Today I setup and tested my first OpenBSD firewall/gateway. I was really fun. Before today I had completed bits and pieces of the setup but not the entire process.
These where the steps I took:
# 1. Install:
Partitions =
Filesystem Size Mounted on/dev/wd0a 150.1M /
/dev/wd0b 383.9M swap
/dev/wd0d 511.9M /tmp
/dev/wd0e 99.9M /var
/dev/wd0f 5120.2M /usr
/dev/wd0g 2048.0M /home
Sets =
bsd - This is the Kernel. Required
base40.tgz - Contains the base OpenBSD system
etc40.tgz - Contains all the files in /etc
# 2. Filtering and Firewalling OpenBSD:
First I Prepared pf: by starting it in rc.conf.local. (I will need to reboot for this to take effect)# echo "#Start PF" >> /etc/rc.conf.local
# echo pf=YES >> /etc/rc.conf.local
Now I need to configure pf.conf: # vi /etc/pf.conf
If you need help creating a pf ruleset please have a look at the following: PF User's Guide, pf(4), pfctl(8), pf.conf(5), pf.os(5), pflog(4), pfsync(4), altq(9).
# 3. Setting up your OpenBSD box as a Gateway
Allow IP forwarding by adding this line to /etc/sysctl.conf configuration file:# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
Now modify the routes on the other hosts on both sides.
Routes can be controlled with routed(8) or OpenBGPD, in the base OpenBSD install.
# 4. DHCP Server
# Configuring the DHCP server, dhcpd# echo "#Start dhcpd" >> /etc/rc.conf.local
# echo 'dhcpd_flags=""' >> /etc/rc.conf.local
# Put the interfaces that you want dhcpd to listen on in /etc/dhcpd.interfaces:# echo rl1 > /etc/dhcpd.interfaces
# Then, edit /etc/dhcpd.conf# vi /etc/dhcpd.conf
# 5. Configuration:
Su'd to root, create /etc/profile and add the content below.
# Configuring profiles:# echo "alias su='su -l'" > /etc/profile
# echo "alias rm='rm -P'" >> /etc/profile
# echo 'if [ "$USER" = root ]; then' >> /etc/profile
# echo 'PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin' >> /etc/profile
# echo 'PS1="\`hostname -s\`:\`pwd\`# "' >> /etc/profile
# echo 'else' >> /etc/profile
# echo 'PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.' >> /etc/profile
# echo 'PS1="\`hostname -s\`:\`pwd\`$ "' >> /etc/profile
# echo 'fi' >> /etc/profile
Then I rebooted the system, so that all of the above could take effect. I attached a couple of nodes to the switch, which worked perfectly.
Now I am testing the setup. So far everything is working well :)
I'm not sure how I went, I think I did ok for a first try. If anyone has any suggestions I would be more than willing to hear them. Thank you!
Friday, January 12, 2007
Setting up OpenBSD as a Gateway/Firewall
Subscribe to:
Post Comments (Atom)
1 comments:
Hi.
I am about to use openbsd as router, too but using a different routing mechanism (BGP) since it will be an edge router.
Have you test how many packets per seconds your router is able to process? Have you done some "stresstests"
I have read that openbsd´s TCP Stack is not that fast compared to freebsd or linux.
regards,
Victor
Post a Comment