Let's talk a little bit about putting a computer on a network! I will try to remember to bring my laptop today If I forget, we'll just do our best ifconfig: We've been parsing the output forever ifconfig to bring interfaces up or down Setting a MAC address - Why? Usually to impersonate a different computer route: Usually you run this: route add defaulg gw wherever_your_gateway_is Can make other routes, depending DNS: /etc/resolv.conf That's where the nameserver goes The more automatic way: dhclient dhclient interface dhcpcd is sometimes around instead Depends on a DHCP server being present and willing to talk - You can run your own DHCP server if you like Wifi: iwconfig and iwlist For a "polite" network, that's all you need Trust has been on the decline - Lots of people won't give a stranger a lift either - A few ruin it for the rest - Were you there for CS101 augmented reality? wpa_supplicant: And lcsc config example Other types of authentication work differently Is this too much work? wicd NetworkManager Connect to strongest AP? - Most people run their systems that way - Strong cards and WWU VU - Hostap Drivers! Usually these aren't a problem, but they can be - Linux on macs (why? Why not?) Chipsets - There's nothing new under the sun It used to be a good idea to verify compatibility Making your computer a firewall/DHCP server/NAT/Router/etc Example on nimrod I do this with orcrist sometimes - MAC addresses and dorms jen, fwstart scripts - These probably don't work on FreeBSD How fast are networks really? Bandwidth - a byte is 8 bits - half a byte is a nibble (not joking) - Bandwidth can be rated in bits/second OR bytes/second + Gb = gigabit, GB = gigabyte, don't trust this - SI prefixes, kind of Latency Think about this when you decide to do something over a network! - LAN - Cable and DSL, wifi - Cell network - Dial-up Internal computer interfaces are faster - Main memory, FSB, PCI-Express, etc Proprietary stuff is out there too CrayLink / NUMAlink "gateway of last resort" term: ChatGPT says it's the default gateway Actually using a computer as a router Note: There are OS features to make this easy (connection sharing, etc) Demo of using a laptop as a router Piece of the puzzle #1: How are you going to see what I'm doing? First: The projector! Hopefully this is working already Second: We can SSH into it so the screen share looks good Piece #2: Connecting them together with a little subnet We'll give each of them an address in 172.16 Can they communicate? (hopefully!) Piece #3: Putting ocrist online (might already be) We'll do this as manually as possible! Automation hides the details wpa_supplicant to handle the WPA authentication Then we'll use dhclient to run DHCP Let's see what we ended up with for a routing table (netstat -r) Two ways we could go from here: Bridging: Just send traffic back and forth without change IP range NAT: Have a different IP range on each side of orcrist Piece #4: Using NAT We could set gateway_enable="YES" in rc.conf to turn this on all the time I don't want to Makes it easy to cause a weird problem sysctl net.inet.ip.forwarding needs to be set to 1 There's a /proc file in Linux that'll do the equivalent thing Setting a route to the little network isn't really needed in this case Because we're directly connected to 172.16 So we can talk to either the Internet or our other computer! /etc/pf.conf and pfctl Run like this: pfctl -nvf /etc/pf.conf Take out "n" to have it actually add the route Good to verify first! A suggestion from the FreeBSD Handbook: ext_if = "xl0" # macro for external interface - use tun0 for PPPoE int_if = "xl1" # macro for internal interface localnet = $int_if:network # ext_if IP address could be dynamic, hence ($ext_if) nat on $ext_if from $localnet to any -> ($ext_if) block all pass from { lo0, $localnet } to any keep state Does it work? (who knows!) Piece #5: Not using NAT Bridging: Basically, we'll just pass traffic through in a transparent manner Our presence will be invisible! ifconfig bridge create ifconfig bridge0 ifconfig bridge0 addm wlan0 addm em0 up (and have both interfaces actually up) Bridge can have an IP address if we want it to Do we? Probably Will this work? I couldn't get it to work with wifi, but I'll try wired Couple other things we could do: Since the switch ports aren't set to trunk (probably), we can't play with vlans Could otherwise - Linux and FreeBSD are happy to play ball STP/RSTP: Linux and FreeBSD are again happy to play ball I doubt the switch wants to, certainly not the AP Alright, we've put orcrist into the middle in a couple configurations Let's run wireshark on ocrcist and spy on the other computer! Could you use this in other ways? Sure! We could, for example, set up our own wifi network Just need another card