OpenBSD でルーター作るメモ
目標
WAN/LAN/DMZ の3つの network に接続する
NTP/DHCP 辺りもやってもらう
/は read-only
Install
普通に。
一度普通に boot させてあれこれ初期化処理を実行させる。
Boot into single user mode
boot> boot -s
....
Enter pathname of shell or RETURN for sh: /bin/ksh
# mount -u -o rw /
/ を read-only に
# cp -Rp /dev /.dev
# mv /var /.var
# mkdir /var
# vi /etc/fstab
/dev/wd0a / ffs ro 1 1
swap /var mfs rw,-s=96000,-P=/.var 0 0
swap /dev mfs rw,-s=32000,-P=/.dev 0 0
swap /tmp mfs rw,noexec,nodev,nosuid,-s=64000 0 0
# mount /var
Network 設定
# ( umask 0037; echo "up" > /etc/hostname.em0 )
# ( umask 0037; echo "inet 192.168.0.1 255.255.255.0 NONE" > /etc/hostname.em1 )
# ( umask 0037; echo "inet 192.168.10.1 255.255.255.0 NONE" > /etc/hostname.em2 )
# ( umask 0037; cat > /etc/hostname.pppoe0 <<EOF )
> inet 0.0.0.0 255.255.255.255 NONE \
> pppoedev em0 authproto chap \
> authname '****' authkey '****' up
> dest 0.0.0.1
> !/sbin/route add default -ifp pppoe0 0.0.0.1
> EOF
# [ -f /etc/mygate ] && rm /etc/mygate
# vi /etc/sysctl.conf
"net.inet.ip.forwarding=1" のコメントを外す
Firewall 設定
# vi /etc/pf.conf
*TODO*
DNS 設定
# vi /.var/named/etc/named.conf
"listen-on { 127.0.0.1; 192.168.0.1; 192.168.10.1; };" に書き換え
# echo 'named_flags=""' >> /etc/rc.conf.local
# echo "nameserver 127.0.0.1" > /etc/resolv.conf
NTP 設定
# vi /etc/ntp.conf
...
listen on 127.0.0.1
listen on 192.168.0.1
listen on 192.168.10.1
...
servers "好きな ntp server"
# echo 'ntpd_flags=""' >> /etc/rc.conf.local
DHCP 設定
# vi /etc/dhcpd.conf
...
option domain-name-servers 192.168.0.1;
...
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
後はお好みで
...
# echo 'dhcpd_flags=""' >> /etc/rc.conf.local
その他
# vi /home/admin/.ssh/authorized_keys
# visudo
# vi /etc/hosts
最後
# reboot && sacrifice a goat && pray