Configuring OpenBSD to support cable modems

I recently switched from DSL to cable, and had to learn how to use the ISC DHCP software with OpenBSD and my cable provider (Comcast). This was relatively easy, and the dhclient(8) manpage has lots of useful information and examples. Once I read through the man page, I created a file called/etc/dhcpclient.conf with the following information:

interface "hme0" {
send host-name "OBSD1";
request subnet-mask, broadcast-address, time-offset, routers;

script "/etc/dhclient-end";

This configuration file tells dhclient(8)to request DHCP services on the hme0 interface. The services are defined between curly braces, and include default routers, DNS servers, and the time a lease is valid ( I personally only grab netmask, broadcast, lease time, IP addresses and default routers from the Comcast DHCP servers). I also created the following shell script to flush the PF stable table, and add a new Pf policy during lease negotiation:


# Startup PF
/sbin/pfctl -e -F all -f /etc/pf.conf

Once the configuration is in place, the dhclient(8) utility can be invoked to grab a lease on an interface defined in dhclient.conf:

$ dhclient hme0

When you are attempting to get DHCP working, you can run the dhclient(8) utility with the “-d” option. This will print tons of debugging information, and help you clear up issues in a timely manner. Now that the DHCP connection is working, I added the following to /etc/rc.conf to grab a lease when the server boots:

# Bringup hme0
echo -n "Bringing hme0 online..."
/sbin/ifconfig hme0 up
echo "Done"

# Startup the cable connection
echo -n "Startup Cable connection..."
/sbin/dhclient hme0
echo "Done"

If you want to review the leases and expiration times, you can view the contents of “/var/db/dhclient.leases”:

$ ls -al /var/db/dhclient.leases

---------- 1 root wheel 796 Mar 27 13:48 /var/db/dhclient.leases

You should enable pf in /etc/rc.conf, and ensure a default policy is in place prior to grabbing the initial lease. There is a period of time when you will be sitting on the Internet unprotected. It might be paranoia, but I like to have a DROP ALL but DHCP policy in place prior to dhclient starting.

This article was posted by Matty on 2005-03-27 23:20:00 -0400 -0400