OK, I dug up an old laptop, and I want to make a firewall out of it. I got
the latest OpenBSD running on it. Now what?

I'm pretty knowledgeable about *nix in general, and linux in particular,
but I am completely stumped with the particulars of OpenBSD.

What's the firewall tool called? I don't even have a clue where to begin.

I *know* the thing is firewalling, because I can't even ssh into it:

[yan@poseidon yan]$ ssh kerber-puppy -l root
ssh: connect to host kerber-puppy port 22: No route to host
[yan@poseidon yan]$ ping kerber-puppy
PING kerber-puppy.seiner.lan (192.168.128.221) 56(84) bytes of data.
From poseidon.seiner.lan (192.168.128.222) icmp_seq=1 Destination Host Unreachable

but I can ping and ssh *from* it to the hosts in my lan...

So, where do I start?

On Sat, 22 Jan 2005 15:18:40 -0800, Captain Dondo wrote:

> OK, I dug up an old laptop, and I want to make a firewall out of it. I got
> the latest OpenBSD running on it. Now what?
>
> I'm pretty knowledgeable about *nix in general, and linux in particular,
> but I am completely stumped with the particulars of OpenBSD.
>
> What's the firewall tool called? I don't even have a clue where to begin.
>
> I *know* the thing is firewalling, because I can't even ssh into it:
>
> [yan@poseidon yan]$ ssh kerber-puppy -l root
> ssh: connect to host kerber-puppy port 22: No route to host
> [yan@poseidon yan]$ ping kerber-puppy
> PING kerber-puppy.seiner.lan (192.168.128.221) 56(84) bytes of data.
> From poseidon.seiner.lan (192.168.128.222) icmp_seq=1 Destination Host Unreachable
>
> but I can ping and ssh *from* it to the hosts in my lan...
>
> So, where do I start?

Im no expert..
but the OpenBSD 'firewall' is pf ( for packet filter )
man pf
there is an excellent 'how to' on the openbsd site..
its ( as far as i can tell ) setup much like iptables.. although the pf
itself doesnt do routing ( thats handled somewhere else in the kernel me
thinks )
loading the rulesets is done with pfctl
man pfctl

hope this helps.. and doesnt add to the confusion

Captain Dondo wrote:
>OK, I dug up an old laptop, and I want to make a firewall out of it. I got
>the latest OpenBSD running on it. Now what?
<...>
>So, where do I start?

There's a very good introduction at
http://www.openbsd.org/faq/pf/

--
Maurice

Hello!

Couple of things spring to mind - both a bit noddy so please don't feel
disgruntled that I'm suggesting them. What you've described feels
networky to me. Is the interface definitely up and listening? Also
when you install, it asks you whether you want to run sshd by default -
did you hit yes? I reckon it's worth checking these two.

After that, I've recently been posting about some trouble I've been
having with a machine I've got that sounds like it's for a similar
purpose. It's the ssh hanging thread. All my config files are in that
thread and may help. Yesterday I worked out what the problem was too
(though not why!). I'll post that at the end of the thread...
Hope this helps,

Ben

On Sun, 23 Jan 2005 02:45:27 -0800, google@nimmaj.com wrote:

> Couple of things spring to mind - both a bit noddy so please don't feel
> disgruntled that I'm suggesting them. What you've described feels
> networky to me. Is the interface definitely up and listening? Also
> when you install, it asks you whether you want to run sshd by default -
> did you hit yes? I reckon it's worth checking these two.


The only thing I can say about that is DUH.... I got so befuddled with
the *differences* of OpenBSD that I did not check the obvious... For some
weird reason, the install floppy got one IP address from DHCP, while the
machine, once it was up, got a different address, and DDNS did not pick up
on the change... Not sure why, but certainly nothing to do with OpenBSD....

Well, I do have it up, running, semi-configured. Now to play with it a
bit....

I'm building a list of newbie questions, too.... <grin>

On 22/01/2005 6:18 PM, Captain Dondo wrote:
> OK, I dug up an old laptop, and I want to make a firewall out of it. I got
> the latest OpenBSD running on it. Now what?
>
> I'm pretty knowledgeable about *nix in general, and linux in particular,
> but I am completely stumped with the particulars of OpenBSD.
>
> What's the firewall tool called? I don't even have a clue where to begin.
>
> I *know* the thing is firewalling, because I can't even ssh into it:
>
> [yan@poseidon yan]$ ssh kerber-puppy -l root
> ssh: connect to host kerber-puppy port 22: No route to host
> [yan@poseidon yan]$ ping kerber-puppy
> PING kerber-puppy.seiner.lan (192.168.128.221) 56(84) bytes of data.
> From poseidon.seiner.lan (192.168.128.222) icmp_seq=1 Destination Host Unreachable
>
> but I can ping and ssh *from* it to the hosts in my lan...
>
> So, where do I start?

man afterboot