Title : OpenBSD and iSCSI part1: the target (server) Author: Solène Date : 21 February 2019 Tags : unix openbsd iscsi This is the first article of a series about iSCSI. iSCSI is a protocol designed for sharing a block device across network as if it was a local disk. This doesn't permit using that disk from multiples places at once though, except if you use a specific filesystem like GFS2 or OCFS2 (Linux only). In this article, we will learn how to create an iSCSI target, which is the "server" part of iSCSI, the target is the system holding the disk and making it available to others on the network. OpenBSD does not have an target server in base, we will have to use net/netbsd-iscsi-target for this. The setup is really simple. First, we obviously need to install the package and we will activate the daemon so it start automatically at boot, but don't start it yet: # pkg_add netbsd-iscsi-target # rcctl enable iscsi_target The configurations files are in **/etc/iscsi/** folder, it contains files **auths** and **targets**. The default configuration files are the same. By looking at the source code, it seems that **auths** is used there but it seems to have no use at all. We will just overwrite it everytime we modify **targets** to keep them in sync. Default **/etc/iscsi/targets** (with comments stripped): extent0 /tmp/iscsi-target0 0 100MB target0 rw extent0 10.4.0.0/16 The first line defines the file holding our disk in the second field, and the last field defines the size of it. When iscsi-target will be started, it will create files as required with the size defined here. The second line defines permissions, in that case, the extent0 disk can be used read/write by the net 10.4.0.0/16. For this example, I will only change the netmask to suit my network, **then I copy targets over auths**. Let's start the daemon: # rcctl start iscsi_target # rcctl check iscsi_target iscsi_target(ok) If you want to restrict ports using PF, you only have to allows the TCP port 3260 from the network that will connect to the target. The according line would looks like this: pass in proto tcp to port 3260 Done!