Mostaf Faridi <mostafafaridi () gmail ! com> wrote:
> I want migrate from FreeBSD to OpenBSD , yesterday I install OpenBSD 5
> amd64 and run samba server with OpenBSD and it work good . In first step I
> run samba server with OpenBSD , and after this I want run NAT server with
> OpenBSD .
Great.
> And for start I want understand , is my PF.conf work in OpenBSD
> or no ?
No.
Next question ...
What's the best way to get from there to OpenBSD 5.0 pf.conf?
Start from scratch.
If you can do all the other things (install, samba, etcetera) you can
start writing a pf.conf from scratch.
You should be writing one for the Samba server ... so you should look
upon this as an essential skill.
Besides, if somebody moves the network in the future (add a few
machines maybe) what will you do?
Follow the dots.
Get the pf.conf man page ...
Work out your macros ...
Hint, that's all the stuff from the old pf.conf with an "=".
Another hint, this is the entire macro text as it applies to you:
Macros can be defined that will later be expanded in context. Macro
names must start with a letter, and may contain letters, digits and
underscores. Macro names may not be reserved words (for example pass,
in, out). Macros are not expanded inside quotes.
For example:
ext_if = "kue0"
all_ifs = "{" $ext_if lo0 "}"
pass out on $ext_if from any to any
pass in on $ext_if proto tcp from any to any port 25
Next hint, the only difficult bit about that is "Macros are not
expanded inside quotes." and the use of quotes inside the braces ...
The $ should help you work that out.
Happy hint, that's half your work done in five minutes by copying and
pasting from your old pf.conf ...
In this case it's okay if you follow the dots - read the man page, if
it's the same syntax then it's the same syntax.
Work out your OPTIONS ...
Keep it really simple, for example in your old pf.conf you load
fingerprints but don't appear to use them.
Hint, you probably don't need any options at all to start (i.e.
default will be fine).
Do you understand your timeouts and limit? If not, don't use them.
Work out your TABLES ...
Or better yet don't use them until you have a working NAT system.
Hint, as near as I can tell ... you're not using any of the tables in
your pf.conf ...
Check that and then ... get rid of them.
Read the small section in the man page on "Translation" under PACKET
FILTERING - its a few pages down.
Look at the EXAMPLES for some ideas.
Write one NAT rule and one RDR rule, using your macros.
If you get stuck go here:
http://www.openbsd.org/faq/pf/nat.html#config
http://www.openbsd.org/faq/pf/rdr.html#filter
If you're still stuck go here:
http://www.openbsd.org/faq/pf/example1.html
Bear in mind that parts of the PF FAQ might be still in 4.9 and you want 5.0 ...
Someone else should be able to answer that but ... the man page will
give you an answer.
Once you've got that worked out ...
Do NAT and RDR for all your other macros ...
Test.
Then worry about all the other stuff.
If you can install and use OpenBSD you can learn pf or at least if you
won't learn pf you shouldn't be installing and using OpenBSD at least
not in a packet filtering role. :]
> I hate Windows OS , and want only run all of my servers with BSD, specially
> OpenBSD.
I only want my servers to run OpenBSD but I'm happy to use Windows on
the desktop.
Best wishes.
