Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Howto make an after installation?

INSTALLATION

Howto make an after installation?

by  OpenBsdRulez  Posted    (Edited  )
##########################ip forwarding ####################
vi /etc/sysctl.conf
(change here)
#net.inet.ip.forwarding=0
(in)
net.inet.ip.forwarding=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535


#########################ssh inlog config ##################

vi /etc/ssh/sshd_config
(change here)
#Port 22PermitRootLogin no
#Port 22
#Protocol 2,1
#PermitRootLogin yes
(in)
PermitRootLogin no
Port 22PermitRootLogin no
Port 22
Protocol 2,1

#####################add wheel group users #################
vi /etc/group
(change here)
wheel:*:0:root
(in)
wheel:*:0:root,user1,user2


####################make some sudoers ######################
vi /etc/sudoers
(change here)
root ALL=(ALL) ALL
(in)
root ALL=(ALL) ALL
user1 ALL=(ALL) ALL
user2 ALL=(ALL) ALL


##################### rc.config deamons ####################

# vi /etc/rc.conf.local

(put this in rc.conf.local)
sendmail_flags="-L sm-mta -bd -q30m"
inetd=NO
dhcpd_flags="-q rl1"
smbd=YES
nmbd=YES
httpd_flags=""
named_flags=""
named_user=named
named_chroot=/var/named
sshd_flags=""
check_quotas=YES
ntpd=NO
pf=YES

(end of file)


########################firewall############################
# vi /etc/pf.conf

(put this in pf.conf)

#/etc/pf.conf OpenBSD

#declarations
EXTIF="rl0"
INTIF="rl1"
LOCALIF="lo0"
LAN="192.168.0.0/24"
NO_ROUTE="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

#section options
set loginterface $EXTIF
set limit { states 10000, frags 10000 }
set optimization normal

#section scrub
scrub in all

#section NAT
nat on $EXTIF from 192.168.0.0/24 to any -> $EXTIF

#section filter
block log all
pass on $LOCALIF all

antispoof log quick for $INTIF
pass in on $INTIF inet proto icmp from $LAN to any keep state
pass in on $INTIF inet proto udp from $LAN to any keep state
pass in on $INTIF inet proto tcp from $LAN to any modulate state
pass out on $INTIF inet proto icmp from any to $LAN keep state
pass out on $INTIF inet proto udp from any to $LAN keep state
pass out on $INTIF inet proto tcp from any to $LAN modulate state

antispoof log quick for $EXTIF
block in log quick on $EXTIF inet from $NO_ROUTE to any
block return-rst in log quick on $EXTIF proto tcp from any to any port 113
pass in on $EXTIF inet proto icmp all keep state
pass in on $EXTIF inet proto tcp from any to any port 22 flags S/SA modulate state
block out log quick on $EXTIF inet from any to $NO_ROUTE
pass out on $EXTIF inet proto icmp all keep state
pass out on $EXTIF inet proto udp all keep state
pass out on $EXTIF inet proto tcp all modulate state

(end of file)

# pfctl -e -f /etc/pf.conf


################automatic ip in netwerk(DHCP)###############

=> dhcpd already turned on in rc.conf.local (dhcpd_flags="-q rl1")

# vi /etc/dhcpd.conf

(put this in dhcpd.conf)
#/etc/dhcpd.conf

option domain-name "domain-name.nl";
option domain-name-servers 192.168.0.1;
default-lease-time 86400;
max-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.3 192.168.0.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.1;

}

#########berkeley internet name demon#######################
=> this is already on in /etc/rc.conf.local
(named_flags=""; named_user=named; named_chroot=/var/named)
# cd /usr/ports/net/bind9 && make install clean

# cat /etc/resolv.conf | grep bind
(output should be)
lookup file bind
Register to add this FAQ to your archive
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top