commit f4a2720cd543e2b8ce7d0e9321bcef9cafce90bb parent 7d2994583e0f862b809e46a06b1ec37c57bf812a Author: sin <email@example.com> Date: Tue Mar 15 14:03:32 +0000 Minor changes based on quinq's feedback Diffstat:
diff --git a/guides/openbsd-gateway.md b/guides/openbsd-gateway.md @@ -10,12 +10,12 @@ In this tutorial, I will walk you through my gateway configuration. My router is a [Shuttle XH81V](http://www.shuttle.eu/products/slim/xh81v/). It has two Realtek NICs. -I have a single physical subnet, 10.0.0.0/24. +I have a single local subnet, 10.0.0.0/24. Because of lack of additional NICs or a [VLAN](https://en.wikipedia.org/wiki/Virtual_LAN) capable switch, there is no [DMZ](https://en.wikipedia.org/wiki/DMZ_%28computing%29). To avoid exposing many services to the outside, I typically use ssh tunneling or a VPN -to access the services on the inside. +to access local services behind the gateway. I have a dedicated server hosted in a DC. I use [tinc](http://www.tinc-vpn.org/) in a bridged mode configuration to make the server appear on my main subnet. This way, I can access the server transparently even on @@ -84,7 +84,8 @@ Fore more information, check the [pf.conf(5)](http://www.openbsd.org/cgi-bin/man inet 10.0.0.1 255.255.255.0 10.0.0.255 up -Reboot the router. +Reboot the router. This isn't required but it is a good idea to test that your changes +are correctly set after a fresh boot. ### DHCP server configuration @@ -221,7 +222,7 @@ Restart dhcpd and tftpd: Use crontab -e as root to add a new job as follows: - 15 10 * * * /usr/bin/ftp -o /tftpboot/bsd.rd ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd 1>/dev/null + 15 10 * * * /usr/bin/ftp -o /tftpboot/bsd.rd http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd 1>/dev/null It will download bsd.rd once a day at 10:15 in the morning. @@ -257,11 +258,6 @@ This will add an IPv6 alias on your router's internal interface. pass in on egress inet proto 41 from <their-ipv4-endpoint> to (egress) pass in on gif0 inet6 -#### /etc/rtadvd.conf - - re1:\ - :addrs#1:addr="2001:XXXX:XXXX:XXXX::":prefixlen#64: - Update /etc/rc.conf.local: rtadvd_flags="re1"