Operating systems

Video Conferencing woes


Let's do it:

Building an OpenBSD firewall

Ok, first step is to build one OpenBSD firewall. I promised

before that I would write a tutorial on creating an OpenBSD gateway/VPN server

if there was any interest. Since there were a few people interested in the

idea, this can be counted as the initial instalment. While the purpose of this

article is not to set up a VPN gateway, it will show you how to install OpenBSD

and therefore, this can be considered a general reference for initial OpenBSD

installation. I'll give as much detail as I think is needed, if you haven't

installed this before, it can be quite daunting. If there's anything which is

unclear and isn't mentioned in the official FAQ, let me know and

I'll cover the area again later on.

I'm installing from a CD of version 3.7; 3.8 will be out on the 1st November but the install procedure won't change.

Setting up the VMware virtual machine:

In VMware Workstation, start the new machine wizard with File > New > Virtual Machine. Select

the typical configuration, Guest Operating System is Other and version is also Other.

Give the machine a name--'OpenBSD A' in my case--then set the location for

storing the virtual machine files (any place you have space). For network type

I'm selecting 'Do not use a network connection'; I'll explain why later. The

default disk size of 4GB will be ok; tick the box 'Split disk into 2GB files' as this will stop

any problems with large files on a FAT filesystem (in case you want to copy the

image to a FAT formatted disk at some point). As I noted previously, VMware

will require a lot of disk space and quite a bit of RAM; this test lab will use

about 16GB of disk space and 320MB of RAM while running, but with a 250GB SATA

hard disk costing me £65 (approx. $115) and 1GB of RAM £50 (approx. $90), this

doesn't really bother me. Click finish and you will be presented with your VM

overview.


As you can see, this defaults to allocate 256MB of RAM, and that's

way too much. We can run OpenBSD on 32MB of RAM without problems. If you click

on 'Edit virtual machine settings' then you can change the memory allocation to

32MB. We can also now add our network support, the reason I didn't set this up

earlier is that we want two network adaptors on different physical networks

(for all intents and purposes this represents the 'Internet' and 'Internal'

networks). Still in the virtual machine settings, click on 'Add' and the add

hardware wizard will start. Select Ethernet

Adaptor, then Custom: VMnet5.


Do this again to add the second adaptor, but this time select VMnet6.

Your virtual machine will now look like this:


Pop in your CD, power on the virtual machine, and we're ready to go.

At the boot> prompt just hit enter.

When prompted, just type

I for Install, accept the default terminal type (just hit enter). Select

your keyboard map, or stick with the default, then type yes when asked if you want to proceed with the install. We now come

to setting up the hard disk, not as straightforward as a Windows installation,

but easy once you know how. The default disk will be shown as wd0; accept this

as the root disk. When asked if you want to use the whole disk for OpenBSD, say

yes. We will now be dropped in to

the partition editor where we can decide how to allocate the disk space.

Simple commands:

  • p – display or 'print' the current partition setup
  • d 'x'– delete partition 'x'
  • a 'x' – add partition 'x'

Take a look at the current partitions:

> p


You will see two partitions, a and c. Partition c always

stays, it simply shows the physical disk. Remove partition a and then print to

check that it's gone:

> d a

> p

Now we need to plan our partitions, there is a 4GB disk and

we don't plan on installing much more than the base install. I would say to use

something like:


/           250MB

Swap   64MB (twice the

RAM)

/tmp     1000MB

/usr       1500MB

(allow for source and user installed programs)

/var      1250MB (logs

etc)

So, to create the root partition:

> a a

offset: [63]

size: [8385867] 250M

Rounding to nearest cylinder: 512001

FS type: [4.2BSD]

mount point: [none] /

The offset and FS type should be left as default (just hit

enter). Next the swap partition (swap is always b), don't worry about the FS

Type, it will always offer swap as the default for partition b. You can't use c as this is the disk, so from b move on to d. Once you have made all of your partitions, view them ( > p ) and they should look like

this:

 

Confirm by typing:

> q

Write new label?: [y] yes

When prompted to confirm the mount points simply type done and you will pass to the next

stage. OpenBSD will show you the partitions which you have chosen to create and

as you whether you want to proceed, of course the answer is yes. You will now see the partitions

being created and formatted.

When asked for the system hostname, I have chosen to call

this GatewayA, accept the default of

configuring the network now (this gets it out of the way). We have adaptors le1 and le2; lets go with the default and configure le1 first:


As you can see, I have set le1 to be out virtual internet network and le2 will represent our internal network. The nameserver and default

route would normally be those provided by your ISP or those of your internet

router. Don't edit hosts with ed and don't do any manual configuration. Set the

root passwords and you will be asked where to install from; simply type c for (c)drom and then keep the default

options for the device name and file path.

The package selection screen is shown next, by default all

of the essential package groups are selected, all those with 'x' at the

beginning relate to x-windows, as we don't want these installed, we simply type

done to continue. You will confirm

that you are ready to install and then the packages will be copied from the

disk. A second chance to install sets will be given; simply hit enter to accept

the default (done}. Do the same for

any following questions, except whether you expect to run x-windows--the answer

to that one is no.

Set your time zone (in my case Europe/London).

That's it, done. You now have to remove the CD, reboot and a fresh OpenBSD installation has been completed! That wasn't too bad was it!

In next week's instalment we will finish the gateway configuration, compile / install nmproxy and then clone the gateway to create GatewayB.

Editor's Picks