服务器搭建手册标准版之openbsd的上网共享设置

  • 安装openbsd

安装过程暂时略

  • 配置openbsd上网共享
  • 设置ppp拔号上网.

#cd /etc/ppp/

 

建立ppp.conf ,ppplinkdown,ppplinkup 三个文件

#vi ppp.conf  内容如下:

##############ppp.conf#######################

default:

set log Phase Chat IPCP CCP tun command

set redial 15 0

set reconnect 15 10000

pppoe:

set device “!/usr/sbin/pppoe -i rl1”

disable acfcomp protocomp

deny acfcomp

set mtu max 1492

set crtscts off

set speed sync

enable lqr

set lqrperiod 5

set cd 5

set dial

set login

set timeout 0

set authname “gzDSL08052682@163.gd”

set authkey  OFAQRGIS

add! default HISADDR

enable dns

enable mssfixup

#vi ppp.linkdown  内容如下:

#############ppp.linkdown###############

MYADDR:

! sh -c “/sbin/pfctl -d -F all”

! sh -c “kill `cat /var/run/pflogd.pid`”

! sh -c “/sbin/ifconfig pflog0 down”

! sh -c “/sbin/route delete default”

 

#vi ppp.linkup 内容如下:

################ppp.linkup###################

MYADDR:

! sh -c “/sbin/ifconfig pflog0 up”

! sh -c “/sbin/pflogd”

! sh -c “/sbin/pfctl -e -F all -f /etc/pf.conf”

 

  • 设置pf防火墙

#cd /etc

#vi pf.conf 内容如下:

###############pf.conf############################

ext_if=”tun0″

int_if=”rl0″

int_addr=”192.168.1.0/24″

router_ip=”192.168.1.57″

services=”{ ssh, www, domain }”

set timeout { interval 10, frag 30 }

set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }

set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }

set timeout { udp.first 60, udp.single 30, udp.multiple 60 }

set timeout { icmp.first 20, icmp.error 10 }

set timeout { other.first 60, other.single 30, other.multiple 60 }

set timeout { adaptive.start 0, adaptive.end 0 }

set limit { states 10000, frags 5000 }

set loginterface tun0

set optimization normal

set block-policy drop

set require-order yes

set fingerprints “/etc/pf.os”

 

scrub in on $ext_if all fragment reassemble

nat on $ext_if from $int_addr to any -> $ext_if

rdr on $int_if proto tcp from !$router_ip to !$int_addr port ftp -> 127.0.0.1 port 8021

 

pass in quick on lo0 all

pass out quick on lo0 all

 

block return-rst in on $ext_if proto tcp all

block return-rst out on $ext_if proto tcp all

block return-icmp in on $ext_if proto udp all

block return-icmp out on $ext_if proto udp all

 

block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP

block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA

block in log quick on $ext_if inet proto tcp from any to any flags /SFRA

 

pass in quick on $ext_if inet proto icmp from any to any icmp-type { echorep, echoreq, timex, unreach }

block in log quick on $ext_if inet proto icmp from any to any

 

pass in quick on $ext_if inet proto udp from any to any port domain

pass in quick on $ext_if inet proto tcp from any to any port $services flags S/SAFR keep state

pass in quick on $ext_if inet proto tcp from any to any port > 30000 user proxy flags S/SAFR keep state

pass out quick on $ext_if all modulate state

 

block in on $ext_if all

block out on $ext_if all

 

c、修改rc.local 增加ppp的启动项

#vi /etc/rc.local

在最后加下这一句:

/usr/sbin/ppp -ddial pppoe

 

  • 启动openbsd的路由转向功能.

# vi /etc/sysctl.conf

 

取消

#net.inet.ip.forwarding=1

前面的#注解符。最后变成:

net.inet.ip.forwarding=1

 

重启服务器

以下文章点击率最高

Loading…

发表评论