...
Here, we replicate the relevant configuration already present on server.lastschl.av as a starting point. The test virtual machine will have two network interfaces, one serving as uplink on a 192.168.10.0/24 network (IP 192.168.10.52), and one to connect to the wifi routersNASes/clients supplicants on a 192.168.9.0/24 network (IP 192.168.9.1). The FQDN will be server.test.av.
...
The host computer has two network interfaces, one connected to a network uplink and another connected to a couple of wifi routersNASes. Each VirtualBox virtual interface is bridged to a different physical adapter. Network configuration is now as follows (interface name seen in guest OS - Adapter name in VirtualBox settings - Adapter "Attached to" setting in VirtualBox settings - Physical interface bridged to):
...
enp0s8 - Adapter 2 - Bridged adapter - physical interface connected to wifi routersNASes
Booted the VM, logged in to the GUI, connected using DHCP with network manager
...
Add to /etc/shorewall/rules (replace IP addresses with actual IP address of wifi routersNASes):
Code Block |
---|
# At the top of the file: ?SECTION ALL # Allow the server and NASes to talk RADIUS and HTTP (web interface) ACCEPT wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW tcp - 80 ACCEPT $FW wifi:192.168.9.2,192.168.9.3,192.168.9.4 tcp 80 - ACCEPT wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW udp 1812 - ACCEPT $FW wifi:192.168.9.2,192.168.9.3,192.168.9.4 udp - 1812 # But, reject anything else to and from any other device part of the 192.168.9.0/24 network that is not part of any dynamic zone REJECT wifi all - - - REJECT all wifi - - - ?SECTION NEW # At the end of the file: ACCEPT:INFO(uid) wifi:192.168.9.2,192.168.9.3,192.168.9.4 $FW udp 1812 |
...
Modify /etc/freeradius/3.0/clients.conf, comment the 'client localhost' and 'client localhost_ipv6' section and add (replace with actual IP addresses of wifi routersNASes):
Code Block |
---|
client wifi-ap1 { ipaddr = 192.168.9.2 secret = password # Replace with an actual password } client wifi-ap2 { ipaddr = 192.168.9.3 secret = password # Replace with an actual password } client wifi-ap3 { ipaddr = 192.168.9.4 secret = password # Replace with an actual password } |
...