divzeroweb

2f30.org website
git clone git://git.2f30.org/divzeroweb
Log | Files | Refs | README | LICENSE
commit f4a2720cd543e2b8ce7d0e9321bcef9cafce90bb
parent 7d2994583e0f862b809e46a06b1ec37c57bf812a
Author: sin <sin@2f30.org>
Date:   Tue, 15 Mar 2016 14:03:32 +0000

Minor changes based on quinq's feedback

Diffstat:

Mguides/openbsd-gateway.md | 14+++++---------


1 file changed, 5 insertions(+), 9 deletions(-)

diff --git a/guides/openbsd-gateway.md b/guides/openbsd-gateway.md
@@ -10,12 +10,12 @@ In this tutorial, I will walk you through my gateway configuration.
 My router is a [Shuttle XH81V](http://www.shuttle.eu/products/slim/xh81v/).  It has two Realtek
 NICs.
 
-I have a single physical subnet, 10.0.0.0/24.
+I have a single local subnet, 10.0.0.0/24.
 
 Because of lack of additional NICs or a [VLAN](https://en.wikipedia.org/wiki/Virtual_LAN) capable switch,
 there is no [DMZ](https://en.wikipedia.org/wiki/DMZ_%28computing%29).
 To avoid exposing many services to the outside, I typically use ssh tunneling or a VPN
-to access the services on the inside.
+to access local services behind the gateway.
 
 I have a dedicated server hosted in a DC.  I use [tinc](http://www.tinc-vpn.org/) in a bridged mode
 configuration to make the server appear on my main subnet.  This way, I can access the server transparently even on
@@ -84,7 +84,8 @@ Fore more information, check the [pf.conf(5)](http://www.openbsd.org/cgi-bin/man
 	inet 10.0.0.1 255.255.255.0 10.0.0.255
 	up
 
-Reboot the router.
+Reboot the router.  This isn't required but it is a good idea to test that your changes
+are correctly set after a fresh boot.
 
 ### DHCP server configuration
 
@@ -221,7 +222,7 @@ Restart dhcpd and tftpd:
 
 Use crontab -e as root to add a new job as follows:
 
-	15 10 * * * /usr/bin/ftp -o /tftpboot/bsd.rd ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd 1>/dev/null
+	15 10 * * * /usr/bin/ftp -o /tftpboot/bsd.rd http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/bsd.rd 1>/dev/null
 
 It will download bsd.rd once a day at 10:15 in the morning.
 
@@ -257,11 +258,6 @@ This will add an IPv6 alias on your router's internal interface.
 	pass in on egress inet proto 41 from <their-ipv4-endpoint> to (egress)
 	pass in on gif0 inet6
 
-#### /etc/rtadvd.conf
-
-	re1:\
-	        :addrs#1:addr="2001:XXXX:XXXX:XXXX::":prefixlen#64:
-
 Update /etc/rc.conf.local:
 
 	rtadvd_flags="re1"