> The main point is that there are so many things to do in Linux in order to
> configure it for masquerading (Recompiling Kernel etc). There also so many
> different commands that do exactly the same thing but in different ways. If a
> person is starting off in firewalling it's not good to overwhelm them with
> information. With OpenBSD, you simply edit stuff that's already there, for
> example. These are the steps i would take to setup a gateway on a brand newly
> setup OpenBSD machine:
>
> Uncomment the following in /etc/sysctl.conf
>
> net.inet.ip.forwarding=1
> net.inet6.ip6.forwarding=1 (if using IPv6)
>
> Uncomment and edit this line in /etc/pf.conf (stuff in <> needs to be edited,
> stuff in [] is optional)
>
> nat [pass] on <interface> [af] from <src_addr> [port src_port] to <dst_addr>
> [port <dst_port>] -> <ext_addr> [pool_type] [static-port]
>
> You may then reboot the machine or just issue the following two commands:
>
> # sysctl net.inet.ip.forwarding=1
>
> Or
>
> # sysctl net.inet6.ip6.forwarding=1 (if using IPv6)
>
> Then
>
> # pfctl -f /etc/pf.conf
>
> You now have a fully working NAT box.
>
> To perform IP forwarding uncomment the port redirect line in pf.conf and
> modify it to your taste then issue:
>
> # pfctl -f /etc/pf.conf
>
> The default configuration for the machine has zero known security holes.
> (have a look at www.openbsd.org for security info)
>
> Regards,
>
> Ken
>
Forgive me if I'm new to the OpenBSD approach, but I've installed OpenBSD 3.6
on a laptop with 2 PCMCIA cards, and I cannot get any of my clients behind the
firewall to see beyond the firewall.
My two network cards are setup as:
bsdrouter# ifconfig ep1
ep1: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:60:97:87:8b:4d
media: Ethernet 10baseT
inet 172.16.1.100 netmask 0xffff0000 broadcast 172.16.255.255
inet6 fe80::260:97ff:fe87:8b4d%ep1 prefixlen 64 scopeid 0x5
bsdrouter# ifconfig ep2
ep2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:10:4b:ec:64:80
media: Ethernet 10baseT
inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
inet6 fe80::210:4bff:feec:6480%ep2 prefixlen 64 scopeid 0x6
I've got IP forwarding enabled:
bsdrouter# cat /etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
Finally I've setup pf.conf:
bsdrouter# cat /etc/pf.conf
f="ep1"
int_if="ep2"
nat on $ext_if from !($ext_if) -> ($ext_if:0)
I rebooted the machine after the above network setup, and while I'm
on the router I can see the 192.168.3.x network, the 172.16.x.x network,
and the internet. But my Windows machines behind the firewall cannot
reach beyond the firewall even though the OpenBSD router is set as the
default gateway. On machines on the 172.16.x.x network, I can reach the
router at 172.16.1.100 and the machines behind the router (if I add a route
to the 172.16.x.x machines).
Has anyone experienced this before?
Thanks,
Mike
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
