BSD DevCenter

oreilly.comSafari Books Online.Conferences.

We've expanded our LAMP news coverage and improved our search! Search for all things LAMP across O'Reilly!

Search
Search Tips

advertisement

Listen Print Subscribe to BSD Subscribe to Newsletters

Introduction to OpenBSD Networking
Pages: 1, 2

Routing

The final stage in setting up a machine to act as a small network gateway is to implement the routing. Most commonly in this situation you would have internal addresses on the inside of the gateway and use network address translation (NAT) to perform the gatewaying. This will be discussed in a later installment; here we only cover basic routing. OpenBSD uses the standard Unix routing tool route. Syntax differs slightly from other systems, but the premise remains the same. To print your existing routing table, issue the command:

# route -n show

The -n flag tells route not to try to perform any hostname lookups and to use IP addresses only, with show telling it to print the routing table. The output for this example should look roughly like:



Destination   Gateway          Flags
default       203.25.128.33	   UG
192.168.0.0   link#1           U
192.168.0.5   0:20:af:5c:4a:f3 UH

The first line shows the default gateway (the other end of the PPP link) as being 203.25.128.33. The second line is for the internal address range of 192.168.0.1 to go through link#1 (le0). The third line is for 192.168.0.5, a frequently used workstation. In this case, our OpenBSD machine has mapped the MAC address of the workstation directly for faster routing. Let us assume we want to add the address range of 192.168.1.* to the network. The 192.168.0.* and 192.168.1.* machines do not need to talk to each other, but they both need to talk to the server. They are all physically cabled on the same network. First, you would add a virtual interface so that le0 had both the addresses 192.168.0.1 and 192.168.1.1. This is done by editing /etc/ifaliases to contain the line:

le0 192.168.1.1 255.255.255.0

Secondly, add the route for the 192.168.1.1 range by issuing the command:

# route add 192.168.1.0 192.168.1.1

A simple breakdown of this command:

  • route - route utility
  • add - add a route to the table
  • 192.168.1.0 - target address range
  • 192.168.1.1 - IP to use as a gateway (in this case, a local one)

This all in place, you should have a nice secure OpenBSD gateway to the Internet. The majority of people are using Linux FreeBSD and Windows NT for this kind of application, but, as has been demonstrated, it's not difficult to produce a gateway using OpenBSD that will run on nearly any hardware and provide superior security and unprecedented reliability.

David Jorm has been involved with open source and security projects for several years, originally with OpenBSD and Debian GNU/Linux, now with the development team at wiretapped.net.

Discuss this article in the Operating Systems Forum.

Return to the BSD DevCenter.

 




Sponsored Resources

  • Inside Lightroom
Advertisement

Sponsored by:

O'Reilly Media

©2009, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. 		About O'Reilly
Academic Solutions
Authors
Contacts
Customer Service
Jobs
Newsletters
O'Reilly Labs
Press Room
Privacy Policy
RSS Feeds
Terms of Service
User Groups
Writing for O'Reilly
Content Archive
Business Technology
Computer Technology
Google
Microsoft
Mobile
Network
Operating System
Digital Photography
Programming
Software
Web
Web Design
 More O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
Inside iPhone
O'Reilly FYI
makezine.com
craftzine.com
hackszine.com
perl.com
xml.com

Partner Sites
InsideRIA
java.net
O'Reilly Insights on Forbes.com