Hi,all.
I was able to do it thanks to the instruction of misc all
.I report it.
In addition , this openBSD is running on USB memory only .
sd1 at scsibus2 targ 1 lun 0: <JetFlash, Transcend 32GB, 1100> SCSI4
0/direct removable serial.85641000CE38A0VNSTPO
sd1: 30944MB, 512 bytes/sector, 63373312 sectors
OpenBSD
-------------------------------------------
more /etc/sysctl.conf
# $OpenBSD: sysctl.conf,v 1.54 2012/09/20 12:51:43 yasuoka Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time. See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
cat /etc/hostname.rum0
#ext_if
dhcp nwid URoad-662EA0 wpakey 04271
cat /etc/hostname.bge0
#int_if
inet 192.168.11.1 255.255.255.0 NONE
cat /etc/dhcpd.interfaces
bge0
cat /etc/dhcpd.conf
option domain-name-servers 192.168.100.254 ;
subnet 192.168.11.0 netmask 255.255.255.0 {
option routers 192.168.11.1;
range 192.168.11.10 192.168.11.11;
}
cat /etc/pf.conf
# macros
int_if="bge0"
ext_if="rum0"
tcp_services="{ 22, 113 }"
icmp_types="echoreq"
# options
set block-policy return
set loginterface egress
set skip on lo
# FTP Proxy rules
anchor "ftp-proxy/*"
pass in quick on $int_if inet proto tcp to any port ftp divert-to
127.0.0.1 port 8021
# match rules
match out on $ext_if inet from !($ext_if:network) to any nat-to ($ext_if:0)
# filter rules
block in log
pass out quick
antispoof quick for { lo $int_if }
pass in on egress inet proto tcp from any to (egress) \
port $tcp_services
pass in inet proto icmp all icmp-type $icmp_types
pass in on $int_if
pfctl -ss
all tcp 192.168.11.1:22 <- 192.168.11.10:34071 ESTABLISHED:ESTABLISHED
all udp 192.168.11.255:631 <- 192.168.11.10:631 NO_TRAFFIC:SINGLE
pfctl -sr
anchor "ftp-proxy/*" all
pass in quick on bge0 inet proto tcp from any to any port = 21 flags
S/SA divert-to 127.0.0.1 port 8021
match out on rum0 inet from ! (rum0:network) to any nat-to (rum0:0)
block return in log all
pass out quick all flags S/SA
block drop in quick on ! lo inet6 from ::1 to any
block drop in quick on ! lo inet from 127.0.0.0/8 to any
block drop in quick inet from 127.0.0.1 to any
block drop in quick on ! bge0 inet from 192.168.11.0/24 to any
block drop in quick inet from 192.168.11.1 to any
block drop in quick inet6 from ::1 to any
block drop in quick on lo0 inet6 from fe80::1 to any
block drop in quick on bge0 inet6 from fe80::21e:c9ff:fe05:78fc to any
pass in on egress inet proto tcp from any to (egress) port = 22 flags S/SA
pass in on egress inet proto tcp from any to (egress) port = 113 flags S/SA
pass in inet proto icmp all icmp-type echoreq
pass in on bge0 all flags S/SA
puppy linux (dhcp client)
-------------------------------------------
fconfig -a
eth0 Link encap:Ethernet HWaddr 00:00:39:E3:38:99
inet addr:192.168.11.10 Bcast:192.168.11.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1711 errors:0 dropped:0 overruns:0 frame:0
TX packets:1990 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1103913 (1.0 MiB) TX bytes:313349 (306.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
cat /etc/resolv.conf
# Generated by dhcpcd for interface eth0
nameserver 192.168.100.254 (wifi router's addreee)
ping www.openbsd.org
PING www.openbsd.org (129.128.5.194): 56 data bytes
64 bytes from 129.128.5.194: seq=0 ttl=227 time=311.753 ms
64 bytes from 129.128.5.194: seq=1 ttl=227 time=312.358 ms
^C
--- www.openbsd.org ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 311.753/312.055/312.358 ms
route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.11.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.11.1 0.0.0.0 UG 0 0 0 eth0
THANKS! THANKS!
----------------------------------
tuyosi takesima
