×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

INSTALLATION

Howto make an after installation? by OpenBsdRulez
Posted: 20 Sep 03

##########################ip forwarding ####################
vi /etc/sysctl.conf
(change here)
#net.inet.ip.forwarding=0
(in)
net.inet.ip.forwarding=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535


#########################ssh inlog config ##################

vi /etc/ssh/sshd_config
(change here)
#Port 22PermitRootLogin no
#Port 22
#Protocol 2,1
#PermitRootLogin yes
(in)
PermitRootLogin no
Port 22PermitRootLogin no
Port 22
Protocol 2,1

#####################add wheel group users #################
vi /etc/group
(change here)
wheel:*:0:root
(in)
wheel:*:0:root,user1,user2


####################make some sudoers ######################
vi /etc/sudoers
(change here)
root    ALL=(ALL) ALL
(in)
root    ALL=(ALL) ALL
user1   ALL=(ALL) ALL
user2   ALL=(ALL) ALL


##################### rc.config deamons ####################
 
# vi /etc/rc.conf.local
 
(put this in rc.conf.local)
sendmail_flags="-L sm-mta -bd -q30m"
inetd=NO
dhcpd_flags="-q rl1"
smbd=YES
nmbd=YES
httpd_flags=""
named_flags=""
named_user=named
named_chroot=/var/named
sshd_flags=""
check_quotas=YES
ntpd=NO
pf=YES

(end of file)


########################firewall############################
# vi /etc/pf.conf
 
(put this in pf.conf)

#/etc/pf.conf OpenBSD

#declarations
EXTIF="rl0"
INTIF="rl1"
LOCALIF="lo0"
LAN="192.168.0.0/24"
NO_ROUTE="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"

#section options
set loginterface $EXTIF
set limit { states 10000, frags 10000 }
set optimization normal

#section scrub
scrub in all

#section NAT
nat on $EXTIF from 192.168.0.0/24 to any -> $EXTIF

#section filter
block log all
pass on $LOCALIF all

antispoof log quick for $INTIF
pass in on $INTIF inet proto icmp from $LAN to any keep state
pass in on $INTIF inet proto udp from $LAN to any keep state
pass in on $INTIF inet proto tcp from $LAN to any modulate state
pass out on $INTIF inet proto icmp from any to $LAN keep state
pass out on $INTIF inet proto udp from any to $LAN keep state
pass out on $INTIF inet proto tcp from any to $LAN modulate state

antispoof log quick for $EXTIF
block in log quick on $EXTIF inet from $NO_ROUTE to any
block return-rst in log quick on $EXTIF proto tcp from any to any port 113
pass in on $EXTIF inet proto icmp all keep state
pass in on $EXTIF inet proto tcp from any to any port 22 flags S/SA modulate state
block out log quick on $EXTIF inet from any to $NO_ROUTE
pass out on $EXTIF inet proto icmp all keep state
pass out on $EXTIF inet proto udp all keep state
pass out on $EXTIF inet proto tcp all modulate state

(end of file)

# pfctl -e -f /etc/pf.conf
 
 
################automatic ip in netwerk(DHCP)###############

=>  dhcpd already turned on in rc.conf.local (dhcpd_flags="-q rl1")

# vi /etc/dhcpd.conf
 
(put this in dhcpd.conf)
#/etc/dhcpd.conf

option domain-name "domain-name.nl";
option domain-name-servers 192.168.0.1;
default-lease-time 86400;
max-lease-time 86400;

subnet 192.168.0.0 netmask 255.255.255.0 {
   range 192.168.0.3 192.168.0.254;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.0.255;
   option routers 192.168.0.1;

   }

#########berkeley internet name demon#######################
=> this is already on in /etc/rc.conf.local
(named_flags=""; named_user=named; named_chroot=/var/named)
# cd /usr/ports/net/bind9 && make install clean

# cat /etc/resolv.conf | grep bind
(output should be)
lookup file bind

Back to Linux (server) FAQ Index
Back to Linux (server) Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close