[TCLUG] Re: [TCLUG:23781] OpenBSD won't install.

Wed Nov 15 11:23:16 CST 2000

On Wed, Nov 15, 2000 at 10:26:14AM -0600, jeffr at odeon.net wrote:
> On Wed, 15 Nov 2000 dopp at acm.cs.umn.edu wrote:
> 
> > Well, this isn't a BSD list, but I'll reply anyway in the hopes this may
> > help others as well. :)
> 
> [snip]
> 
> 	Thanks, much appreciated.  If I can't make some progress on it
> 	I'm planning on posting to the OpenBSD mailing list, once I finish
> 	re-reading everything I can get my hands on that might be
> 	relevant.
> 
> > No, nothing to do with your routing tables, AFAIK.  If you want any traffic
> > to get routed to your "live" NIC, you need to setup NAT to send the traffic
> > over to that NIC.  Just like you setup NAT for route from your 10.0.0.0
> > network to your live NIC, you'll need to setup NAT to route your DMZ
> > traffic to your live NIC.  I haven't done this personally, but it seems
> > this would be the only way to do it.
> 
> [snip]
> 
> 	Ahh, I hadn't considered that I might need to do NAT for the DMZ.
> 
> > rtfm route
> 
> [snip
> 
> 	Believe me, I have been, and will continue to do so.
> 
> > Yes, it's an amazing book.  I believe they have an example with a network
> > that is much like yours.  Did you look at that?
> 
> 	You betcha.  I've read that book front to back several times
> 	now.  It's a great reference.  They also mention some example IPF
> 	scripts on their companion website that should be just about
> 	exactly what I'm looking for, but the website seems to no longer
> 	be current (I could find examples dealing with two NIC cards, but
> 	not with three, but I'll continue searching, it was getting very
> 	late when I was out there looking the other night).
> 
> > Gabe
> 
> 	Jeff
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
> For additional commands, e-mail: tclug-list-help at mn-linux.org

Don't forget to enable port forwarding:
net.inet.ip.forwarding=1 in /etc/sysctl.conf

Also, since OpenBSD picks interface names by the card type can you reorder
by card type?  or do all the 3coms show up the same (I've only messed with
m68k stuff)?

I was pondering getting the Building Firewalls... book but I was short on 
cash.  I've used the FAQ on the OpenBSD site quite a bit. 

There is also an ipf howto as well.
http://www.obfuscation.org/ipf/

It's mostly ipf stuff, but it might help.