Let's do it:
Building an OpenBSD firewall
Ok, first step is to build one OpenBSD firewall. I promised
before that I would write a tutorial on creating an OpenBSD gateway/VPN server
if there was any interest. Since there were a few people interested in the
idea, this can be counted as the initial instalment. While the purpose of this
article is not to set up a VPN gateway, it will show you how to install OpenBSD
and therefore, this can be considered a general reference for initial OpenBSD
installation. I'll give as much detail as I think is needed, if you haven't
installed this before, it can be quite daunting. If there's anything which is
unclear and isn't mentioned in the official FAQ, let me know andI'll cover the area again later on.
I'm installing from a CD of version 3.7; 3.8 will be out on the 1st November but the install procedure won't change.
Setting up the VMware virtual machine:
In VMware Workstation, start the new machine wizard with File > New > Virtual Machine. Select
the typical configuration, Guest Operating System is Other and version is also Other.
Give the machine a name--'OpenBSD A' in my case--then set the location for
storing the virtual machine files (any place you have space). For network type
I'm selecting 'Do not use a network connection'; I'll explain why later. The
default disk size of 4GB will be ok; tick the box '
any problems with large files on a FAT filesystem (in case you want to copy the
image to a FAT formatted disk at some point). As I noted previously, VMware
will require a lot of disk space and quite a bit of RAM; this test lab will use
about 16GB of disk space and 320MB of RAM while running, but with a 250GB SATA
hard disk costing me £65 (approx. $115) and 1GB of RAM £50 (approx. $90), this
doesn't really bother me. Click finish and you will be presented with your VM
As you can see, this defaults to allocate 256MB of RAM, and that's
way too much. We can run OpenBSD on 32MB of RAM without problems. If you click
on 'Edit virtual machine settings' then you can change the memory allocation to
32MB. We can also now add our network support, the reason I didn't set this up
earlier is that we want two network adaptors on different physical networks
(for all intents and purposes this represents the 'Internet' and 'Internal'
networks). Still in the virtual machine settings, click on 'Add' and the add
hardware wizard will start. Select EthernetAdaptor, then Custom: VMnet5.
Do this again to add the second adaptor, but this time select VMnet6.
Your virtual machine will now look like this:
Pop in your CD, power on the virtual machine, and we're ready to go.
At the boot> prompt just hit enter.
When prompted, just type
I for Install, accept the default terminal type (just hit enter). Select
your keyboard map, or stick with the default, then type yes when asked if you want to proceed with the install. We now come
to setting up the hard disk, not as straightforward as a Windows installation,
but easy once you know how. The default disk will be shown as wd0; accept this
as the root disk. When asked if you want to use the whole disk for OpenBSD, say
yes. We will now be dropped in tothe partition editor where we can decide how to allocate the disk space.
- p display or 'print' the current partition setup
- d 'x' delete partition 'x'
- a 'x' add partition 'x'
Take a look at the current partitions:
You will see two partitions, a and c. Partition c always
stays, it simply shows the physical disk. Remove partition a and then print to
check that it's gone:
> d a
Now we need to plan our partitions, there is a 4GB disk and
we don't plan on installing much more than the base install. I would say to use
Swap 64MB (twice the
(allow for source and user installed programs)
/var 1250MB (logsetc)
So, to create the root partition:
> a a
size:  250M
Rounding to nearest cylinder: 512001
FS type: [4.2BSD]
mount point: [none] /
The offset and FS type should be left as default (just hit
enter). Next the swap partition (swap is always b), don't worry about the FS
Type, it will always offer swap as the default for partition b. You can't use c as this is the disk, so from b move on to d. Once you have made all of your partitions, view them ( > p ) and they should look likethis:
Confirm by typing:
Write new label?: [y] yes
When prompted to confirm the mount points simply type done and you will pass to the next
stage. OpenBSD will show you the partitions which you have chosen to create and
as you whether you want to proceed, of course the answer is yes. You will now see the partitionsbeing created and formatted.
When asked for the system hostname, I have chosen to call
this GatewayA, accept the default ofconfiguring the network now (this gets it out of the way). We have adaptors le1 and le2; lets go with the default and configure le1 first:
As you can see, I have set le1 to be out virtual internet network and le2 will represent our internal network. The nameserver and default
route would normally be those provided by your ISP or those of your internet
router. Don't edit hosts with ed and don't do any manual configuration. Set the
root passwords and you will be asked where to install from; simply type c for (c)drom and then keep the defaultoptions for the device name and file path.
The package selection screen is shown next, by default all
of the essential package groups are selected, all those with 'x' at the
beginning relate to x-windows, as we don't want these installed, we simply type
done to continue. You will confirm
that you are ready to install and then the packages will be copied from the
disk. A second chance to install sets will be given; simply hit enter to accept
the default (done}. Do the same for
any following questions, except whether you expect to run x-windows--the answerto that one is no.
Set your time zone (in my case Europe/London).
That's it, done. You now have to remove the CD, reboot and a fresh OpenBSD installation has been completed! That wasn't too bad was it!
In next week's instalment we will finish the gateway configuration, compile / install nmproxy and then clone the gateway to create GatewayB.