Hitchhiker's Guide to Openbsd
- How do I filter and firewall with OpenBSD?
Download 1.27 Mb. Pdf ko'rish
|
obsd-faq49
- Bu sahifa navigatsiya:
- PF Users Guide . 6.4 - Dynamic Host Configuration Protocol (DHCP)
- 6.4.1 - DHCP Client
|
6.3 - How do I filter and firewall with OpenBSD?
Packet Filter (from here on referred to as PF) is OpenBSD's system for filtering IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning IP traffic and providing bandwidth control and packet prioritization, and can be used to create powerful and flexible firewalls. It is described in the PF User's Guide . 6.4 - Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol is a way to configure network interfaces "automatically". OpenBSD can be a DHCP server (configuring other machines), a DHCP client (configured by another machine), and in some cases, can be both. 6.4.1 - DHCP Client To use the DHCP client dhclient(8) included with OpenBSD, edit /etc/hostname.xl0 (this is assuming your main Ethernet interface is xl0. Yours might be ep0 or fxp0 or something else.) All you need to put in this hostname file is ' dhcp ': http://www.openbsd.org/faq/faq6.html (9 of 33)9/4/2011 10:02:06 AM 6 - Networking # echo dhcp > /etc/hostname.xl0 This will cause OpenBSD to automatically start the DHCP client on boot. OpenBSD will gather its IP address, default gateway, and DNS servers from the DHCP server. If you want to start a DHCP client from the command line, make sure /etc/dhclient.conf exists, then try: # dhclient fxp0 Where fxp0 is the interface on which you want to receive DHCP. No matter how you start the DHCP client, you can edit the /etc/dhclient.conf file to not update your DNS according to the dhcp server's idea of DNS by first uncommenting the 'request' lines in it (they are examples of the default settings, but you need to uncomment them to override dhclient's defaults.) request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name, lpr- servers, ntp-servers; and then remove domain-name-servers . Of course, you may want to remove host-name , or other settings too. By changing options in your dhclient.conf(5) file, you're telling the DHCP client how to build your resolv.conf(5) file. The DHCP client overrides any information you already have in resolv.conf(5) with the information it retrieves from the DHCP server. Therefore, you'll lose any changes you made manually to resolv.conf. There are two mechanisms available to prevent this: ● OPTION MODIFIERS (default, supersede, prepend, and append) allow you to override any of the options in dhclient.conf(5). ● resolv.conf.tail(5) allows you to append anything you want to the resolv.conf(5) file created by dhclient(8). An example would be if you're using DHCP but you want to append lookup file bind to the resolv.conf(5) created by dhclient(8). There is no option for this in dhclient.conf so you must use resolv.conf.tail to preserve this. http://www.openbsd.org/faq/faq6.html (10 of 33)9/4/2011 10:02:06 AM 6 - Networking # echo "lookup file bind" > /etc/resolv.conf.tail Now your resolv.conf(5) should include "lookup file bind" at the end. nameserver 192.168.1.1 nameserver 192.168.1.2 lookup file bind Download 1.27 Mb. Do'stlaringiz bilan baham: 
|