1)まずは
internet
|
run0
openbsd
fxp0 fxp1 em0
と openbsd に
一枚のwifi: run0
三枚のNIC: fxp0 fxp1 em0
の場合です。
$ cat /etc/hostname.fxp0
up
$ cat /etc/hostname.fxp1
up
$ cat /etc/hostname.em0
up
して
# cat /etc/hostname.vether0
inet 192.168.1.1 255.255.255.0 192.168.1.255
up
して
# cat /etc/hostname.bridge0
add vether0
add fxp0
add fxp1
add em0
up
します。
すると DHCPDサーバーは
$ cat /etc/dhcpd.interface
vether0
$ cat /etc/dhcpd.conf
option domain-name-servers 8.8.8.8;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
filename "pxelinux.0";
range 192.168.1.32 192.168.1.127;
}
pfつまりfirewallは
# cat /etc/pf.conf
ext_if="run0"
int_if="vether0"
tcp_services="{ 22, 80, 143, 587 }" # submisson port
icmp_types="echoreq"
set block-policy return
set loginterface $ext_if
set skip on lo
match out on $ext_if inet from !($ext_if:network) to any nat-to ($ext_if:0)
set reassemble yes no-df
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on $ext_if inet proto tcp from any to ( $ext_if:0 ) port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
です。
以上にて ifconfigは 以下です -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
priority: 0
groups: lo
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:e0:81:2a:bd:0f
priority: 0
media: Ethernet autoselect (none)
status: no carrier
fxp0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:a0:c9:6d:3f:83
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
fxp1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:a0:c9:27:dc:91
priority: 0
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
priority: 0
groups: enc
status: active
run0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr dc:fb:02:58:a7:cd
priority: 4
groups: wlan egress
media: IEEE802.11 autoselect (DS1 mode 11g)
status: active
ieee80211: nwid URoad-662EA0 chan 2 bssid 00:1d:93:66:2e:a0 41dBm wpakey 0x80d48807c087a4cacbbc320ae43060ea4968c557eb3617f79938b64814467a82 wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp wpagroupcipher tkip
inet 192.168.100.101 netmask 0xffffff00 broadcast 192.168.100.255
vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:49:8f
priority: 0
groups: vether
media: Ethernet autoselect
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
bridge0: flags=41<UP,RUNNING>
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
vether0 flags=3<LEARNING,DISCOVER>
port 7 ifpriority 0 ifcost 0
fxp0 flags=3<LEARNING,DISCOVER>
port 2 ifpriority 0 ifcost 0
fxp1 flags=3<LEARNING,DISCOVER>
port 3 ifpriority 0 ifcost 0
em0 flags=3<LEARNING,DISCOVER>
port 1 ifpriority 0 ifcost 0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33144
priority: 0
groups: pflog
0 件のコメント:
コメントを投稿