Unlike FreeBSD, it is difficult to find information on OpenBSD either in books or on the Web.
So here's my contribution. Many thanks to the folks on the OpenBSD/SPARC mailing list and the comp.unix.bsd.openbsd.misc newsgroup.
One problem I was having was when OpenBSD boots and while it is detecting the CG3 video card, it would suddenly jump into the firmware/BIOS and start spewing out a lot of "Type b (boot), c (continue)...." messages.
The solution is to disable compatibility mode in the firmware/BIOS with the following instruction:
setenv sunmon-compat? false
When I run X windows on my SPARC LX, the screen will blank after several minutes of non-use. Normally, all you need to do is to move the mouse or press a key to get the screen back again.
In my case, this does not work, especially after a long time of non-use.
The solution is to use xset to disable screen blanking thus :
xset s off
This must be done from an xterminal window after X windows is already up and running.
Trying to install Apache?
Guess what? It's already installed!
All you have to do is to edit /etc/rc.conf, and set httpd_flags="YES", and Apache will be loaded when OpenBSD boots!
The main Apache configuration files are in /var/www/conf. Edit httpd.conf and change DocumentRoot to the directory where you want to put your website html files.
When you telnet to an OpenBSD/SPARC box from a Window 98, you may have difficulty running vi or any other full scren editor. The text which you are trying to edit may appear garbled.
My solution to this was to download a free Telnet program from www.zdnet.com. It is simply called "Windows Telnet Client" and works fine. The only thing I don't quite like about it is that it was written in Russia and I don't know if it opens any security holes on my Windows machine.
Note : In case you are tempted to blame the folks at Redmond, I don't see this problem when telneting to a FreeBSD machine. So it looks like a problem that is specific to OpenBSD's version of telnet. Tweaking the telnet daemon's command line parameters (like removing -k and adding -l etc) do not fix the problem.
After adding a new hard disk, what do you need to do in order to use it?
First, you need to partition it. Type 'disklabel -E /dev/sd1c'. Here, /dev/sd1c indicates the second SCSI hard disk (on a Sun SPARC machine). This will launch disklabel in the interactive editing mode which you used when you initially installed OpenBSD. Partition the hard disk accordingly and type 'q' when you finish. Answer 'y' to write the partition information onto the hard disk.
Second, you need to format the partitions. The first partition on the SCSI hard disk that we just partitioned would be /dev/sd1a. So type 'newfs /dev/sd1a'. This will create a new file system on the target partition.
Third, when the partition is formatted, we need to mount it : mount /dev/sd1a /mnt
This will mount /dev/sd1a on /mnt and you can access it under this directory.
One "problem" I have encountered with OpenBSD is that Midnight Commander, the Norton Commander(tm) clone, is not available. An mc directory is available under ports/misc, but running make in this directory will result in a message saying that there are security problems with Midnight Commander.
Having said that, there is nothing that prevents anyone from manually installing Midnight Commander under OpenBSD. Here is how:
Note : The above was done in 2000. Please modify the instructions accordingly for newer versions of Midnight Commander and OpenBSD.
My ISP now provides 2 IP addresses over a single DSL line. This is great for running two physical webservers. It is also an excuse to retire my old firewall box running FreeBSD 2.8 in favor of a slightly faster one (266MHz vs 100MHz) running OpenBSD.
My trouble was : how to set up OpenBSD to deal with 2 external IP addresses.
The DSL modem has one single Ethernet port. My original plan was to connect the DSL modem to a hub, then connect 2 lines from the hub to an ethernet card each (on the firewall machine). The ethernet ports were xl0 and xl2. Then from the firewall machine, I would have an additional 2 ethernet cards (xl1 and xl3) driving 2 internal subnets.
If that sounds overly complicated, it was. And it didn't work.
I had hoped to have one subnet (xl1) communicate with the outside world via xl0. With the other subnet (xl3) communicating via xl2. Instead, the default route port was xl0 and packets sent from the xl3 subnet got lost.
After lots of head scratching and questioning on the OpenBSD newsgroup, I woke up one morning realizing that I had everything set up wrong.
After all, what did I really wanted to do?
I had 2 external IP addresses because I wanted to connect up 2 physically distinct webservers. Did I really need 2 subnets?
After looking at the ifconfig manpages, I found that I could use the "alias" option in the hostname.if file (hostname.xl0 in my case):
inet 155.155.155.34 255.255.255.0 NONE
inet alias 155.155.155.45 255.255.255.0 NONE
Effectively, this configured the single Ethernet port xl0 with 2 IP addresses.
So the next thing I had to do was to figure out how to redirect port 80 requests from each of these 2 IP addresses (from the single xl0 port) to the correct server.
Normally, you would include the following line to /etc/pf.conf to redirect port 80 requests to your webserver:
rdr on $ext_if inet proto tcp to port 80 -> 192.168.1.55 port 80where $ext_if is your external interface e.g. xl0 in my case
This line specifies that all port 80 requests from the external interface would be redirected to the webserver.
What I needed to do was to add the additional IP address parameter.
Fortunately, pf allowed me to do that:
rdr on $ext_if inet proto tcp to 155.155.155.34 port 80 -> 192.168.1.55 port 80
This specifies that port 80 requests to the 155.155.155.34 that arrive on the external port will be routed to the webserver on 192.168.1.55 on the internal subnet.
To add routing for the second server, I would need to add the following:
rdr on $ext_if inet proto tcp to 155.155.155.45 port 80 -> 192.168.1.57 port 80
And voila!
For more OpenBSD and pf info, check out Using OpenBSD As A Firewall-Gateway for Home DSL or Cable or OpenBSD firewall using pf or PF: The OpenBSD Packet Filter
Oh, and if you are posting to the comp.unix.bsd.openbsd.misc newsgroup nowadays, you might want to read this Why is Bottom-posting better than Top-posting
Well, I had my firewall all set up etc. And then I tried downloading some drivers for a wireless network card from download.netgear.com.
Boy oh boy. That was a frustrating experience.
Obviously, FTP was almost completely broken.
Unfortunately, the OpenBSD pf FAQ does not adequately tell you how to set up FTP. There's a section on FTP. But I could not get FTP to work in spite of it (yeah, I'm not too bright).
Finally, I found this site that has pretty good set up instructions.
In summary:
ftp-proxy 8081/tcp # ftp-proxy
ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n -u proxy -m 55000 -M 57000 -t 180
# NAT section
rdr on $int_if proto tcp from 192.168.1.0/24 to any port 21 -> 127.0.0.1 port 8081
# Filter section
# ftp client
pass out on $ext_if inet proto tcp from $ext_if to any port 21 keep state
pass in on $ext_if inet proto tcp from any port 20 to $ext_if port 55000 >< 57000 user proxy flags S/SA keep state
pass out on $ext_if inet proto tcp from $ext_if to any port 20 flags S/AUPRFS modulate state
pass out on $ext_if inet proto tcp from $ext_if to any port > 1024 flags S/AUPRFS modulate state
The Silicon Valley Geek Homepage