Chapter 1. Introduction

Table of Contents

1.1. Purpose and target audience
1.2. Why OpenBSD?
1.3. OpenBSD installation type
1.4. Prerequisites
1.5. Conventions used in this document

1.1. Purpose and target audience

This document is a start-to-end guide to setting up a PC Engines GmbH ALIX.2D3 system board as an OpenBSD 4.8-based NAT gateway, providing a small LAN with a PF NAT/firewall, recursive DNS service, Network Time Protocol synchronization, and more.

Figure 1.1. An ALIX as an OpenBSD router

An ALIX as an OpenBSD router

First and foremost, I'm writing this for my own future reference. Therefore I will assume of the reader some experience with Unix (although not necessarily OpenBSD) system administration, as well as a general understanding of TCP/IP and IPv6 networking.

But I also want this guide to be useful to others out there, which is why I'm bothering to publish it at all. Even though it necessarily addresses some particulars of my installation, I have tried to keep it as general as possible.

1.2. Why OpenBSD?

Why build a router on OpenBSD, rather than more popular open source source operating systems such as Debian Linux? It ultimately comes down to personal tastes – Linux as well as any of the other BSDs are plenty capable of getting this job done – but these are the specific advantages that led me to choose OpenBSD for this application:

  • Like the other BSDs, OpenBSD's development model is as a single, cohesive operating system rather than the collection of disparate parts that makes up most Linux distributions. In my experience this makes for a smoother system administration experience: all the man pages are kept relevant and up to date, and system utilities make sense in the context of the system as a whole.

  • There is a strong emphasis on security and code correctness in the OpenBSD community, making the system uniquely suited for use on a router with constant exposure to a hostile Internet.

  • OpenBSD is especially focused on networking. The base system includes great networking software like the pf(4) firewall, altq(9) queue management, the pppoe(4) kernel driver, dhcpd(8), and named(8). Widely used software like OpenSSH and OpenNTPD actually originates with the OpenBSD project, and so is perhaps better integrated into OpenBSD than in any other operating system.

  • OpenBSD is very light on system resources, with lower memory use than Debian Linux. This is good for limited memory systems like the ALIX board.

  • The ports tree offers easier customization of third-party software than the binary package mechanisms in most Linux distributions.

1.3. OpenBSD installation type

The end product of this guide is a full, general-purpose OpenBSD installation on the ALIX board's Compact Flash card. Specifically, this is in contrast to a read-only, image-based OpenBSD installation such as offered by flashdist or flashrd.

In researching this topic, I've found some people have an almost visceral repulsion toward the use of read-write filesystems on CF cards in embedded devices. While such hesitation tends to be based on the kernel of truth that flash memory can endure a limited number of write cycles, I would point out that modern flash memory can handle hundreds of thousands or millions of erasures of the same block before failure, and that's before taking write leveling into account. If you take some basic precautions such as disabling swap and setting noatime in fstab, flash write wear just isn't something you'll have to worry about in practice on such a device.[1]

For what it's worth, I've been running this configuration on the same CF card for more than two years now, and I'm yet to encounter flash memory failure.

1.4. Prerequisites

If you want to follow along with these instructions, you will need to have a few things before you begin:

  • A PPPoE-based DSL Internet connection (with DSL modem already set up)

  • ALIX.2D3 board with power supply and, optionally, enclosure

  • 16 GB Compact Flash card[2]

  • Two Ethernet (Cat 5e or Cat 6 with 8P8C connectors) cables

  • RS-232 null modem cable (female-female)

  • A PC workstation with: an RS-232 serial port (or a USB-to-serial adapter), an Ethernet adapter, and a second network adapter of any type which routes to the Internet

Additionally, if your ALIX.2D3 board does not already include a battery backup for its CMOS clock (a custom build option for this board, also known as the ALIX.2D13) and you wish to add one, you will need the following:

  • One CR2032 battery

  • Soldering supplies and equipment: iron, solder, sponge, etc.

  • CR2032 battery holder with 20.4mm lead spacing[3]

Installation of the CR2032 battery holder will be covered in Chapter 2, ALIX Board Setup.

1.5. Conventions used in this document

Certain file listings and instructions in this guide necessarily refer to specifics such as hostname or private (RFC 1918) IPv4 addresses. Wherever you see these, substitute values appropriate for your own setup for those shown in Table 1.1, “Installation specifics”.

Table 1.1. Installation specifics

Unix usernamemshroyer
Router IPv4 address on LAN10.19.0.1
Private IPv4 network block10.19.0.0/17

Throughout this document, OpenBSD commands and system components are referred to by name, followed in parentheses by the section number in the OpenBSD manual in which their documentation lives. For example, the classic Unix text editor would be shown as vi(1).

[1] I should point out I'm not dissing flashrd here – it's a great project, and something like flashrd will be well worth it if you need maximum unattended reliability (for the sake of random filesystem corruption in the face of power failure as much as flash wear), or if you're deploying multiple systems and would find yourself creating system images anyway. But I feel that for a single hobbyist home router such as the one described in this document, the simplicity and flexibility of a stock OpenBSD installation is the overriding concern.

[2] While any 4 GB or larger Compact Flash card should easily suffice (and much smaller can be managed, depending on how much effort you are willing to expend paring down the OpenBSD operating system, and the exact nature of your requirements), the disk partition scheme described in this document assumes the user of 16 GB media.

[3] For instance, Renata CR2032FH1 or Panasonic BR2032-1HE, as per the ALIX.2D3 documentation.