newbee neds Firewall help (long)

newbee neds Firewall help (long)

Post by ben » Sat, 01 Sep 2001 09:06:55



::disclamer::
I'm realy sorry because this will sound stupid and i'm sure that many have
answered this question many times. also this is realy long
::question::
I'm using an old P200 with 2 netgear fa310's and OBSD2.9 and i want to be
able to route my cable modem (NAT) and i would like to use DHCP to
autoconfig the boxes on the inside of the firewall, my problem is that dc1
(the NIC to the inside , dc0 is to the cable modem) always tims out butting
boot and i cant get any thing to get a carrier signal to that card, I've
followed the OBSD FAQ and i followed a bunch of HOWTO's that i found, so i
think i have setup correct but i've goofed somewhere please help me. here
are all the files that i edited:

---DMESG---
OpenBSD 2.9 (GENERIC) #653: Sat Apr 28 13:57:59 MDT 2001
    dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: F00F bug workaround installed
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
real mem  = 66695168 (65132K)
avail mem = 56913920 (55580K)
using 839 buffers containing 3436544 bytes (3356K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(ff) BIOS, date 07/01/96, BIOS32 rev. 0 @ 0xf0210
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0200/0xb00
pcibios0: PCI BIOS has 6 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 9 10
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc0000/0x8000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82439HX" rev 0x03
pcib0 at pci0 dev 7 function 0 "Intel 82371SB PCI-ISA" rev 0x01
pciide0 at pci0 dev 7 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel
0 wired to compatibility, channel 1 wired to compatibility
atapiscsi0 at pciide0 channel 0
scsibus0 at atapiscsi0: 2 targets
wd0 at pciide0 channel 0 drive 0: <WDC AC21600H>
wd0: 16-sector PIO, LBA, 1549MB, 3148 cyl, 16 head, 63 sec, 3173184 sectors
pciide0: channel 0 interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
vga1 at pci0 dev 9 function 0 "ATI Mach64 VT" rev 0x40
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
dc0 at pci0 dev 18 function 0 "Lite-On PNIC" rev 0x20: irq 10 address
00:a0:cc:55:ee:b9
bmtphy0 at dc0 phy 1: BCM5201 10/100 media interface, rev. 2
dc1 at pci0 dev 19 function 0 "Lite-On PNIC" rev 0x20: irq 5 address
00:a0:cc:55:cf:40
bmtphy1 at dc1 phy 1: BCM5201 10/100 media interface, rev. 2
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask 4040 netmask 4460 ttymask 4462
pctr: 586-class performance counters and user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
dc1: watchdog timeout

---HOSTNAME.DC1---
inet 192.168.1.1 255.255.255.0 NONE

---IFCONFIG -A ---
lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
 inet6 ::1 prefixlen 128
 inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (10baseT)
 status: active
 inet6 fe80::2a0:ccff:fe55:eeb9%dc0 prefixlen 64 scopeid 0x1
 inet 24.95.88.133 netmask 0xffffff00 broadcast 255.255.255.255
dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (none)
 status: no carrier
 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
 inet6 fe80::2a0:ccff:fe55:cf40%dc1 prefixlen 64 scopeid 0x2
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

---IPNAT.RULES---
# $OpenBSD: ipnat.rules,v 1.2 1999/05/08 16:33:10 jason Exp $
#
# See /usr/share/ipf/nat.1 for examples.
# edit the ipnat= line in /etc/rc.conf to enable Network Address Translation

map dc0 192.168.0.0/24 -> dc0/32 portmap tcp/udp 10000:60000
map dc0 192.168.0.0/24 -> dc0/32

#map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000

---RC.CONF---
#!/bin/sh -
#
# $OpenBSD: rc.conf,v 1.57 2001/04/19 04:00:15 deraadt Exp $

# set these to "NO" to turn them off.  otherwise, they're used as flags
routed_flags=NO  # for normal use: "-q"
mrouted_flags=NO # for normal use: "", if activated
   # be sure to enable multicast_router below.
rarpd_flags=NO  # for normal use: "-a"
bootparamd_flags=NO # for normal use: ""
rbootd_flags=NO  # for normal use: ""
sshd_flags=""  # for normal use: ""
sendmail_flags="-q30m" # for normal use: "-bd -q30m"
smtpfwdd_flags=NO # for normal use: "", and no "-bd" above.
named_flags=NO  # for normal use: ""
rdate_flags=NO  # for normal use: name of RFC868 timeserver
timed_flags=NO  # for normal use: ""
ntpdate_flags=NO # for normal use: NTP server; run before ntpd starts
photurisd_flags=NO # for normal use: ""
isakmpd_flags=NO # for normal use: ""
mopd_flags=NO  # for normal use: "-a"
httpd_flags=NO  # for normal use: "" (or "-DSSL" after reading ssl(8))
apmd_flags=NO  # for normal use: ""
dhcpd_flags="-q" # for normal use: "-q"
rtadvd_flags=NO  # for normal use: list of interfaces
   # be sure to set net.inet6.ip6.forwarding=1
route6d_flags=NO # for normal use: ""
   # be sure to set net.inet6.ip6.forwarding=1
rtsold_flags=NO  # for normal use: interface
   # be sure to set net.inet6.ip6.forwarding=0
   # be sure to set net.inet6.ip6.accept_rtadv=1

# Set to NO if ftpd is running out of inetd
ftpd_flags=NO  # for non-inetd use: "-D"

# Set to NO if identd is running out of inetd
identd_flags=NO  # for non-inetd use: "-b -u nobody -elo"

# On some architectures, you must also disable console getty in /etc/ttys
xdm_flags=NO  # for normal use: ""

# For enabling console mouse support (i386 architecture only)
moused_flags=NO  # for ps/2 try: "-p /dev/psm0", serial: "-p /dev/cua00"

# set the following to "YES" to turn them on
rwhod=NO
nfs_server=NO  # see sysctl.conf for nfs client configuration
lockd=NO
gated=NO
kerberos_server=NO # kerberos server. run 'info kth-krb' for assistance.
kerberos_slave=NO # kerberos slave server.
amd=NO
ipfilter=YES
ipnat=YES  # for "YES" ipfilter must also be "YES"
portmap=YES  # almost always needed
inetd=YES  # almost always needed
lpd=NO   # printing daemons
check_quotas=YES # NO may be desirable in some YP environments
ntpd=YES  # run ntpd if it exists
afs=NO   # mount and run afs

# Multicast routing configuration
# Please look at /etc/netstart for a detailed description if you change
these
multicast_host=NO # Route all multicast packets to a single interface
multicast_router=NO # A multicast routing daemon will be run, e.g. mrouted

# miscellaneous other flags
# only used if the appropriate server is marked YES above
gated_flags=
ypserv_flags=   # E.g. -1 for YP v1, -d for DNS etc
yppasswdd_flags=  # "-d /etc/yp" if passwd files are in /etc/yp
nfsd_flags="-tun 4"  # Crank the 4 for a busy NFS fileserver
amd_dir=/tmp_mnt  # AMD's mount directory
amd_master=/etc/amd/master # AMD 'master' map
ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering
ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation
ipmon_flags=-Ds   # To disable logging, use ipmon_flags=NO
syslogd_flags=   # add more flags, ie. "-u -a /chroot/dev/log"
named_user=named  # Named should not run as root unless necessary
named_chroot=/var/named  # Where to chroot named if not empty
afs_mount_point=/afs  # Mountpoint for AFS
afs_device=/dev/xfs0  # Device used by afsd
afsd_flags=-z   # Flags passed to afsd
shlib_dirs=   # extra directories for ldconfig

local_rcconf="/etc/rc.conf.local"

[ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line

---SYSCTL.CONF---
# $OpenBSD: sysctl.conf,v 1.21 2000/10/23 17:15:47 deraadt Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be
0)
#net.inet.tcp.rfc1323=0  # 0=disable TCP RFC1323 extensions (for if tcp is
slow)
#net.inet.esp.enable=1  # 1=Enable the ESP IPSec protocol
#net.inet.ah.enable=1  # 1=Enable the AH IPSec protocol
#ddb.panic=0   # 0=Do not drop into ddb on a kernel panic
#ddb.console=1   # 1=Permit entry of ddb from the console
#fs.posix.setuid=0  # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=1 # 1=Encrypt pages that go to swap
#vfs.nfs.iothreads=4  # number of nfsio kernel threads
#net.inet.ip.mtudisc=1  # 1=enable tcp mtu discovery
#machdep.allowaperture=2 # See xf86(4)
#machdep.apmwarn=10  # battery % when apm status messages enabled
#machdep.apmhalt=0  # 1=powerdown hack, try if halt -p doesn't work
#machdep.kbdreset=1  # permit console CTRL-ALT-DEL to do a nice halt

---DHCP.CONF---
shared-network HomeMix
{
 option domain-name "columbus.rr.com";
 option domain-name-servers
...

read more »

 
 
 

newbee neds Firewall help (long)

Post by Sean Keplinge » Sat, 01 Sep 2001 23:35:14



> ---HOSTNAME.DC1---
> inet 192.168.1.1 255.255.255.0 NONE
> ---IPNAT.RULES---
> # $OpenBSD: ipnat.rules,v 1.2 1999/05/08 16:33:10 jason Exp $
> #
> # See /usr/share/ipf/nat.1 for examples.
> # edit the ipnat= line in /etc/rc.conf to enable Network Address Translation
> map dc0 192.168.0.0/24 -> dc0/32 portmap tcp/udp 10000:60000
> map dc0 192.168.0.0/24 -> dc0/32

One thing I noticed right off (sorry I didn't read through the rest of
your message) is that your dc0 interface has a 192.168.1.x address and
you're natting for 192.168.0.x. You may want to update your ipnat.rules
like this:

  map dc0 192.168.1.0/24 -> dc0/32 portmap tcp/udp 10000:60000
  map dc0 192.168.1.0/24 -> dc0/32

HTH,
Sean
--
   \___/  Sean Keplinger            
   |o,o|  skeplin at one dot net    
 \/    )  http://w3.one.net/~skeplin
----mm-------------------------------

 
 
 

newbee neds Firewall help (long)

Post by Han » Sat, 01 Sep 2001 23:41:17


[a little snip: question dhcp through firewall]

I think you make a thinko: you think the dhcpserver from your isp should
be the dhcp server for your internal network.  _The firewall_ should be
the dhcp server for your internal network.

Groetjes, Han.
--
For all ya       |\      _,,,---,,_      Business is like riding a
untamed Daemons  /,`.-'`'    -.  ;-;;,_  bicycle. Either you keep moving
OpenBSD 2.9     |,4-  ) )-,_..;\ (  `'-' or you fall down.  John D.
on a i386      '---''(_/--'  `-'\_)      Wright

 
 
 

newbee neds Firewall help (long)

Post by ukkedd » Thu, 31 Jan 2002 06:51:30


make a bridge between the 2 nic.
make a file named bridgename.bridge0 in /etc/ directory
write on it
add dc0
add dc1
up
edit sysctl file:
enable
ipforwarding=yes
ipfilter=yes
inetd=No
/etc/netstart and you'r finished...i hope
ben wrote:
> ::disclamer::
> I'm realy sorry because this will sound stupid and i'm sure that many have
> answered this question many times. also this is realy long
> ::question::
> I'm using an old P200 with 2 netgear fa310's and OBSD2.9 and i want to be
> able to route my cable modem (NAT) and i would like to use DHCP to
> autoconfig the boxes on the inside of the firewall, my problem is that dc1
> (the NIC to the inside , dc0 is to the cable modem) always tims out butting
> boot and i cant get any thing to get a carrier signal to that card, I've
> followed the OBSD FAQ and i followed a bunch of HOWTO's that i found, so i
> think i have setup correct but i've goofed somewhere please help me. here
> are all the files that i edited:

> ---DMESG---
> OpenBSD 2.9 (GENERIC) #653: Sat Apr 28 13:57:59 MDT 2001
>     dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: F00F bug workaround installed
> cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 199 MHz
> cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
> real mem  = 66695168 (65132K)
> avail mem = 56913920 (55580K)
> using 839 buffers containing 3436544 bytes (3356K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(ff) BIOS, date 07/01/96, BIOS32 rev. 0 @ 0xf0210
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> pcibios0 at bios0: rev. 2.1 @ 0xf0200/0xb00
> pcibios0: PCI BIOS has 6 Interrupt Routing table entries
> pcibios0: PCI Exclusive IRQs: 5 9 10
> pcibios0: PCI bus #0 is the last bus
> bios0: ROM list: 0xc0000/0x8000
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82439HX" rev 0x03
> pcib0 at pci0 dev 7 function 0 "Intel 82371SB PCI-ISA" rev 0x01
> pciide0 at pci0 dev 7 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel
> 0 wired to compatibility, channel 1 wired to compatibility
> atapiscsi0 at pciide0 channel 0
> scsibus0 at atapiscsi0: 2 targets
> wd0 at pciide0 channel 0 drive 0: <WDC AC21600H>
> wd0: 16-sector PIO, LBA, 1549MB, 3148 cyl, 16 head, 63 sec, 3173184 sectors
> pciide0: channel 0 interrupting at irq 14
> wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
> pciide0: channel 1 ignored (disabled)
> vga1 at pci0 dev 9 function 0 "ATI Mach64 VT" rev 0x40
> wsdisplay0 at vga1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> dc0 at pci0 dev 18 function 0 "Lite-On PNIC" rev 0x20: irq 10 address
> 00:a0:cc:55:ee:b9
> bmtphy0 at dc0 phy 1: BCM5201 10/100 media interface, rev. 2
> dc1 at pci0 dev 19 function 0 "Lite-On PNIC" rev 0x20: irq 5 address
> 00:a0:cc:55:cf:40
> bmtphy1 at dc1 phy 1: BCM5201 10/100 media interface, rev. 2
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: <PC speaker>
> sysbeep0 at pcppi0
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask 4040 netmask 4460 ttymask 4462
> pctr: 586-class performance counters and user-level cycle counter enabled
> dkcsum: wd0 matched BIOS disk 80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> dc1: watchdog timeout

> ---HOSTNAME.DC1---
> inet 192.168.1.1 255.255.255.0 NONE

> ---IFCONFIG -A ---
> lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
>  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>  inet6 ::1 prefixlen 128
>  inet 127.0.0.1 netmask 0xff000000
> lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
> dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>  media: Ethernet autoselect (10baseT)
>  status: active
>  inet6 fe80::2a0:ccff:fe55:eeb9%dc0 prefixlen 64 scopeid 0x1
>  inet 24.95.88.133 netmask 0xffffff00 broadcast 255.255.255.255
> dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>  media: Ethernet autoselect (none)
>  status: no carrier
>  inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
>  inet6 fe80::2a0:ccff:fe55:cf40%dc1 prefixlen 64 scopeid 0x2
> sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
> sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
> ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
> tun0: flags=10<POINTOPOINT> mtu 3000
> tun1: flags=10<POINTOPOINT> mtu 3000
> enc0: flags=0<> mtu 1536
> bridge0: flags=0<> mtu 1500
> bridge1: flags=0<> mtu 1500
> gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
> gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
> gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
> gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280

> ---IPNAT.RULES---
> # $OpenBSD: ipnat.rules,v 1.2 1999/05/08 16:33:10 jason Exp $
> #
> # See /usr/share/ipf/nat.1 for examples.
> # edit the ipnat= line in /etc/rc.conf to enable Network Address Translation

> map dc0 192.168.0.0/24 -> dc0/32 portmap tcp/udp 10000:60000
> map dc0 192.168.0.0/24 -> dc0/32

> #map ppp0 10.0.0.0/8 -> ppp0/32 portmap tcp/udp 10000:20000

> ---RC.CONF---
> #!/bin/sh -
> #
> # $OpenBSD: rc.conf,v 1.57 2001/04/19 04:00:15 deraadt Exp $

> # set these to "NO" to turn them off.  otherwise, they're used as flags
> routed_flags=NO  # for normal use: "-q"
> mrouted_flags=NO # for normal use: "", if activated
>    # be sure to enable multicast_router below.
> rarpd_flags=NO  # for normal use: "-a"
> bootparamd_flags=NO # for normal use: ""
> rbootd_flags=NO  # for normal use: ""
> sshd_flags=""  # for normal use: ""
> sendmail_flags="-q30m" # for normal use: "-bd -q30m"
> smtpfwdd_flags=NO # for normal use: "", and no "-bd" above.
> named_flags=NO  # for normal use: ""
> rdate_flags=NO  # for normal use: name of RFC868 timeserver
> timed_flags=NO  # for normal use: ""
> ntpdate_flags=NO # for normal use: NTP server; run before ntpd starts
> photurisd_flags=NO # for normal use: ""
> isakmpd_flags=NO # for normal use: ""
> mopd_flags=NO  # for normal use: "-a"
> httpd_flags=NO  # for normal use: "" (or "-DSSL" after reading ssl(8))
> apmd_flags=NO  # for normal use: ""
> dhcpd_flags="-q" # for normal use: "-q"
> rtadvd_flags=NO  # for normal use: list of interfaces
>    # be sure to set net.inet6.ip6.forwarding=1
> route6d_flags=NO # for normal use: ""
>    # be sure to set net.inet6.ip6.forwarding=1
> rtsold_flags=NO  # for normal use: interface
>    # be sure to set net.inet6.ip6.forwarding=0
>    # be sure to set net.inet6.ip6.accept_rtadv=1

> # Set to NO if ftpd is running out of inetd
> ftpd_flags=NO  # for non-inetd use: "-D"

> # Set to NO if identd is running out of inetd
> identd_flags=NO  # for non-inetd use: "-b -u nobody -elo"

> # On some architectures, you must also disable console getty in /etc/ttys
> xdm_flags=NO  # for normal use: ""

> # For enabling console mouse support (i386 architecture only)
> moused_flags=NO  # for ps/2 try: "-p /dev/psm0", serial: "-p /dev/cua00"

> # set the following to "YES" to turn them on
> rwhod=NO
> nfs_server=NO  # see sysctl.conf for nfs client configuration
> lockd=NO
> gated=NO
> kerberos_server=NO # kerberos server. run 'info kth-krb' for assistance.
> kerberos_slave=NO # kerberos slave server.
> amd=NO
> ipfilter=YES
> ipnat=YES  # for "YES" ipfilter must also be "YES"
> portmap=YES  # almost always needed
> inetd=YES  # almost always needed
> lpd=NO   # printing daemons
> check_quotas=YES # NO may be desirable in some YP environments
> ntpd=YES  # run ntpd if it exists
> afs=NO   # mount and run afs

> # Multicast routing configuration
> # Please look at /etc/netstart for a detailed description if you change
> these
> multicast_host=NO # Route all multicast packets to a single interface
> multicast_router=NO # A multicast routing daemon will be run, e.g. mrouted

> # miscellaneous other flags
> # only used if the appropriate server is marked YES above
> gated_flags=
> ypserv_flags=   # E.g. -1 for YP v1, -d for DNS etc
> yppasswdd_flags=  # "-d /etc/yp" if passwd files are in /etc/yp
> nfsd_flags="-tun 4"  # Crank the 4 for a busy NFS fileserver
> amd_dir=/tmp_mnt  # AMD's mount directory
> amd_master=/etc/amd/master # AMD 'master' map
> ipfilter_rules=/etc/ipf.rules # Rules for IP packet filtering
> ipnat_rules=/etc/ipnat.rules # Rules for Network Address Translation
> ipmon_flags=-Ds   # To disable logging, use ipmon_flags=NO
> syslogd_flags=   # add more flags, ie. "-u -a /chroot/dev/log"
> named_user=named  # Named should not run as root unless necessary
> named_chroot=/var/named  # Where to chroot named if not empty
> afs_mount_point=/afs  # Mountpoint for AFS
> afs_device=/dev/xfs0  # Device used by afsd
> afsd_flags=-z   # Flags passed to afsd
> shlib_dirs=   # extra directories for ldconfig

> local_rcconf="/etc/rc.conf.local"

> [ -f ${local_rcconf} ] && . ${local_rcconf} # Do not edit this line

> ---SYSCTL.CONF---
> # $OpenBSD: sysctl.conf,v 1.21 2000/10/23 17:15:47 deraadt Exp $
> #
> # This file contains a list of sysctl options the user wants set at
> # boot time.  See sysctl(3) and sysctl(8) for more information on
> # the many available variables.
> #
> net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
> #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
> #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be
> 0)
> #net.inet.tcp.rfc1323=0  # 0=disable TCP RFC1323 extensions (for if tcp is
> slow)
> #net.inet.esp.enable=1  # 1=Enable the ESP IPSec protocol
> #net.inet.ah.enable=1  # 1=Enable the AH IPSec protocol
> #ddb.panic=0   # 0=Do not drop

...

read more »

 
 
 

1. student neds help ???

I'm new to unix Redhat Linux 6.0(bash shell) . I have a simple request. I
have a brain block
on a question that states
write a script file that sums numbers passed to it as arguments on the
command line & displays the results . Need to use the  "for" loop
constructs. User would enter 10  20 30 & the result would show 10 + 20 + 30
= 60. I've got it half way working but not correctly  thanks n advance,gg

2. Info Interview: Unix Sys Admin

3. Linux installation newbie neds HELP :)

4. ls on a ftp server

5. Redhat 5.0 Installing with NT 4.0, Win 95 Partition Table Problems

6. ***Newbee*** Need advice on Firewall (one more time)

7. Solaris trainer needed

8. ***Newbee*** Need advice on Firewall

9. long long & long double types in Linux GCC

10. RH7.2 2.4.X off_t: long or long long?

11. Linux has a long, long, long way to go

12. Mothra, Mon! Firewall script troubleshooting (long)