Time for something slightly different: in the upcoming weeks, I’m going to post several articles about OpenBSD. OpenBSD is a command line Unix operating system, which by default comes with pf (short for packet filter) and OSPF and BGP daemons. A daemon, in Unix terminology, is what a service is for Microsoft: a piece of software accepting and making connections for something. And pf is stateful firewall software, capable of filtering on layer 3 and layer 4 of the OSI model, as well as performing NAT. Newer versions even support IPv6 routing, firewalling and OSPFv3.

I’ll be using the newest version, OpenBSD 5.0. Given that it uses less than 1% CPU and less than 40 MB of RAM in idle state, it makes a very lightweight platform. It’s also not running many services that can be exploited. It can be downloaded for free from the OpenBSD website. Installation is so straightforward I’m not even going to cover it here, and going with default options will give you a working system. Using it in a VM is no different compared to a bare-metal installation.

After installing, rebooting, and logging in, you’ll be in the command line. If you didn’t log in as root, you can gain root privileges with the ‘su -‘ command. The first thing to do is to enable routing, as OpenBSD will not do this by default. But first some basics about the OpenBSD environment. ‘sysctl’ is an interface to view and modify system parameters. Simply typing ‘sysctl’ in the command line will give all system variables, which is a long list. To filter long output in any command in OpenBSD, you can use ‘grep’, which has to be piped after the command, e.g. ‘sysctl | grep net.inet.ip.forwarding’ will show only the net.inet.ip.forwarding variable, which is currently set to zero. Note that you can ‘grep’ as specific as you want, e.g. ‘sysctl | grep net.inet.ip’ will show all IP variables containing ‘net.inet.ip’.

Changing a variable can be done easily by typing ‘sysctl variable=value‘, e.g. ‘sysctl net.inet.ip.forwarding=1’ activates IP routing, but only until the next reboot. To make a system variable permanent, you’ll have to change it in the file /etc/sysctl.conf (the /etc directory contains most configuration files). To change this file, you can use the build-in text editor vi: ‘vi /etc/sysctl.conf’. Note that vi works very different from a Windows-based text editor and you can’t immediately start typing. A full manual can be checked here. Normally,’ net.inet.ip.forwarding=1′ should already be visible in the file but commented out with a #, which means it is ignored. Go to the # and press ‘x’ to delete it. The same can be done for ‘net.inet6.ip6.forwarding=1’, which enables IPv6 routing. Saving the change can be done by typing ‘:wq’, where ‘:’ means menu or file, ‘w’ is write, and ‘q’ is quit. To quit without saving, type ‘:q!’ and you’re back to the command line.

Next, configuring interfaces. Type ‘ifconfig’ to view the interfaces. The first physical interface is ’em0′, and if more are present, those are ’em1′, em2, and so on. To configure an IP address on an interface, use ‘ifconfig interface ip netmask subnetmask‘, e.g. ‘ifconfig em0 172.16.1.1 netmask 255.255.255.0’. To shutdown and restart the interface (if needed), use ‘ifconfig em0 down’ and ‘ifconfig em0 up’, respectively. But just like with sysctl, this is only until the next reboot. A permanent configuration is done by creating a filed name ‘hostname.interface in /etc. Strangely enough, it’s literally ‘hostname’, no matter the real hostname of your system. So the first interface is defined in /etc/hostname.em0. To create the file, just try to open it in vi and it should create automatically. Add the line ‘inet ip-address subnetmask‘ and you’re done. Optionally, you can add the line ‘!route add default gateway-ip‘ in one of the files, which will define the default gateway of your system.

Most of my research was done using Google, so if you run into trouble, search and you’ll find. Also, OpenBSD contains manual pages which can be consulted with the ‘man’ command, e.g. ‘man vi’ and ‘man sysctl’. To quit the manual, typ ‘:q’.

That concludes the basic intro and enabling routing for OpenBSD. In upcoming blog posts, I’ll cover the following:

  • Firewalling and NAT using pf
  • OSPF using the ospfd
  • IPv6 functionality
  • NTP
  • Perhaps CDP and LLDP support

Stay tuned!

Advertisements