OpenBSD as a Simple NAT Router6 October 2006
To setup a simple NAT router/firewall using OpenBSD, use these steps as a general guideline. I’m assuming that you have general knowledge of OpenBSD. This article applies to OpenBSD 3.9.
First, configure the network interfaces appropriately. Typically, this will involve editing the
hostname.<NIC type> file. In a VMware ESX Server environment, OpenBSD uses pcn0 for the first virtual NIC, pcn1 for the second virtual NIC, etc., so the appropriate configuration files would be
hostname.pcn1, and so forth.
Next, enable IP forwarding by editing
/etc/sysctl.conf and making the following change (the line is present in a default installation, you just need to uncomment it):
Next, we’ll need to enable the OpenBSD packet filter, pf. This is typically done by creating/editing the file
/etc/rc.conf.local and making sure the following line is present:
Next, we’ll configure pf for network address translation (NAT) and simple packet filtering. If you’ve never configured pf before, I highly recommend this OpenBSD PF guide; it will introduce you to the functionality of this very powerful packet filtering engine. (Sometimes I wish Mac OS X would switch to using pf.) You configure pf by placing a ruleset into
Here’s a quick sample ruleset (keep in mind this is based on OpenBSD running as a virtual machine in a VMware environment):
This is a really, really simple configuration, but it will get the job done. (I did title this “OpenBSD as a Simple NAT Router”, after all.)
For more advanced configurations, I highly recommended reviewing the OpenBSD documentation (which, by the way, is very thorough and very extensive; kudos to the OpenBSD team for their documentation efforts.)Tags: BSD · ESX · NAT · Networking · UNIX Previous Post: GrowlCamino Next Post: Finding Recently Created Active Directory Accounts