'Re: nat-to private address'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: nat-to private address
From:       Tuyosi Takesima <nakajin.fujio () gmail ! com>
Date:       2014-06-28 5:01:42
Message-ID: CANpZ6aFRptbGM2pfmm+FCDUBZC2adWWmfDEs1ocfhTw7CAp_6g () mail ! gmail ! com
[Download RAW message or body]

Hi all .

i add some .

USB memory only 2GB running openbsd works as dhcpd  + nat .

namely
sd1 at scsibus2 targ 1 lun 0: <TDKMedia, Trans-It Drive, PMAP> SCSI0
0/direct removable serial.1d0d0211078C0D1310DE
sd1: 1900MB, 512 bytes/sector, 3891200 sectors
root on sd1a (4ef3e82a493a09dc.a) swap on sd1b dump on sd1b

# df
Filesystem  512-blocks      Used     Avail Capacity  Mounted on
/dev/sd1a      3697340    481116   3031360    14%    /

and
original pf.conf
+
match out on rum0 from !rum0:network to any nat-to (rum0)
can nat .

it is very convinient to remember.
later think deeply , and rewrite pf.conf.

sorry , I abbrebiate 1 point .
cat /etc/rc.conf.local
dhcpd_flags=""  #NO             # for normal use: ""


cat /etc/pf.conf
#       $OpenBSD: pf.conf,v 1.53 2014/01/25 10:28:36 dtucker Exp $

set skip on lo
block return    # block stateless traffic
pass            # establish keep-state
#######################
match out on rum0 from !rum0:network to any nat-to (rum0)
#######################
# rum0 is firewall's ext_if
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010


# pfctl -ss
all tcp 192.168.11.1:22 <- 192.168.11.3:35074       ESTABLISHED:ESTABLISHED
all udp 192.168.11.255:631 <- 192.168.11.3:631       NO_TRAFFIC:SINGLE

# pfctl -sr
block return all
pass all flags S/SA
match out on rum0 inet from ! 192.168.100.0/24 to any nat-to (rum0) round-robin
block return in on ! lo0 proto tcp from any to any port 6000:6010

In linux I pkg_add udhcpd , and iptables is too complex to deal with .
So ,openbssd is greeat .

-------------------------
Bye . tuyosi takesima .
http://openbsd-akita.blogspot.jp/2014/06/openbsad-runs-on-usb-memory-no-need-hdd.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic