Skip to content

Instantly share code, notes, and snippets.

@samebchase

samebchase/gist:992abe77819f6b46cd694e6ca496b9cb Secret

Last active July 21, 2021 20:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save samebchase/992abe77819f6b46cd694e6ca496b9cb to your computer and use it in GitHub Desktop.
Save samebchase/992abe77819f6b46cd694e6ca496b9cb to your computer and use it in GitHub Desktop.
Download ZIP
OpenBSD configs
Raw
gistfile1.md

OpenBSD host

> ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
        index 4 priority 0 llprio 3
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
iwx0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        lladdr ac:12:03:3d:44:f1
        index 1 priority 4 llprio 3
        groups: wlan egress
        media: IEEE802.11 autoselect (HT-MCS14 mode 11n)
        status: active
        ieee80211: nwid Isengard chan 2 bssid c0:c9:e3:59:30:3c 79% wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher tkip
        inet 192.168.0.159 netmask 0xffffff00 broadcast 192.168.0.255
rge0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
        lladdr 2c:f0:5d:86:0f:5f
        index 2 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: no carrier
        inet 192.168.0.160 netmask 0xffffff00 broadcast 192.168.0.255
enc0: flags=0<>
        index 3 priority 0 llprio 3
        groups: enc
        status: active
bridge0: flags=41<UP,RUNNING>
        description: switch5-uplink
        index 5 llprio 3
        groups: bridge
        priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
        rge0 flags=3<LEARNING,DISCOVER>
                port 2 ifpriority 0 ifcost 0
        iwx0 flags=3<LEARNING,DISCOVER>
                port 1 ifpriority 0 ifcost 0
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
        index 6 priority 0 llprio 3
        groups: pflog
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr fe:e1:ba:da:98:3e
        description: vm1-if0-nixos
        index 17 priority 0 llprio 3
        groups: tap
        status: active
        inet 100.64.1.2 netmask 0xfffffffe

pf.conf

#       $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

set skip on lo

block return    # block stateless traffic
pass            # establish keep-state

# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

# Port build user does not need network
block return out log proto {tcp udp} user _pbuild

match out on egress from 100.64.0.0/10 to any nat-to (egress)
pass in proto { udp tcp } from 100.64.0.0/10 to any port domain \
        rdr-to 192.168.0.1 port domain

ping

> ping 100.64.1.3
PING 100.64.1.3 (100.64.1.3): 56 data bytes
64 bytes from 100.64.1.3: icmp_seq=0 ttl=64 time=0.134 ms
64 bytes from 100.64.1.3: icmp_seq=1 ttl=64 time=0.204 ms
64 bytes from 100.64.1.3: icmp_seq=2 ttl=64 time=0.191 ms
^C
--- 100.64.1.3 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.134/0.176/0.204/0.030 ms

NixOS VM

ping

[nixos@nixos:~]$ ping 100.64.1.2
PING 100.64.1.2 (100.64.1.2) 56(84) bytes of data.
64 bytes from 100.64.1.2: icmp_seq=1 ttl=255 time=1.00 ms
^C
--- 100.64.1.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.000/1.000/1.000/0.000 ms

resolv.conf

[nixos@nixos:~]$ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 100.64.1.2
options edns0

curl

[nixos@nixos:~]$ sudo route add -net default gw 100.64.1.2
SIOCADDRT: File exists

[nixos@nixos:~]$ ping google.com
ping: google.com: Name or service not known
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment