2001:6f8:3d8:103::0 64
The last alias is to support the Subnet-Router anycast address.
sis1, just brought up, as the IP traffic will be forwarded on the bridge and handled by the wireless interface.
group internal up
add sis1 add ath0 up
As muDrublic now has a second working wireless interface, we use it to provide a restricted open access wireless network.
group public nwid narf-open mediaopt hostap chan 1 inet 192.168.42.1 255.255.255.0 192.168.42.255 inet6 alias 2001:6f8:3d8:42::1 64
Using ARPWatch provides a handy way to keep track of who connected to the public network, and when they did so.
$ sudo pkg_add arpwatch
It has to be enabled at boot, in
if [ -x /usr/local/sbin/arpwatch -a -d /var/arpwatch ]; then /usr/local/sbin/arpwatch -i rtw0 && echo -n ' arpwatch' fi
aiccu daemon is in the packages.
$ sudo pkg_add aiccu
It is configured in
/etc/aiccu.conf and started at boot in
if [ -x /usr/local/sbin/aiccu -a -f /etc/aiccu.conf ]; then echo -n ' aiccu' /usr/local/sbin/aiccu start fi
The IPv6 prefix is configured in
ath0 and propagated on the ethernet network thanks to the bridge. The open wireless network also has an IPv6 prefix.
To start it at boot, an entry has to be added to