Package Filter1， 打开转发功能, 编辑/etc/sysctl.conf, 将net.inet.ip.forwarding=1前面的注释符号 # 去掉。2， 编辑/etc/rc.conf， 打开PF， pf=YES。3， 编辑/etc/pf.conf， 设置规则链。我的pf.conf规则链还没设置好， 这里就先贴我现在写的pf.conf， 私网中的机器已可以上网了。Gate-OpenBSD# cat pf.conf# $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $## See pf.conf(5) and /usr/share/pf for syntax and examples.# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1# in /etc/sysctl.conf if packets are to be forwarded between interfaces.ext_if="ne3"int_if="dc0"tcp_services="{21, 22, 53, 67, 68, 80, 113, 443}"udp_services="{22, 53, 68}"icmp_types="echoreq"lan_net="192.168.1.0/24"scrub in allnat on $ext_if from !($ext_if) to any -> ($ext_if:0)block log allpass quick on lo0 allantispoof for { lo $int_if $ext_if } inetpass in on $ext_if inet proto tcp from any to $ext_if port ssh flags S/SA keep statepass in on $int_if inet proto tcp from $lan_net to $int_if port ssh flags S/SA keep statepass in on $int_if from $lan_net to anypass out on $int_if from any to $lan_netpass out on $ext_if proto tcp from any to any port $tcp_services keep statepass out on $ext_if proto udp from any to any port $udp_services keep statepass in on $int_if proto tcp from any to any port $tcp_services keep statepass in on $int_if proto udp from any to any port $udp_services keep statepass in inet proto icmp all icmp-type $icmp_types keep statepass out inet proto icmp all icmp-type $icmp_types keep state