BSD DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


Introduction to OpenBSD Networking
Pages: 1, 2

Routing

The final stage in setting up a machine to act as a small network gateway is to implement the routing. Most commonly in this situation you would have internal addresses on the inside of the gateway and use network address translation (NAT) to perform the gatewaying. This will be discussed in a later installment; here we only cover basic routing. OpenBSD uses the standard Unix routing tool route. Syntax differs slightly from other systems, but the premise remains the same. To print your existing routing table, issue the command:

# route -n show

The -n flag tells route not to try to perform any hostname lookups and to use IP addresses only, with show telling it to print the routing table. The output for this example should look roughly like:



Destination   Gateway          Flags
default       203.25.128.33	   UG
192.168.0.0   link#1           U
192.168.0.5   0:20:af:5c:4a:f3 UH

The first line shows the default gateway (the other end of the PPP link) as being 203.25.128.33. The second line is for the internal address range of 192.168.0.1 to go through link#1 (le0). The third line is for 192.168.0.5, a frequently used workstation. In this case, our OpenBSD machine has mapped the MAC address of the workstation directly for faster routing. Let us assume we want to add the address range of 192.168.1.* to the network. The 192.168.0.* and 192.168.1.* machines do not need to talk to each other, but they both need to talk to the server. They are all physically cabled on the same network. First, you would add a virtual interface so that le0 had both the addresses 192.168.0.1 and 192.168.1.1. This is done by editing /etc/ifaliases to contain the line:

le0 192.168.1.1 255.255.255.0

Secondly, add the route for the 192.168.1.1 range by issuing the command:

# route add 192.168.1.0 192.168.1.1

A simple breakdown of this command:

  • route - route utility
  • add - add a route to the table
  • 192.168.1.0 - target address range
  • 192.168.1.1 - IP to use as a gateway (in this case, a local one)

This all in place, you should have a nice secure OpenBSD gateway to the Internet. The majority of people are using Linux FreeBSD and Windows NT for this kind of application, but, as has been demonstrated, it's not difficult to produce a gateway using OpenBSD that will run on nearly any hardware and provide superior security and unprecedented reliability.

David Jorm has been involved with open source and security projects for several years, originally with OpenBSD and Debian GNU/Linux, now with the development team at wiretapped.net.


Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 





Sponsored by: