Hi all . i add some .
USB memory only 2GB running openbsd works as dhcpd + nat . namely sd1 at scsibus2 targ 1 lun 0: <TDKMedia, Trans-It Drive, PMAP> SCSI0 0/direct removable serial.1d0d0211078C0D1310DE sd1: 1900MB, 512 bytes/sector, 3891200 sectors root on sd1a (4ef3e82a493a09dc.a) swap on sd1b dump on sd1b # df Filesystem 512-blocks Used Avail Capacity Mounted on /dev/sd1a 3697340 481116 3031360 14% / and original pf.conf + match out on rum0 from !rum0:network to any nat-to (rum0) can nat . it is very convinient to remember. later think deeply , and rewrite pf.conf. sorry , I abbrebiate 1 point . cat /etc/rc.conf.local dhcpd_flags="" #NO # for normal use: "" cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.53 2014/01/25 10:28:36 dtucker Exp $ set skip on lo block return # block stateless traffic pass # establish keep-state ####################### match out on rum0 from !rum0:network to any nat-to (rum0) ####################### # rum0 is firewall's ext_if # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 # pfctl -ss all tcp 192.168.11.1:22 <- 192.168.11.3:35074 ESTABLISHED:ESTABLISHED all udp 192.168.11.255:631 <- 192.168.11.3:631 NO_TRAFFIC:SINGLE # pfctl -sr block return all pass all flags S/SA match out on rum0 inet from ! 192.168.100.0/24 to any nat-to (rum0) round-robin block return in on ! lo0 proto tcp from any to any port 6000:6010 In linux I pkg_add udhcpd , and iptables is too complex to deal with . So ,openbssd is greeat . ------------------------- Bye . tuyosi takesima . http://openbsd-akita.blogspot.jp/2014/06/openbsad-runs-on-usb-memory-no-need-hdd.html