1. ADSL 拨号上网
2. 用Named做DNS cache
3. 有需要可编辑/etc/dhcpd.conf 启动dhcp服务,这样局域网电脑就能自动获取ip上网了。
参看
http://www.openbsd.org/faq/pf/example1.html
/etc/sysctl.conf增加
net.inet.ip.forwarding=1
/etc/rc.conf.local
代码: 全选
ntpd_flags=""
named_flags=""
代码: 全选
acl clients {
localnets;
::1;
};
options {
version ""; // remove this to allow version queries
forward only;
forwarders { 114.114.114.114; 8.8.8.8; };
max-cache-size 2097152; //not sure, optional.
listen-on { any; };
listen-on-v6 { any; };
empty-zones-enable yes;
allow-recursion { clients; };
};
logging {
category lame-servers { null; };
};
代码: 全选
# increase default state limit from 10'000 states on busy systems
#set limit states 100000
int_if="em0" ###修改为内网网卡
set skip on lo
match out on tun0 inet from !(tun0:network) to any nat-to (tun0:0)
block in
pass out quick
antispoof quick for { lo $int_if }
pass in on $int_if
# By default, do not permit remote connections to X11
block in on ! lo0 proto tcp to port 6000:6010
/etc/ppp/ppp.conf ###这里有2g/3g 中国移动/联通/电信 ADSL的 上网配置
代码: 全选
###start(dial):ppp -auto chinatelcom, stop(disconnect):pkill ppp
###(c) f5b
default:
set log Phase Chat LCP IPCP CCP tun command
### chinatelcom, cdma 3g ok.
chinatelcom:
set device /dev/cuaU0
set speed 1843200
set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
set phone "#777"
set login
set authname [email protected]
set authkey vnet.mobi
set timeout 120
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
### chinamobile, 2g only
chinamobile:
set device /dev/cuaU0
set dial "ABORT ERROR ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" ATZ OK-ATZ-OK AT+CGDCONT=1,\\\"IP\\\",\\\"cmnet\\\" OK \\dATD\\T TIMEOUT 40 CONNECT"
set phone "*99#"
set speed 460800
set login
set timeout 0
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
### chinaunicom, 3g only
chinaunicom:
set device /dev/cuaU0
set dial "ABORT ERROR ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
\"\" ATZ OK-ATZ-OK AT+CGDCONT=1,\\\"IP\\\",\\\"3gnet\\\" OK \\dATD\\T TIMEOUT 40 CONNECT"
set phone "*99#"
set speed 7200000
set login
set timeout 0
set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
add default HISADDR
enable dns
### China Telecom ADSL only, change bge0 to interface name connected to modem, change authname & authkey according.
adsl:
set device "!/usr/sbin/pppoe -i bge0"
set mtu max 1492
set mru max 1492
set speed sync
disable acfcomp protocomp
deny acfcomp
set authname [email protected]
set authkey 12345
enable lqr
enable mssfixup
enable dns
add! default HISADDR
