Archive for May, 2007

Soekris net4801 and OpenBSD

May 27th, 2007 by tripledes

Well I’m moving again, that means new ISP, new network setup…so I’m starting to prepare a new router/firewall based on my long forgotten Soekris and OpenBSD 4.1. Why OpenBSD? cause it’s free, it plays nicely on lowend machines, allows a setup without wasting CF writing cycles, upgrades are not a nightmare (when your 3rd party packages list is not large) and PF is powerful tool. I know I’m leaving one…security but this has been highly criticized, in fact they focus on security but we all know when you start setting up services security starts to decrease. The real difference I see between a Linux distribution and OpenBSD is Linux always relay on 3rd party applications, distributions don’t maintain a base system as all BSDs do. So, when OpenBSD talks about security they usually are talking about what they really maintain, their base OS. OK I just made my point, so let’s start the game ;) .

What I needed?

  • 1 x Soekris net4801
  • 1 x 1GiB CF
  • 1 x USB CF reader/writer
  • 1 x null modem serial cable

How to install…
I picked the easiest way, I downloaded all OpenBSD’s sets I wanted to install and the boot images needed to create a bootable CD then connected the USB CF reader to my laptop and booted from the CD-ROM, proceeded with a normal installation using the USB massive storage device which was the CF itself. Just have to remember to answer yes when the process asks about setting up the serial console and once everything is finished /etc/fstab has to be modified to use wd0 instead of sd0.

Avoiding writings…
In order to avoid wasting the CF writing cycles I have decided to use MFS for /var and /dev, this could be enough, but I also decided to mount the root (and the only one) partition as read-only so my fstab looks like:
# /etc/fstab
/dev/wd0a / ffs ro 1 1
swap /var mfs rw,-P=/home/fake/var,-s=131000,noexec,nosuid,nodev 0 0
swap /dev mfs rw,-P=/home/fake/dev,-s=1200,-i=128,noexec,nosuid 0 0

I have made a large /var cause I also symlinked /tmp to /var/tmp avoiding another MFS. So only one thing was left, I had to find a way to sync /var and /home/fake/var in order to preserve logs, backups, tmp, etc. so I installed the rsync package and modified /etc/rc.shutdown:

if [ -x /usr/local/bin/rsync ]; then
    echo "Rsync'ing mfs folders...";
    /sbin/mount -u -orw /
    /usr/local/bin/rsync -aqr \
    /var/{account,audit,authpf,backups,cron,db,log,mail,msgs,spool,tmp} \
    /home/fake/var/;
fi

Well, the machine is ready now I just need to pick an ISP and wait for our account details, configure the PPPoE connection and start to write PF rules :) so another post might come soon ;)

   BSD, Operating Systems    Add a comment