When configuring Ethernet for client computers, if your IPv4 network offers DHCP, you should be able to plug right in. If you’re using IPv6, you should be able to attach the cable and let autoconfiguration take over.
If a particular machine will be a server, a static IP address probably makes more sense. Before assigning a static address, you’ll need the following:
An IP address (IPv4, IPv6 or both)
The netmask/prefix length(s)
The IP address(es) of the default gateway
Armed with this information, attach your system to the network and keep reading. I’ll first discuss using ifconfig(8)
and route(8)
to perform changes manually, and then review how to set these automatically at boot. In any case, you must configure the resolver as discussed at the beginning of this chapter.
If you installed OpenBSD over a network, your Ethernet connection should already be working, but it might not be set up exactly the way you like. To manage your network interfaces, use the ifconfig(8)
tool.
Let’s look at your Ethernet card and see what it has to say. Start by asking your system about all of the interfaces it has installed, by running ifconfig
.
All OpenBSD systems have three logical interfaces out of the box: lo0
, enc0
, and pflog0
. The lo0
interface is the loopback interface, referring to the local machine. The enc0
interface is an encapsulation interface, intended for IPsec traffic. Finally, pflog0
is for logging PF traffic, as discussed in Chapter 22. The rest of the interfaces are physical ones.
Unlike some operating systems, OpenBSD network interfaces are named after the device driver of the underlying hardware. Here’s a sample list:
$ ifconfig fxp0: flags=8843<1UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:16:36:c0:58:a5 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) 2 status: active 3 inet 192.0.2.226 netmask 0xffffff00 broadcast 192.0.2.255 inet6 2001:db8::216:36ff:fec0:58a5 prefixlen 64 inet6 fe80::216:36ff:fec0:58a5%fxp0 prefixlen 64 scopeid 0x2
The interface fxp0
uses the fxp(4)
device driver, which the man page says is an Intel EtherExpress PRO 10/100 card. As you can see at 1, the interface is up, meaning that it’s active and ready to use. The lladdr
is the link local address, or the MAC address of the card. This card is in the egress
group. OpenBSD uses interface groups in several places, including the packet filter, as discussed in Chapter 22.
To see the type of physical media underlying the connection, check the media
line. This particular connection runs at 100Mbps full-duplex. The connection is active, as shown at 2; the physical layer has not only been configured, but it also has a link light and is ready to go. The connection has been assigned an IPv4 address and netmask, as shown at 3. You can see on the two lines that follow that both an IPv6 address and a link local IPv6 address have been assigned.
Use ifconfig
to assign, change, or remove IP addresses from a network interface. The OpenBSD installer offers to configure your network cards at boot, but if you didn’t configure all of your interfaces during installation, or if you add or remove network interfaces after installation, you will need to do so manually.
To add an IP address for IPv4, start with the interface’s assigned IP address and netmask.
# ifconfig interface-name IP-address netmask
For example, if your network card is fxp0
, your IP address is 192.0.2.55, and the netmask is 255.255.255.128, you would run this:
# ifconfig fxp0 192.0.2.55 255.255.255.128
Specify the netmask in dotted-quad notation, hexadecimal, or even slash notation, like this:
# ifconfig fxp0 192.0.2.55/25
You don’t need to specify a netmask separately if you use a slash.
Adding an IP address with IPv6 is a little different. Specify the address, a slash, and the prefix length, but don’t try to add a separate netmask; just use the slash that’s part of the address. Here’s an example:
# ifconfig fxp0 inet6 2001:db8:0:12::2/64
If you need to remove an IP address from an interface, use the delete
option of ifconfig
for both IPv4 and IPv6 addresses.
# ifconfig fxp0 192.0.2.55 delete
The effect is immediate, so be sure you don’t lock yourself out of the system by removing all of its reachable IP addresses, or by removing the only address your SSH daemon is attached to. (In certain rare cases, existing connections to deleted addresses might continue to work, but they probably won’t, so don’t count on it.)
One network interface can respond to requests for multiple IP addresses, which is important because a server might support hundreds or thousands of domains and need an IP address for each. (This isn’t so important for plain websites, but it can be important for SSL-based websites and protocols that rely on reverse DNS.)
To add extra IP addresses to an interface, use IP aliases. IP aliases tell a network card to “answer requests for this IP address as well as your own.” To add aliased IP addresses, use ifconfig
with the keyword alias
after the interface name to tell ifconfig
this is an alias. Be sure to always use a netmask of 255.255.255.255, or /32, for alias addresses.
# ifconfig fxp0 alias 192.0.2.230/32 # ifconfig fxp0 … inet 192.0.2.226 netmask 0xfffffff0 broadcast 192.0.2.239 inet 192.0.2.230 netmask 0xffffffff
The interface listed here has a main IP address of 192.0.2.226 and an alias IP address of 192.0.2.230.
When working with IPv6, add the inet6
keyword, like this:
# ifconfig fxp0 inet6 alias 2001:db8:0:12::3/64
It’s important to realize that all outgoing connections on a host with one network connection use the host’s primary IP address. For example, you might have 2000 IP addresses bound to one interface, but when you ssh
out, the connection comes from the primary address. Remember this when writing firewall rules and access control lists, because while some programs have an option to set a different source IP address, they’re the exception.
The OpenBSD kernel doesn’t really differentiate between the primary IP addresses and aliases—it just keeps a list of IP addresses—but it will use the first address on its list as the source address unless told otherwise. If a host has multiple network connections, the source address of outgoing connections is the main IP address of the network interface on which packets leave the system.
To remove an alias, use the delete
option of ifconfig
and give the IP address, without the netmask.
# ifconfig fxp0 delete 192.0.2.230
For IPv6, use inet6 delete
instead.
# ifconfig fxp0 inet6 delete 2001:db8:0:12::3
Use route(8)
to configure the default route for each protocol.
# route add default 192.0.2.1
add net default: gateway 192.0.2.1
An IPv6 default route is almost identical, but you must add the -inet6
modifier.
# route add -inet6 default 2001:db8:0:12::1
add net default: gateway 2001:db8:0:12::1
Once you add IP addresses and default routes to your host, you should be able to reach the rest of your network and the Internet. Now let’s see how to make those changes across reboots.
To have OpenBSD get an IPv4 address from a DHCP server, run dhclient(8)
and give it the name of the interface you want to configure.
# dhclient fxp0
dhclient
gets an IP address, overwrites /etc/resolv.conf, and configures the default route.
For IPv6, run rtsol(8)
instead.
# rtsol fxp0
Remember that IPv6 autoconfiguration will not configure your resolver. You’ll need to piggyback off your IPv4 DNS servers or manually configure /etc/resolv.conf.
While ifconfig(8)
is fine for changes on the fly, your system should configure its interfaces correctly at boot, including any aliases on the interface, any routes added when the interface comes up, and so on.
Each interface has a configuration file, /etc/hostname.interfacename, generically called hostname.if. The fxp0
interface on my desktop uses a configuration file /etc/hostname.fxp0, my wireless interface wpi0
uses /etc/hostname.wpi0, and so on. At boot, OpenBSD’s /etc/netstart script reads all of the hostname.if files and, if it finds a matching physical interface or can create a matching logical interface, it configures the interface accordingly.
To configure an interface’s IPv4 address, enter a line in hostname.if in this format:
inet ipaddress netmask broadcastaddress ifconfig-options
The broadcast address and options are optional. To use options but not specify a broadcast address, use NONE
for the broadcast address. You can also use a slash for the netmask instead of the decimal equivalent.
Similarly, add an IPv6 address with the following:
inet6 ipv6address/prefix ifconfig-options
To give fxp0
the IPv4 address of 192.0.2.226 255.255.255.240 and the IPv6 address of 2001:db8:0:12::2/64 at boot, use the following in /etc/hostname.fxp0:
inet 192.0.2.226 255.255.255.240 NONE description 'top card' inet6 2001:db8:0:12::2/64
Here, I also define an interface description that will show up in ifconfig
output.
To create an IP address alias at boot, use the alias
keyword in hostname.if.
inet alias 192.0.2.230/32 inet6 alias 2001:db8:0:12::3/64
To run a command when the interface comes up, put an exclamation point in front of the command. Any commands run must be available on the root partition (for example, in /bin or /sbin). This feature is most commonly used for routing, but you could use other commands as well.
!route add 192.0.2.128/25 192.0.2.2
To configure an interface dynamically, via DHCP (IPv4) or rtsol
(IPv6), put the string dhcp
or rtsol
on a line by itself.
dhcp rtsol
Anything that’s not formatted as shown here is passed unedited to ifconfig(8)
. For example, to run a specific ifconfig
command, put the arguments on their own line in hostname.if.
description 'lower card'
If you simply want to activate a card, but not configure it, use the word up
on a line by itself to activate the interface.
up
And remember, you can test hostname.if changes with /etc/netstart, specifying an interface name if appropriate, like so:
# /bin/sh /etc/netstart fxp0
Not including the interface name reconfigures all interfaces on the system.