- 安装openbsd
安装过程暂时略
- 配置openbsd上网共享
- 设置ppp拔号上网.
#cd /etc/ppp/
建立ppp.conf ,ppplinkdown,ppplinkup 三个文件
#vi ppp.conf 内容如下:
##############ppp.conf#######################
default:
set log Phase Chat IPCP CCP tun command
set redial 15 0
set reconnect 15 10000
pppoe:
set device “!/usr/sbin/pppoe -i rl1”
disable acfcomp protocomp
deny acfcomp
set mtu max 1492
set crtscts off
set speed sync
enable lqr
set lqrperiod 5
set cd 5
set dial
set login
set timeout 0
set authname “gzDSL08052682@163.gd”
set authkey OFAQRGIS
add! default HISADDR
enable dns
enable mssfixup
#vi ppp.linkdown 内容如下:
#############ppp.linkdown###############
MYADDR:
! sh -c “/sbin/pfctl -d -F all”
! sh -c “kill `cat /var/run/pflogd.pid`”
! sh -c “/sbin/ifconfig pflog0 down”
! sh -c “/sbin/route delete default”
#vi ppp.linkup 内容如下:
################ppp.linkup###################
MYADDR:
! sh -c “/sbin/ifconfig pflog0 up”
! sh -c “/sbin/pflogd”
! sh -c “/sbin/pfctl -e -F all -f /etc/pf.conf”
- 设置pf防火墙
#cd /etc
#vi pf.conf 内容如下:
###############pf.conf############################
ext_if=”tun0″
int_if=”rl0″
int_addr=”192.168.1.0/24″
router_ip=”192.168.1.57″
services=”{ ssh, www, domain }”
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface tun0
set optimization normal
set block-policy drop
set require-order yes
set fingerprints “/etc/pf.os”
scrub in on $ext_if all fragment reassemble
nat on $ext_if from $int_addr to any -> $ext_if
rdr on $int_if proto tcp from !$router_ip to !$int_addr port ftp -> 127.0.0.1 port 8021
pass in quick on lo0 all
pass out quick on lo0 all
block return-rst in on $ext_if proto tcp all
block return-rst out on $ext_if proto tcp all
block return-icmp in on $ext_if proto udp all
block return-icmp out on $ext_if proto udp all
block in log quick on $ext_if inet proto tcp from any to any flags FUP/FUP
block in log quick on $ext_if inet proto tcp from any to any flags SF/SFRA
block in log quick on $ext_if inet proto tcp from any to any flags /SFRA
pass in quick on $ext_if inet proto icmp from any to any icmp-type { echorep, echoreq, timex, unreach }
block in log quick on $ext_if inet proto icmp from any to any
pass in quick on $ext_if inet proto udp from any to any port domain
pass in quick on $ext_if inet proto tcp from any to any port $services flags S/SAFR keep state
pass in quick on $ext_if inet proto tcp from any to any port > 30000 user proxy flags S/SAFR keep state
pass out quick on $ext_if all modulate state
block in on $ext_if all
block out on $ext_if all
c、修改rc.local 增加ppp的启动项
#vi /etc/rc.local
在最后加下这一句:
/usr/sbin/ppp -ddial pppoe
- 启动openbsd的路由转向功能.
# vi /etc/sysctl.conf
取消
#net.inet.ip.forwarding=1
前面的#注解符。最后变成:
net.inet.ip.forwarding=1
重启服务器
以下文章点击率最高
Loading…