Introduction to OpenBSD Networking
Pages: 1, 2
The final stage in setting up a machine to act as a small network
gateway is to implement the routing. Most commonly in this situation
you would have internal addresses on the inside of the gateway and use
network address translation (NAT) to perform the gatewaying. This will be discussed in a later
installment; here we only cover basic routing.
OpenBSD uses the standard Unix routing tool
route. Syntax differs
slightly from other systems, but the premise remains the same. To
print your existing routing table, issue the command:
# route -n show
-n flag tells route not to try to perform any hostname lookups
and to use IP addresses only, with
show telling it to print the routing
table. The output for this example should look roughly like:
Destination Gateway Flags default 18.104.22.168 UG 192.168.0.0 link#1 U 192.168.0.5 0:20:af:5c:4a:f3 UH
The first line shows the default gateway (the other end of the PPP
link) as being 22.214.171.124. The second line is for the internal
address range of 192.168.0.1 to go through link#1 (le0). The third
line is for 192.168.0.5, a frequently used workstation. In this case,
our OpenBSD machine has mapped the MAC address of the workstation
directly for faster routing. Let us assume we want to add the address
range of 192.168.1.* to the network. The 192.168.0.* and 192.168.1.*
machines do not need to talk to each other, but they both need to talk
to the server. They are all physically cabled on the same
network. First, you would add a virtual interface so that le0 had both
the addresses 192.168.0.1 and 192.168.1.1. This is done by editing
/etc/ifaliases to contain the line:
le0 192.168.1.1 255.255.255.0
Secondly, add the route for the 192.168.1.1 range by issuing the command:
# route add 192.168.1.0 192.168.1.1
A simple breakdown of this command:
route- route utility
add- add a route to the table
192.168.1.0- target address range
192.168.1.1- IP to use as a gateway (in this case, a local one)
This all in place, you should have a nice secure OpenBSD gateway to the Internet. The majority of people are using Linux FreeBSD and Windows NT for this kind of application, but, as has been demonstrated, it's not difficult to produce a gateway using OpenBSD that will run on nearly any hardware and provide superior security and unprecedented reliability.
David Jorm has been involved with open source and security projects for several years, originally with OpenBSD and Debian GNU/Linux, now with the development team at wiretapped.net.
Discuss this article in the Operating Systems Forum.
Return to the BSD DevCenter.