I wanted to be able to list OpenBSD as something Subvert Technologies had experience with; specifically, being able to offer a bloody good industrial-strength firewall for the price of, say, a ten-year-old Sun Ultra-5 workstation on eBay. So I burnt a sparc64 boot disk, dug joplin out from under my bed, and got to work.

I have to say, I’m extremely impressed. A while back, I read an article explaining how easy it is to set up an OpenBSD router (it was in the UKUUG magazine, so not something I can link to). I found it a little difficult to believe.

It’s true, though. Here’re the steps it took:

    # My external interface is hme0, the builtin Sun NIC.
    ext_if="hme0"
    # My internal interface is xl0, a 3COM card I dug out.
    int_if="xl0"

    # Set the interfaces, as appropriate.
    echo dhcp > /etc/hostname.$ext_if
    echo inet 10.42.0.1 255.255.255.0 NONE > /etc/hostname.$int_if

    # Enable DHCP on the internal interface. You'll need to edit /etc/dhcpd.conf by hand.
    mv /etc/dhcpd.interfaces /etc/dhcpd.interfaces.dist
    echo $int_if >> /etc/dhcpd.interfaces
    echo 'dhcpd_flags=""' >> /etc/rc.conf.local

    # Enable PF.
    mv /etc/pf.conf /etc/pf.conf.dist
    echo ext_if="$ext_if" >> /etc/pf.conf
    echo int_if="$int_if" >> /etc/pf.conf
    echo 'nat on $ext_if from $int_if:network to any -> ($ext_if)' >> /etc/pf.conf

    echo "pf=YES" >> /etc/rc.conf.local

Then reboot. Seriously. All it takes is one line in pf.conf, and one in rc.conf.local to enable it on boot. DHCP is harder to set up, for crying out loud.