Today I was faced with the following problem: I was trying to configure one of the Ethernet interfaces of an OpenBSD 4.5 box with both a dynamic address leased via DHCP, but also a static IP address. Initially, I tried this:
# cat /etc/hostname.vr2 dhcp inet 1.1.1.11 255.255.255.0 NONE up # sh /etc/netstart vr2
The problem with this approach is that dhclient never gets daemonized because netstart gets it annoyed: dhclient notices that something else reconfigured the interface and commits suicide. So, then I thought about reversing the order of the first two lines:
# cat /etc/hostname.vr2 inet 1.1.1.11 255.255.255.0 NONE dhcp up # sh /etc/netstart vr2
Now dhclient daemonizes but also removes all previously configured IP addresses, so the statically configured address configured via the first line is wiped by dhclient. Not very nice.
Turns out the solution lies in /etc/dhclient.conf:
# cat /etc/dhclient.conf
interface "vr2" {
supersede domain-name "example.com";
supersede domain-name-servers 1.1.1.1;
}
alias {
interface "vr2";
fixed-address 1.1.1.11;
option subnet-mask 255.255.255.0;
}
The alias stanza allows one to define an additional, aliased IP address for an interface. Which allows the machine to be always reachable on a fixed IP address.
Neat.
OpenBSD 4.0: initial impressions
January 3rd, 2007
Today, the mini-barebone computer that I ordered last week has been shipped. Basically, it consists of an ASUS Pundit P3-PH4 case and motherboard with an Intel LGA775 CPU socket, 4 dual-channel 533/600 DDR2 memory slots, 2 SATA connectors, 1 IDE connector, 1 serial port, 1 parallel port, 8-channel sound card, integrated Intel-based VGA, 4 USB 2.0 ports, 1 IEEE-1394 400 (FireWire) port, 1 Intel Pro 1000/MT Gigabit Ethernet controller, 1 CF/SD/MMC built-in reader (USB-based), 1 PCI Express x1 slot, 1 PCI Express x16 slot and 2 PCI slots. I added a Pentium 4 3.0GHz CPU, a 160GiB SATA hard drive and a standard DVD-/+RW drive. I was looking for a small form-factor machine that was able to run silently and cool but powerful enough to run things like IDS, file and print services or the Xen hypervisor. I discarded products like Soekris-based computers because they are expensive and underpowered when compared to a computer like this mini-barebone.
I decided to install OpenBSD 4.0 which has proven to be an extremely reliable, stable, easy to install and use, secure, Free/Libre Open Source Operating System. What is more, OpenBSD built-in firewall (named PF) is one of the most powerful, comprehensive open source firewalls in the market with support for stateful filtering, traffic normalization, traffic classification (ALTQ), load-balancing and resilience (pfsync) with good logging support (pflog) that, when combined with OpenBGPD and OpenSSH, make it a win-win platform to build network and security-oriented servers and appliances. OpenBSD can be downloaded from http://www.openbsd.org/ftp.html.
My initial expectations were low, to be honest. I have been using older versions of OpenBSD on quite old, low-end systems for a long time. The mini-barebone system has a full array of mostly-new hardware, like the built-in CF/SD/MMC reader, the SATA disk controller, and DDR2 memory. However, it turned out that OpenBSD 4.0 has absolutely no problem at all at dealing with all the integrated hardware. The SATA disk was recognized as such (wd0), the CF/SD/MMC built-in reader is recognized as three different devices (sd0, sd1 and sd2), and the USB 2.0 EHCI and FireWire built-in controllers are properly configured and recognized. Additionally, since the machine sports an Intel Pro 1000/MT Gigabit Ethernet controller, OpenBSD is able to use TCP/UDP checksum offloading (the em driver has been supporting this feature since OpenBSD release 3.8, as far as I know).
Overall, I’m quite impressed with the hardware support provided by OpenBSD 4.0. This superb piece of free/libre, open source software is a pleasure to use every day, and the ports collection brings a lot of software to the table to make OpenBSD a platform that I can use to convert my DVDs to DivX, store and serve files, protect my network from external threats, act as a Wireless Access Point, run a BIND DNS server and Mail server and do it all flawlessly and comfortably. Kudos to the OpenBSD team for this great operating systen and platform!