(Transferred from the wiki by Peter)

OpenBSD Gateway Howto

Credits go to the OpenBSD team for granting permission for duplication of the manuals and guides on the OpenBSD.org website. Thanks to GnuVince and Ashcrow for quick and accurate technical support on the pf.conf file. I originally wrote this paper for the IT department at my company I work for since any server needs to be well documented on at least how to get it up and going in case a drive needs to be dropped in, brand new, with no data backup available. So some points may not need to be made, but are. I omitted the how-to-use-vi section, what does ‘ls’ do, etc, etc…. Feel free to email me at :: schotty@schotty.com for any questions or comments. You may freely distribute the information within, but if you rebrand and modify, let me know so any of the changes dont point back at me. On to the fun …….
Table of contents
1. Obtaining OpenBSD media
2. Installing OpenBSD2.1 Prepareing the boot floppy
2.2 Booting the floppy
2.3 Creating BSD and swap partition(s)
2.4 Verifying mount points and formatting partitions
2.5 Setting up NIC adapter(s)
2.6 Installation media
2.7 Choosing installation packages and finishing the install.
2.8 Timezone settings
2.9 Finishing it all up
3. Configuring OpenBSD
3.1 /etc/sysctl.conf
3.2 /etc/rc.conf
3.3 /etc/nat.conf
3.4 /etc/resolv.conf
3.5 /etc/hostname.XxYyZz files
3.6 /etc/pf.conf
3.7 Starting the NAT service and firewall
1. Obtaining OpenBSD
The method that I used was the FTP floppy method. This entails going to www.openbsd.org and retrieving the boot disc floppy image, writing the image to a blank floppy and booting off the floppy to install via FTP.
The other, and just as simple method is to use a CD-ROM. Both will do the job just as easily.
2. Installing OpenBSD
Since I used the FTP Floppy method, I will detail that. The slight variations are obvious and will be noted as I remember them.
2.1 — Prepare the boot floppy
Grab the floppy image and utility to write the image to a floppy from www.openbsd.org.
Floppy Image (ftp://ftp.openbsd.org/pub/OpenBSD/3.0/i386/floppy30.fs) — The floppy disk image of the OpenBSD Installer
FDImage (ftp://ftp.openbsd.org/pub/OpenBSD/3.0/tools/fdimage.exe) — Writes the floppy image to a floppy disk.
C:\fdimage floppy30.fs a:
2.2 Booting the floppy
After the boot image is written, you may boot the target machine off the floppy. The boot process is not fast. We are compressing a rather large amount of data onto a small space and thus the decompression may be cumbersome. But after the boot process starts, the speed is rather quick and responsive.
When prompted for the install type,
(I)nstall, (U)pgrade or (S)hell? i
you most likely will want a fresh install — reslicing and reformatting.
Press ‘I’ and hit enter.
Welcome to the OpenBSD/i386 3.0 installation program.
This program is designed to help you put OpenBSD on your disk in a simple and
rational way.
As with anything which modifies your disk’s contents, this program can cause
SIGNIFICANT data loss, and you are advised to make sure your data is backed
up before beginning the installation process.
Default answers are displayed in brackets after the questions. You can hit
Control-C at any time to quit, but if you do so at a prompt, you may have
to hit return. Also, quitting in the middle of installation may leave your
system in an inconsistent state. If you hit Control-C and restart the
install, the install program will remember many of your old answers.
You can run a shell command at any prompt via ‘!foo’
or escape to a shell by simply typing ‘!’.
Specify terminal type [vt220]:
Hit enter, for the vt220 terminal mode
The installation program needs to know which disk to consider the root disk.
Note the unit number may be different than the unit number you used in the
boot program (especially on a PC with multiple disk controllers).
Available disks are:
sd0
Which disk is the root disk? [sd0]
Do you want to use the *entire* disk for OpenBSD? [no]
Hit enter, to use sd0 as the root disk
Choose yes for using all of the root disk.
2.3 Creating BSD and swap partion(s)
Inside the BIOS ‘A6′ (’OpenBSD’) partition you just created, there resides an
OpenBSD partition table which defines how this BIOS partition is to be split
up. This table declares the offsets and sizes of your / partition, your swap
space, and any other partitions you might create. (NOTE: The OpenBSD disk
label offsets are absolute, ie. relative to the start of the disk… NOT
relative to the start of the BIOS ‘A6′ partition).
disklabel: no disk label
WARNING: Disk sd0 has no label. You will be creating a new one.
If this disk is shared with other operating systems, those operating systems
should have a BIOS partition entry that spans the space they occupy completely.
For safety, also make sure all OpenBSD file systems are within the offset and
size specified in the ‘A6′ BIOS partition table. (By default, the disklabel
editor will try to enforce this). If you are unsure of how to use multiple
partitions properly (ie. separating /, /usr, /tmp, /var, /usr/local, and other
things) just split the space into a root and swap partition for now.

  1. using MBR partition 3: type A6 off 63 (0×3f) size 16450497 (0xfb03c1)

Treating sectors 63-80041248 as the OpenBSD portion of the disk.
You can use the ‘b’ command to change this.
Initial label editor (enter ‘?’ for help at any prompt)
> ?
Here is the BSD version of fdisk. Here is a simple list of commands to use to get around in this tool.
Available commands:
p [unit] - print label.
M - show entire OpenBSD man page for disklabel.
e - edit drive parameters.
a [part] - add new partition.
b - set OpenBSD disk boundaries.
c [part] - change partition size.
d [part] - delete partition.
g [d|b] - Use [d]isk or [b]ios geometry.
m [part] - modify existing partition.
n [part] - set the mount point for a partition.
r - recalculate free space.
u - undo last change.
s [path] - save label to file.
w - write label to disk.
q - quit and save changes.
x - exit without saving changes.
X - toggle expert mode.
? [cmnd] - this message or command specific help.
Numeric parameters may use suffixes to indicate units:
‘b’ for bytes, ‘c’ for cylinders, ‘k’ for kilobytes, ‘m’ for megabytes,
‘g’ for gigabytes or no suffix for sectors (usually 512 bytes).
Non-sector units will be rounded to the nearest cylinder.
Entering ‘?’ at most prompts will give you (simple) context sensitive help.
I used the following list of commands to get the drive sliced properly — a root ( / ), swap, and var (/var) slices were used.
d a
d b
d d
d e
a a
for offset
3903401 for size
[4.2BSD] slice type
/ Mount point
a b
for offset
256000 for size
for swap
a d
for offset
for size
for BSD slice type
/var for mount point
This should have your slices setup. A p should correct any doubts.
Type w and then q to write table and quit fdisk.
2.4 Verifying mount points and formatting partitions
Next, BSD will need to format and verify thje mount points of each partition.
You will now have the opportunity to enter filesystem information for sd0.
You will be prompted for the mount point (full path, including the prepending
‘/’ character) for each BSD partition on wd0. Enter “none” to skip a
partition or “done” when you are finished.
The following partitions will be used for the root filesystem and swap:
sd0a /
sd0b swap
Mount point for wd0d (size=82152k) [/tmp, RET, none, or done]?
Now you can select another disk to initialize. (Do not re-select a disk
you have already entered information for). Available disks are:
sd0
Which one? [done]
You have configured the following devices and mount points:
sd0a /
sd0d /tmp
sd0e /var
[edit] ================================================

The next step will overwrite any existing data on:
sd0a sd0d sd0e
Are you really sure that you’re ready to proceed? [n] y
Creating filesystems…
Warning: 64 sector(s) in last cylinder unallocated
/dev/rsd0a: 164240 sectors in 163 cylinders of 16 tracks, 63 sectors
80.2MB in 11 cyl groups (16 c/g, 7.88MB/g, 1920 i/g)
/dev/rsd0d: 164304 sectors in 163 cylinders of 16 tracks, 63 sectors
80.2MB in 11 cyl groups (16 c/g, 7.88MB/g, 1920 i/g)
/dev/rsd0e: 164304 sectors in 163 cylinders of 16 tracks, 63 sectors
80.2MB in 11 cyl groups (16 c/g, 7.88MB/g, 1920 i/g)
Very self-explanatory, however as not very common, one issue I ran into was the mount point subroutine not terminating properly and requiring a done to get it to stop. As you can see above, once tell it the mount points are correct, you can continue on to the actual format of the partition. A few minutes will pass as it checks for bad blocks and formats.
2.5 Setting up NIC adapter(s)
Here we can setup any NIC adapters that may be already present. This is not mandatory at this point, and can be done later. It would be advisable however, to do it now if you are unconfortable using vi. Simply follow the instructions. First we need to enter in our hostname and domainname. In this case I used sample5.sample.com as our host/domain name.