Возможно вы искали: 'Fading Footsteps'

May 15 2025 17:56:06

Статистика

Статей: 87772
Просмотров: 96111483

Игры

Injustice: Gods Among Us ...
Dark Souls 2 Dark Souls II - вторая часть самой хардкорной ролевой игры 2011-2012 года, с новым героем, сюжето...
Battlefield 4 Battlefield 4 - продолжение венценосного мультиплеер-ориентированного шутера от первого ли...

Кино

Steins;Gate Любители японской анимации уже давно поняли ,что аниме сериалы могут дать порой гораздо больше пи...
Ку! Кин-дза-дза Начинающий диджей Толик и всемирно известный виолончелист Владимир Чижов встречают на шумной моск...

Обзоры на игры

• Обзор Ibara [PCB/PS2]	18357
• Обзор The Walking ...	18801
• Обзор DMC: Devil M...	19879
• Обзор на игру Valk...	15877
• Обзор на игру Stars!	17764
• Обзор на Far Cry 3	17948
• Обзор на Resident ...	16024
• Обзор на Chivalry:...	17508
• Обзор на игру Kerb...	17981
• Обзор игры 007: Fr...	16619

Превью о играх

• Превью к игре Comp...	17960
• Превью о игре Mage...	14464
• Превью Incredible ...	14721
• Превью Firefall	13479
• Превью Dead Space 3	16334
• Превью о игре SimC...	14730
• Превью к игре Fuse	15442
• Превью Red Orche...	15542
• Превью Gothic 3	16343
• Превью Black & W...	17354

Главная » Статьи » Разное » Пример настройки router/firewall под OpenBSD (eng) (route firewall openbsd ipfilter example)

Пример настройки router/firewall под OpenBSD (eng) (route firewall openbsd ipfilter example)

Ключевые слова: route, firewall, openbsd, ipfilter, example, (найти похожие документы)

From: Evan S <kaworu@sektor7.ath.cx>
Subject: Пример настройки router/firewall под OpenBSD (eng)

Setting up an OpenBSD router/firewall
----------------------------
Evan S / kaworu@sektor7.ath.cx

You're probably a geek like me. You have atleast seven boxen laying
around, waiting to access the outside world. Just recently, I aquired
a cable modem, so I said to myself, what better time than now? I went
over a list of possible hardware solutions for my router.

1. Linksys Cable Modem/DSL router. $150
2. A Linux box acting as a router.
3. An OpenBSD box acting as a router.

I immidately crossed off the first option, since, I had a 486 laying
around doing nothing, plus, it was very expensive. Now, I had to
decide between Linux and OpenBSD. If you're very comfortable with
Linux, have cards that work with it, than choose Linux. I choose
OpenBSD for the following reasons:

1. An OpenBSD router is %15 faster than Linux, and FreeBSD-based
routers.
2. It is the most secure operating system in the world.
However, I did have a hell of a time finding the network cards for it.
I suggest buying two 3c509B 3com ISA network cards. Unfortunitley,
they're isapnp, but, all I had to do was insert the driver disk, and
set the I/Os and irqs, it wasn't that hard.

In OpenBSD, I have ep0, and ep1. I connected ep0 to my cable modem,
and ep1 to my switch.

ifconfig output:
ep0: flags=8863 mtu 1500
media: Ethernet 10baseT
inet6 fe80::220:afff:fe17:38c9%ep0 prefixlen 64 scopeid 0x1
inet 146.115.66.104 netmask 0xfffffe00 broadcast 255.255.255.255
ep1: flags=8863 mtu 1500
media: Ethernet 10baseT
inet 169.69.6.1 netmask 0xffffff00 broadcast 169.69.6.255
inet6 fe80::2a0:24ff:fe2b:4886%ep1 prefixlen 64 scopeid 0x2

My network runs on 169.69.6.0/24. Now, here comes the NAT part of the
process. Be sure you have these options set:

1. Adding an entry to /etc/rc.conf looking like:
ipfilter=YES
ipnat=YES # for "YES" ipfilter must also be "YES"
ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering
ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation

2. Edit /etc/ipnat.rules
Just for clarifiaction. /32 does an ifconfig and grabs the ip adress
of the interface. So ep0/32 = 146.115.66.104

example: (change these values to fit your network)

# $OpenBSD: ipnat.rules,v 1.2 1999/05/08 16:33:10 jason Exp $
#
# See /usr/share/ipf/nat.1 for examples.
# edit the ipnat= line in /etc/rc.conf to enable Network Address Translation

map ep0 169.69.6.0/24 -> ep0/32 portmap tcp/udp 1024:20000
# maps tcp/udp connections on my network through ports 1024 -> 20000
map ep0 169.69.6.0/24 -> ep0/32
# maps ICMP, etc
rdr ep0 ep0/32 port 24 -> 169.69.6.5 port 22
# redirects traffic coming from the outside on port 24 to my sparc on port 22
rdr ep0 ep0/32 port 25 -> 169.69.6.5 port 25
# redirects traffic coming from the outside on port 25 to my sparc on port 25

3. Edit /etc/sysctl.conf to allow IP forwarding:
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets

4. Reboot

Everything should work now. On your other Unix boxen, type these
commands:

route add default $IPADDRESSOFROUTER
edit /etc/resolv.conf and enter the ip addresses of your ISPs nameserver.
try and ping the outside world, it should work.

In Windows, go to control panel and do that stuff.

Firewall Configuration:
This is probably _the_ most important part of your configuration
process. Read themanpage on ipf, and configure the firewall to fit
your needs. Mine is configured as such:

from /etc/ipf.rules

# $OpenBSD: ipf.rules,v 1.6 1997/11/04 08:39:32 deraadt Exp $
#
# IP filtering rules. See the ipf(5) man page for more
# information on the format of this file, and /usr/share/ipf
# for example configuration files.
#
# Pass all packets by default.
# edit the ipfilter= line in /etc/rc.conf to enable IP filtering
#
# block in on tun0 proto tcp from any to any port = 6000
# block in on tun0 proto tcp from any to any port = 111
# pass in from any to any
# pass out from any to any
# Misc rules
pass in log on ep0 proto tcp from any to any port = 22
block in log proto icmp all icmp-type 8
block in log proto icmp all icmp-type 13
block in log proto icmp all icmp-type 15
block in log proto icmp all icmp-type 17
block in log on ep0 proto tcp from any to any port = 3306

# Deny outside illegals
block in log quick on ep0 from 0.0.0.0/32 to any
block in log quick on ep0 from 255.255.255.255/32 to any
block in log quick on ep0 from 127.0.0.0/8 to any
block in log quick on ep0 from any to 0.0.0.0/32
block in log quick on ep0 from any to 255.255.255.255/32
block in log quick on ep0 from any to 127.0.0.0/8

#never pakets
block in log quick on ep0 from 192.168.0.0/16 to any
block in log quick on ep0 from 172.16.0.0/12 to any
block in log quick on ep0 from 10.0.0.0/8 to any
block in log quick on ep0 from 192.168.6.0/16 to any

Ссылки

HTML:
[BB Url]:

Похожие статьи
Название	Добавил	Добавлено
• Пример настройки router/firewall по...	Vova	08.05.2012

Ни одного комментария? Будешь первым :).

Пожалуйста, авторизуйтесь для добавления комментария.

Статьи

Рецензия на Pressure Чтобы обратить на себя внимание, начинающие маленькие разработчики, как правило, уходят в жанры, ...
Рецензия на Lost Chron... Игры, сделанные без любви и старания, похожи на воздушный шар – оболочка есть, а внутри пусто. Lo...
Рецензия на The Bridge «Верх» и «низ» в The Bridge — понятия относительные. Прогуливаясь под аркой, можно запросто перей...
Рецензия на SimCity Когда месяц назад состоялся релиз SimCity, по Сети прокатилось цунами народного гнева – глупые ош...
Рецензия на Strategy &... Название Strategy & Tactics: World War II вряд ли кому-то знакомо. Зато одного взгляда на ее скри...
Рецензия на игру Scrib... По сложившейся традиции в информационной карточке игры мы приводим в пример несколько похожих игр...
Рецензия на игру Walki... Зомби и продукция-по-лицензии — которые и сами по себе не лучшие представители игровой биосферы —...