OpenBSD on a Mac Mini

One of the two mac mini's I bought was meant to be an OpenBSD firewall. Reasons for considering a Mac Mini with as a firewall:

• It runs virtually silent
• It uses (comparatively) little power
• It doesn't take up a lot of room
• Running a firewall on a non-Intel architecture makes me feel good

Configuring OpenBSD was more or less straightforward—I did run into a couple of "gotcha's" but they were easily overcome with a bit of Googling.

OpenBSD initially only wanted to lay claim to eight gigabytes (of the 40 GB disk). The solution was to run fdisk and change the size of the A6 partition.

The USB ethernet adapter works fine (the Mac Mini only has one onboard ethernet connection, and for a firewall you need two), but there are a lot of apparently spurious errors logged to the console. Since the maximum speed of the cable modem link is only a couple of MB/sec I expect the USB ethernet adapter to hold up fine.

At the end of the installation notes it says you can configure the firmware to automatically boot into OpenBSD:

Autobooting OpenBSD/macppc

It is possible to automatically boot into OpenBSD (selectably into Mac OS) by setting up the following:
setenv auto-boot? true
setenv boot-device hd:,ofwboot

[to save the results into NVRAM]
reset-all

These settings assume that the master of the first IDE bus has OpenBSD installed on it, either in MBR format or in shared mode with ofwboot copied into the first HFS(+) partition. It is not necessary to specify '/bsd' on the boot line or in the boot-device variable, since it is the default.

My experience was that when the boot-device was set just to hd:,ofwboot the computer wouldn't start up. The only way I could get it to work was by setting the boot-device to be hd:,ofwboot /bsd.

Next up: besides a few recommended post-installation steps I'm installing snort, nmap, bash, screen, tcl, expect & squid.

—Michael A. Cleverly
Monday, January 30, 2006 at 21:19

Comments