OpenBSD Journal

Soekris Fun

Contributed by sean on from the fooling-around-with-tiny-computers dept.

The Soekris machines are cool little gadgets. While fun to play with they can be a bit frustrating to setup on your first attempt. In this article I explain how to setup a NET4501 from start to first boot and hopefully in subsequent articles I'll explain how to do some of the interesting things I've tried. If you have some of this gear lying around it is a great opportunity to learn how the OpenBSD boot process works but I digress...

Soekris Fun

Table Of Contents:

Introduction

I have a real soft spot for small computers and a real hatred for black box systems. The smaller the computer the more I will like it and the Soekris line is no exception. I was introduced to these computers a few years ago and have been yearning for reasons to make my employer buy a whole bunch of them to do something neat. Their price is unfortunately kind of steep for a toy which may or may not have any use other than messing around (relative to say an Xbox or Playstation) so I had to wait until I could get my hands on one before exploring further.

Now that I have a few to play with I've been having nothing but fun with them. They are a great platform to learn how the OpenBSD boot process works as well as figuring out how all the pieces of OpenBSD fit together in excrutiating detail. As well, being compact flash based and being relatively low power these boards make great firewalls and 'quick fix' appliances.

Unfortunately it wasn't all a smooth ride getting my first machine up and running. It tried a few different 'tools' to setup and build an image for the machine and fought with my lack of knowledge regarding drive geometry. In order to save you a headache or two I will explain how to get a machine up and running from start to finish.

Since this isn't a 'small' topic I will be writing a number of articles which will take you through building a default image (ie. this article) through setting up a flexible imaging environment as well as setting up the device for some common appliance like situations (ie. such as a firewall, transparent bridge for spamd, traffic inspection and the ever amusing dsniff, and maybe even how to set up a WAP once I figure out how to get it right).

For the purposes of this article I will be referring to the NET4501 (as that's what I have) but the following procedures should work for good number of other CF based i386 systems (such as the WRAP boards). This machine is a tiny 486 with three network interfaces (sis) and a wee bit of RAM (in my case 64MB). It is by no means a speed demon but as far as I'm concerned, more fun than a barrel of monkeys.

You will need the following:
  • A NET4501 board and power supply.
  • A computer with OpenBSD i386 installed.
  • Access to either the OpenBSD CD set or an FTP mirror.
  • A supported compact flash reader. I have found that many that act as a mass storage device 'just' work but you might want to test this.
  • A DB9 female to DB9 female null modem serial cable.
  • A compact flash card 32MB or greater. I'm using 64MB cards but CF cards prices have fell through the floor in the past year so finding one shouldn't be too hard.

Getting Started:

You will need to have OpenBSD installed on your 'staging' machine and you will need to install the source tree either from the OpenBSD CD, FTP or CVS. Once you have it ready to go. Make yourself a folder to work in. I've chosen /home/soekris. This is where we will work from and store the image sets so we don't have to mess around with the current installation and allow for a bit more customization for different image sets.

Next you will need to download flashdist which is a shell script package written by Chris Cappuccio to bootstrap OpenBSD installations onto compact flash media. I have tried a few different packages to accomplish this though flashdist is definitely the best I've come across. I would suggest de-archiving the downloaded tar-ball into /home/soekris and keep the folder name as it is (again to makes things easier on you if you need to switch versions of flashdist). As of this article the current version is currently 20061013.

root@craptop:~$ mkdir /home/soekris
root@craptop:~$ lynx -source http://www.nmedia.net/~chris/soekris/flashdist-20061013.tar > ~/flashdist-20061013.tar
root@craptop:~$ tar xpf ~/flashdist-20061013.tar -C /home/soekris

Now that we have flashdist ready to go we need to grab the base and etc packages from the OpenBSD distribution. You can definitely use the installed versions on your machine if you want to (and have space issues) but using a separate sandbox will in the long run make your life easier when having to make different images and dealing with system upgrades. Either grab base40.tgz and etc40.tgz off of the OpenBSD CD's or the FTP site and place them in a safe place (I put them in /home/soekris/obsd).

Before we can go any further we will need to build a kernel that is setup and small enough to work with the NET4501. Luckily the flashdist package includes a kernel config for you that (as of 3.9) works right out of the box. Previous versions needed some mangling to take care of some dependancies not included but since things have stabilized 'it should just work.' First thing off when building a new kernel is to setup the build environment. This is pretty simple and very easy to forget so let's just get it out of the way.
root@craptop:~$ cd /usr/src
root@craptop:~$ make obj

This will run through the source tree and build a bunch of symlinks and setup our build environment.

Next we need to copy the kernel config we have chosen into the proper place, setup the kernel build environment and then make our new kernel. Note we are not replacing the kernel on the local machine, we are creating one to use solely on our NET4501.

root@craptop:~$ cd /usr/src/sys/arch/i386/conf/
root@craptop:~$ cp /home/soekris/flashdist-20061013/NET4501 .
root@craptop:~$ config NET4501
root@craptop:~$ cd ../../compile
root@craptop:~$ make depend && make

Once the compile is done successfully you will have a kernel located at /usr/src/sys/arch/i386/compile/NET4501/bsd remember that location as you will need it shortly.

Building your first image:

So now we have everything we need ready to build an image to boot with this NET4501. In order to keep things organized into a nice little sandbox we will call this sandbox newimage and place it in /home/soekris/newimage. Go a head and create your sandbox and extract the contents of base40.tgz and etc40.tgz into that folder but do not forget to preserve permissions (or you will quickly get a headache).

root@craptop:~$ mkdir /home/soekris/newimage
root@craptop:~$ tar zxpf /home/soekris/obsd/base40.tgz -C /home/soekris/newimage/
root@craptop:~$ tar zxpf /home/soekris/obsd/etc.tgz -C /home/soekris/newimage/

Now we have the basic set of files needed to choose from and build a complete bootable system. If you want to add new things to this sandbox we will go over that later but for now this is all we need to get you started.

From here out we will be playing with the flashdist script itself. Let's go into our flashdist folder and see what we have available. You can go the flashdist website to get a general description of what each of the files are but in the following listing I've emboldened the files we will be talking about.

root@craptop:~$ cd /home/soekris/flashdist-20061013/
root@craptop:~$ ls -al
total 140
drwxr-xr-x  2 root  wheel    512 Nov  8 00:43 .
drwxr-xr-x  3 root  wheel    512 Nov  8 00:43 ..
-rw-r--r--  1 root  wheel   4122 Apr 13  2006 NET4501
-rw-r--r--  1 root  wheel   4285 Jan 16  2006 NET45xx
-rw-r--r--  1 root  wheel   5747 Jan 16  2006 NET4801
-rw-r--r--  1 root  wheel   1439 Oct 13 14:40 NOTES
-rw-r--r--  1 root  wheel     43 Apr 12  2006 boot.conf
-rw-r--r--  1 root  wheel  20953 Oct 13 14:39 flashdist.sh
-rw-r--r--  1 root  wheel   2174 Oct 13 14:38 flashsmall.txt
-rw-r--r--  1 root  wheel     23 Apr  4  2002 fstab
-rw-r--r--  1 root  wheel    111 Sep  9  2003 nshrc
-rw-r--r--  1 root  wheel   3653 Oct 13 14:39 rc

-rw-r--r--  1 root  wheel    877 May 20  2003 syslog.conf
-rw-r--r--  1 root  wheel   6748 Apr  5  2002 ttys
  • NET4501: The kernel config file we used to create our custom kernel.
  • flashdist.sh: A ksh script which will be doing most of our heavy lifting.
  • flashsmall.txt: This file contains a listing of every file we will be copying onto our compact flash card. The default is 32MBs and is quite spartan. We will discuss how to expand on this a bit later.
  • rc: Something you might find familiar. This is the script init calls after the kernel has been loaded. A horrible analogy is the 'autoexec.bat' from MS-DOS. This RC script is stripped down and will need to be customized. More on that later.

At this point we'll just use the stock configuration provided by flashdist and get our NET4501 booting. Plug your nice new compact flash card into your compact flash reader and plug said reader into your computer (it is best to use an external reader (ie. via USB) in case you want to switch cards of different sizes as 'mass storage' is not the same as 'removable'). Once plugged in look in dmesg for the reader and get the device node for your compact flash card.

root@craptop:~$ dmesg | tail
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  scsi0 0/direct removable
sd0: 61MB, 61 cyl, 64 head, 32 sec, 512 bytes/sec, 125440 sec total

sd1 at scsibus1 targ 1 lun 1:  scsi0 0/direct removable
sd1: drive offline
sd2 at scsibus1 targ 1 lun 2:  scsi0 0/direct removable
sd2: drive offline
sd3 at scsibus1 targ 1 lun 3:  scsi0 0/direct removable
sd3: drive offline

Here you see my flash card reader is actually a multi-port device (a cheap 6 in 1 gadget I picked up online a long while ago). The flashcard I have inserted is bound to sd0 (or /dev/sd0) and is acting like a SCSI generic block device (which it is). We can do all kinds of things to it that you would do with a block device such as dd'ing it, partitioning it, making a disk label etc. Flashdist does the heavy lifting for us here so we don't have to worry about it. All we need to know is the device node we have our card on (ie. sd0).

Up until recently this step was a real pain in the butt as you had to make sure flashdist knew the geometry of the device it is writing to but now there is an 'autodetect' that which makes live easier. The following command writes out our system to the compact flash card and makes the system bootable. We are asked a few questions about some local configuration options. Like the OpenBSD installer you pretty much just need to get ENTER a bunch of times and put in a root password.

The parameters to the flashdist script are as follows:
  • -d: Use what the kernel 'thinks' the drive geometry to initialize the disklabel.
  • sd0: The device node which we are going to write to.
  • flashsmall.txt: The file set to populate the file system with.
  • /usr/src/sys/arch/i386/compile/NET4501/bsd: The kernel we want to boot with.
  • ../newimage/: The location of all the files specified in flashsmall.txt in our sandbox.


root@craptop:~$ cd /home/soekris/flashdist-20061013/
root@craptop:~$ ./flashdist.sh -d sd0 flashsmall.txt /usr/src/sys/arch/i386/compile/NET4501/bsd ../newimage/
flashdist.sh 20061013 chris@nmedia.net
Using disk device: sd0
Using distfile: flashsmall.txt
Copying kernel from: /usr/src/sys/arch/i386/compile/NET4501/bsd

Please pay attention to any error messages that you may
receive from the commands this script is using. If you
end up having problems, they could explain why.

WARNING: This will erase ALL DATA on the sd0 disk device!
Press enter key to continue or Control-C to abort...
Updating MBR and partition table...
fdisk: sysctl(machdep.bios.diskinfo): Device not configured
Note, you may ignore "sysctl(machdep.bios.diskinfo)" errors if present.

Setting up disklabel...
# Inside MBR partition 3: type A6 start 32 size 124896

The install script is using the following parameters:
Total size of media: 125440 sectors (64225280 bytes)
Bytes/Sector: 512
Sectors/Track: 32
Sectors/Cylinder: 2048
Tracks/Cylinder (heads): 64
Cylinders: 61

Press enter key to continue or Control-C to abort...
Checking distribution list...

Installing disklabel...
# Inside MBR partition 3: type A6 start 32 size 124896

Creating new filesystem...
/dev/rsd0a:	124896 sectors in 122 cylinders of 32 tracks, 32 sectors
	61.0MB in 3 cyl groups (60 c/g, 30.00MB/g, 7552 i/g)

Mounting destination to /tmp/flashdist.htoI30989...
Checking free space on sd0...
Copying OpenBSD distribution to media...
done
Copying bsd kernel, boot blocks, /etc/resolv.conf...
Installing boot blocks...
using MBR partition 3: type 166 (0xa6) offset 32 (0x20)
Running MAKEDEV...done
Setting up directories and links...
Changing any instance of /bin/csh in /tmp/flashdist.htoI30989/etc/master.passwd to /bin/ksh
Generating new RSA host key... done
Generating new RSA1 host key... done
Generating new DSA host key... done

Please assign a root password...
Password:
Verify:

Copying configuration files to /etc... ttys fstab rc syslog.conf boot.conf nshrc

Please enter the hostname or IP address of the central log host which will
receive udp syslog packets from this installation. (Press enter for none,
and syslog will log to ramdisk)

Loghost: 
Installation finished.
Unmounting filesystem...done!

If for some reason the -d option doesn't work for you (and the values in dmesg do not work for some reason) then the geometry of the device can be be determined at the BIOS text sent to the serial port when the NET4501 boots up. The NET4501 boot messages are as follows with the drive geometry for our card in bold.

POST: 0123456789bcefghipajklnopq,,,tvwxy^[[2J
comBIOS ver. 1.28  20050527  Copyright (C) 2000-2005 Soekris Engineering.

net45xx

CPU 80486 133 Mhz 0064 Mbyte Memory

Pri Mas  SanDisk SDCFB-64                LBA 490-8-32  62 Mbyte

Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int 
-------------------------------------------------------------------
0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000 
0:16:0 1260 3873 02800001 0117 0290 10 3C 00 A0000008 00000000 10
0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0001000 11
0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0002000 05
0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0003000 09

5 Seconds to automatic boot.   Press Ctrl-P for entering Monitor. 

At this point we are done and can unplug the card from our reader and plug it into our NET4501. It would be safer to unplug the reader if you can as reading or writing to the device node while there is no card in the reader would net you a kernel panic (which is never fun). If you cannot unplug the reader for any reason, you can pull the card but just be careful not try to read or write from the device node (ie. sd0).

Booting and playing around:

Since the NET4501 doesn't have a VGA display output we are going to have to use a serial console to connect to the machine. You can use ethernet to connect via SSH but you won't see the boot messages nor be able to get into the BIOS should things need fiddling. Plug the newly minted compact flash card into your soekris and grab your null modem cable , connect it to your serial port and to the serial port on the NET4501.

You can use any terminal emulator you wish but since I'm lazy I'll use whatever comes stock with OpenBSD (which in this case is cu(1)). cu isn't exactly the most straight forward application and can be down right confusing (and frustrating) if you don't read man page or understand it. Connecting is pretty simple if you know what serial port you are using. In this case I'm using tty00 (which is analogolus to COM1 in MS-DOS, cu(1) also defaults to a speed of 9600 but the NET4501 uses 19200.

root@craptop:~$ cu -l /dev/tty00 -s 19200
Connected

Not very entertaining huh! Now you might be wondering how do I quit this application? You've probably tried CTRL-D (ie. EOF) or CTRL-C (ie. break) or even CTRL-Z (suspend) only to find out that neither is working. You could read the man page and scratch your head a bit (if you don't know what all those key symbols mean). But I'll save you the headache. To quit cu all you have to do is clear whatever line you are on of input (hit enter a few times) and type a tilde (ie. SHIFT-`) and then hit CTRL-D. After which you will see [EOT] and get your shell prompt back. If this doesn't work your current line isn't cleared or your typing the sequence wrong. I would suggest trying this a few times to get the hang of it.

Well you can now plug in your NET4501 and watch it boot through the serial console. If you don't see anything you either haven't used the right serial cable (you need a null modem cable) or you are not using the right serial port or speed. Booting looks as follows.

root@craptop:~$ cu -l /dev/tty00 -s 19200
Connected

POST: 0123456789bcefghipajklnopq,,,tvwxy^[[2J
comBIOS ver. 1.28  20050527  Copyright (C) 2000-2005 Soekris Engineering.

net45xx

CPU 80486 133 Mhz 0064 Mbyte Memory

Pri Mas  SanDisk SDCFB-64                LBA 490-8-32  62 Mbyte

Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int 
-------------------------------------------------------------------
0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000 
0:16:0 1260 3873 02800001 0117 0290 10 3C 00 A0000008 00000000 10
0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0001000 11
0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0002000 05
0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0003000 09

5 Seconds to automatic boot.   Press Ctrl-P for entering Monitor. 
Using drive 0, partition 3.
Loading.....
probing: pc0 com0 com1 pci mem[639K 63M a20=on] 
disk: hd0+
>> OpenBSD/i386 BOOT 2.10
switching console to com0
>> OpenBSD/i386 BOOT 2.10
com0: changing speed to 19200 baud in 5 seconds, change your terminal to match!
com0: 19200 baud
boot> 
booting hd0a:/bsd: 1695608+220956 [52+94129+84928]=0x1ffbac
entry point at 0x200120

[ using 179480 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
	The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.0 (NET4501) #0: Sat Nov  4 10:53:20 CST 2006
    root@craptop:/usr/src/sys/arch/i386/compile/NET4501
cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 ("AuthenticAMD" 486-class)
cpu0: FPU
real mem  = 66678784 (65116K)
avail mem = 57319424 (55976K)
using 839 buffers containing 3436544 bytes (3356K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/27, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
elansc0 at pci0 dev 0 function 0 "AMD ElanSC520 PCI" rev 0x00: product 0 stepping 1.1, CPU clock 133MHz, reset 0
gpio0 at elansc0: 32 pins
sis0 at pci0 dev 18 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 11, address 00:00:24:c1:d9:c8
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 19 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 5, address 00:00:24:c1:d9:c9
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 20 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 9, address 00:00:24:c1:d9:ca
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
isa0 at mainbus0
isadma0 at isa0
wdc0 at isa0 port 0x1f0/8 irq 14
wd0 at wdc0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 61MB, 125440 sectors
wd0(wdc0:0:0): using BIOS timings
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask f1c7 netmask ffe7 ttymask ffe7
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
/dev/rwd0a: file system is clean; not checking
mfs: mounting /tmp...
mfs: populating /tmp...
databases: dev
securelevel: kern.securelevel: 0 -> 1
watchdog: kern.watchdog.period: 0 -> 32
watchdog: kern.watchdog.auto: 1 -> 1
hostname: setting hostname to sample...
inet: configuring IP on system interfaces...
route: adding default route...
add net default: gateway 208.192.32.1
pf/nat: configuring and enabling...
pf enabled
syslogd: starting log daemon...
ssh: starting daemon...

OpenBSD/i386 (sample) (tty00)

login: 
[EOT]

Conclusion

Congratulations! You now have a bootable NET4501 and you can login and poke around. As the default configuration isn't quite helpful (since odds are you don't have the IP addresses the defaults are set for) it gives you a basis to play around. In the next article I'll get into how to make changes and how to setup a flexible imaging environment to save you heart ache and headaches.

If you have any questions or suggestions as to what I should cover please make comments below, I promise I'll read every one (even the damned trolls).

See you next time! Same puffy time, same puffy channel!

-- 
Sean

(Comments are closed)


Comments
  1. By nikns (159.148.95.9) nikns@secure.lv on

    I don't muck with flashdist when I can buy 1gb CF for few bucks and install on it full OpenBSD installation with all X's.

    Comments
    1. By Mike (194.29.168.119) on

      > I don't muck with flashdist when I can buy 1gb CF for few bucks and
      > install on it full OpenBSD installation with all X's.

      # mount
      root_device on / type ffs (local, read-only)
      mfs:1542 on /tmp type mfs (asynchronous, local, size=16128 512-blocks)

      Comments
      1. By Michael (84.44.138.5) on

        > I don't muck with flashdist when I can buy 1gb CF for few bucks and
        > install on it full OpenBSD installation with all X's.
        >
        > # mount
        > root_device on / type ffs (local, read-only)
        > mfs:1542 on /tmp type mfs (asynchronous, local, size=16128 512-blocks)
        >

        He is right on some level... except for the X stuff, imho.

        Well, I just got a Soekris too (with 256 MB RAM) and did a normal PXE install without X (very easy without all this CF cardreader hassle) and am using mfs too.

        Btw, you might want to consider putting /var (and maybe /dev) into mfs too so the logs don't destroy your CF and rsync it back when shutting down/rebooting the soekris or from time to time as a cronjob. /tmp is linked to /var/tmp here.

        # mount
        /dev/wd0a on / type ffs (local, noatime, read-only)
        mfs:24456 on /var type mfs (asynchronous, local, nosuid, size=212992 512-blocks)
        mfs:5461 on /dev type mfs (asynchronous, local, noexec, nosuid, size=4096 512-blocks)

        Comments
        1. By Kevin (205.166.42.129) on

          >you might want to consider putting /var (and maybe /dev) into mfs too
          >so the logs don't destroy your CF


          Modern flash cards have 'wear-leveling' and other technology which means that it is higly unlikely for any but the most write-intensive use to destroy a CF card.

          Logging to CF parititons will be a little slow, but not dangerous.

  2. By Alex Holst (80.160.149.62) on

    OpenBSD has been able to install on Soekris-like systems for a while now without bringing flashdist into the mix. I do normal installs on all my CF based systems.

    Comments
    1. By Anonymous Coward (69.3.44.234) on

      > OpenBSD has been able to install on Soekris-like systems for a while now without bringing flashdist into the mix. I do normal installs on all my CF based systems.

      Do you have to do anything unusual during the install? I tried doing a 'normal' install to a CF card (the same as I do to hard drives). It seemed to install fine, but wouldn't boot.

      Comments
      1. By Anonymous Coward (83.5.194.87) on

        > > OpenBSD has been able to install on Soekris-like systems for a while now without bringing flashdist into the mix. I do normal installs on all my CF based systems.
        >
        > Do you have to do anything unusual during the install? I tried doing a 'normal' install to a CF card (the same as I do to hard drives). It seemed to install fine, but wouldn't boot.
        >
        >

        um, if you install to an external CF reader, it picks up sd0 for your fstab mounts, so you have to modify that to wd0 for CF slots attached to the IDE bus, as in soekris or wrap boards.

        Comments
        1. By Anonymous Coward (69.3.44.234) on


          > um, if you install to an external CF reader, it picks up sd0 for your fstab mounts, so you have to modify that to wd0 for CF slots attached to the IDE bus, as in soekris or wrap boards.

          Sorry, I should have been clearer. I'm not talking about a Soekris box.

          I've got an old Pentium II machine that I've been running OpenBSD on as a firewall for some time. The 700 MB hard drive in it is hot and loud so I was hoping to go cool and quiet with a compact flash card. I bought an IDE-to-CompactFlash adapter and did a regular FTP install to a 1 GB CompactFlash card (just as I'd normally do to a hard drive).

          The install seemed to go fine, but it won't boot.

          Comments
          1. By Anonymous Coward (194.245.32.131) on

            >
            > > um, if you install to an external CF reader, it picks up sd0 for your fstab mounts, so you have to modify that to wd0 for CF slots attached to the IDE bus, as in soekris or wrap boards.
            >
            > Sorry, I should have been clearer. I'm not talking about a Soekris box.
            >
            > I've got an old Pentium II machine that I've been running OpenBSD on as a firewall for some time. The 700 MB hard drive in it is hot and loud so I was hoping to go cool and quiet with a compact flash card. I bought an IDE-to-CompactFlash adapter and did a regular FTP install to a 1 GB CompactFlash card (just as I'd normally do to a hard drive).
            >
            > The install seemed to go fine, but it won't boot.

            not every board, especially older ones, are able to boot of a CF card in the ide-slot.

      2. By David Chisnall (155.98.19.213) on

        Do you have to do anything unusual during the install? I tried doing a 'normal' install to a CF card (the same as I do to hard drives). It seemed to install fine, but wouldn't boot.

        I wrote a tutorial for Ping Wales on installing OpenBSD on Flash a few months back. It covers running the entire install process without the aid of the installer, so you can easily create an OpenBSD install on a loopback device and then copy it to a flash device.

  3. By Anonymous Coward (82.196.114.48) on

    Nice article, the soekris boxes are really nice to play around with.

    But flashdist is a bit too minimal for me, I agree with parent, why not the whole shebang on a 1gb CF? :)

    I've got a 4801, I thought I was going to make it an AP, but then I remembered there was no WPA support in obsd...

    Otherwise it makes a killer firewall/router, best piece of networking hardware I've ever had.

    Comments
    1. By Anonymous Coward (139.142.208.98) on

      > But flashdist is a bit too minimal for me, I agree with parent, why not the whole shebang on a 1gb CF? :)
      >
      Read-only file system is the biggest reason.
      Setting up an MFS for /tmp, /var etc and making the boot process deal with it is reason enough. Instead of writing a 30 page article doing exactly what flashdist does why not use it (especially for an 'introductory' article).

      When I started playing with these things the prices of cards were still a bit high and was on a limited budget (bought two cards per machine for upgrades since I was sending these all over the world).

      You can do a full install with no issues but with only 64MB of RAM, no swap and a limited write cycle a custom kernel is preferred.

      The final reason, it is illuminating as to how little you actually need to make a usable system.

      Comments
      1. By sean (139.142.208.98) on

        Note to self, 'name' field doesn't self populate! :P

      2. By Alex Holst (80.160.149.62) on

        > > But flashdist is a bit too minimal for me, I agree with parent, why not the whole shebang on a 1gb CF? :)
        > >
        > Read-only file system is the biggest reason.
        > Setting up an MFS for /tmp, /var etc and making the boot process deal with it is reason enough. Instead of writing a 30 page article doing exactly what flashdist does why not use it (especially for an 'introductory' article).

        Sure, it helps with media wear to put /tmp and /var/run on MFS but all the other things flashdist does isn't needed anymore.

        Comments
        1. By Bob Loblaw (207.61.43.5) on

          > Sure, it helps with media wear to put /tmp and /var/run on MFS but all the other things flashdist does isn't needed anymore.
          >
          >

          I got around having to know intimate details about my CF cards by just PXE booting the soekris off of my other bsd box and loading in the bsd.rd kernel. The install process will set up the CF card nicely. I then ftp over the appropriate flashboot image file and call it "bsd". This works exactly the same for any sized CF card (I have tested from 16MB to 256MB).

          So, I am running a net4501 off of a 16MB CF card that was pulled from an ancient nikon digital camera. The flash is used strictly for storing the flashboot image and any local configs. With a 16MB card, I can store two flashboot images (current plus new version). Flashboot runs out of a 12MB MFS which leaves me 52MB left for system memory. This is amply sufficient for pf, ipsec, dhcp and ssh.

          I personally don't like having the whole system run directly off the flash. Upgrades are much more complicated than using a ramdisk kernel like flashboot. With flashboot, you test the new kernel image on your dev system and when you are ready, you ssh in to the net4501, remount the CF card as rw and scp the new image in place and boot off it. And you can always fall back to the previous system very easily.

          It is well worth the excercise to see how much you can really get rid of. A 12MB ramdisk fills up fast but allows for a surprisingly complete feature-set, at least as a network firewall / access point.

      3. By Anonymous Coward (83.5.194.87) on

        > > But flashdist is a bit too minimal for me, I agree with parent, why not the whole shebang on a 1gb CF? :)
        > >
        > Read-only file system is the biggest reason.
        > Setting up an MFS for /tmp, /var etc and making the boot process deal with it is reason enough. Instead of writing a 30 page article doing exactly what flashdist does why not use it (especially for an 'introductory' article).

        stock /etc/rc deals with mounting mfs just fine, you just need to modify /etc/fstab.

        it's much nicer having a full system, with man pages, when you have more than a few. it's a bummer to discover that your custom built dist lacks say, scp, when you need it.

        and 512MB does it just fine (before the /usr size increase it was doable with 256MB)

    2. By Igor Sobrado (81.37.167.25) on

      > I've got a 4801, I thought I was going to make it an AP, but then I remembered there was no WPA support in obsd...

      You do not really need WPA support in OpenBSD. OpenBSD can be an excellent access point based on VPNs and authpf. I think that this set up is more powerful, based on true standards and more simple. I certainly would not like see OpenBSD growing with all these extensions and short-lived protocols when it offers standard tools that work better and can be used in a large amount of different scenarios.

      Just my two cents,

      Igor.

      Comments
      1. By Anonymous Coward (24.28.122.214) on

        Well, it was the easiest thing for me to do. I use a IPSEC VPN for work, and I could not find any docs on how to tunnel that IPSEC over another PC tunnel for the wireless. So I tried OpenVPN, but couldn't get that to work reliably, either (could have been my wireless; see below). So then I set it up to use my IPSEC for normal traffic and nothing for the work VPN (it had its own IPSEC).

        I had had some interference problems with 802.11g, so I wanted to try 802.11a. At this same time, I was looking to get rid of the access point, so I looked for a wireless 802.11a/b/g card to use. My Atheros miniPCI I had lying around is not supported in a or g modes on OpenBSD, and it looked like the only chipset that both worked in hostap mode and supported a and g was the Ralink. I had zero success finding a high-power 802.11a/b/g Ralink card -- at least one I was _sure_ used a Ralink chipset in its currently_available incarnation.

        I finally punted and bought a Buffalo access point. I think it runs Linux. It has WPA, which I am using. No extra setup on the OpenBSD firewall, as the wireless link is transparent to it. I respect OpenBSD's desire for open drivers and eschewing of poorly-designed protocols like WPA, but after 8 hours spent trying to do this without anything besides the OpenBSD firewall, I finally threw in an $80 towel, and frankly, it was money well spent.

        Maybe one day I'll attempt to port OpenBSD to the Buffalo... :)

      2. By Anonymous Coward (82.196.114.48) on

        > > I've got a 4801, I thought I was going to make it an AP, but then I remembered there was no WPA support in obsd...
        >
        > You do not really need WPA support in OpenBSD. OpenBSD can be an excellent access point based on VPNs and authpf. I think that this set up is more powerful, based on true standards and more simple. I certainly would not like see OpenBSD growing with all these extensions and short-lived protocols when it offers standard tools that work better and can be used in a large amount of different scenarios.
        >
        > Just my two cents,
        >
        > Igor.

        True standards are all well and good, but normal users don't care.

        And occasionally I have friends over that wants wifi access, and they don't know what pptp or ipsec is and they don't wanna know.

        And I'm not going to set up accounts and setup their client apps and so forth... It's just too much hassle.

        Comments
        1. By Anonymous Coward (83.5.196.219) on

          >
          > True standards are all well and good, but normal users don't care.
          >
          > And occasionally I have friends over that wants wifi access, and they don't know what pptp or ipsec is and they don't wanna know.
          >
          > And I'm not going to set up accounts and setup their client apps and so forth... It's just too much hassle.
          >
          >

          call me silly but I leave my access points open, however I do separate them from the wired network and in any case don't have any exposed services or cleartext auth on the wired...

  4. By Anonymous Coward (198.208.251.24) on

    I don't care for the mfs and custom /etc/rc. Somebody recently made a post to make mfs do sensible things, like copy files back to disk on a clean shutdown, and also do it as part of /etc/daily. I still think its alot of work, and would rather just buy a new CF card once a year ;p

    I made a post of a flashdist-derived script that does installs of the openbsd base sets and then "overlays" a custom / filesystem. Its much easier to work with. Its the result of having to modify the crap out of flashdist to simplify and generalize it for more broader uses.

    Comments
    1. By Shane J Pearson (202.45.125.5) on

      > I don't care for the mfs and custom /etc/rc. Somebody recently made a post to make mfs do sensible things, like copy files back to disk on a clean shutdown, and also do it as part of /etc/daily. I still think its alot of work, and would rather just buy a new CF card once a year ;p

      I've been running my home firewall from a 512MB Lexar CF (Professional 80X) in a Sun Ultra 10 for about a year now. With no mfs. Just using softdep and noatime to soften the blow.

      shanes-mac-mini:/Volumes/Media test shane$ dd bs=64k if=/dev/zero of=test.bin
      dd: test.bin: No space left on device
      7572+0 records in
      7571+0 records out
      496173056 bytes transferred in 70.178093 secs (7070199 bytes/sec)

      shanes-mac-mini:/Volumes/Media test shane$ cd ~/Desktop
      shanes-mac-mini:~/Desktop shane$ dd bs=64k count=7571 if=/dev/urandom of=random.bin
      7571+0 records in
      7571+0 records out
      496173056 bytes transferred in 98.934685 secs (5015158 bytes/sec)

      shanes-mac-mini:~/Desktop shane$ md5 < random.bin
      ecb9266d610225edbf9c24691eee8b80

      shanes-mac-mini:~/Desktop shane$ cp random.bin "/Volumes/Media test"
      shanes-mac-mini:~/Desktop shane$ md5 < "/Volumes/Media test/random.bin"
      ecb9266d610225edbf9c24691eee8b80


      Not the best test, but encouraging at least. Is there a program in OpenBSD or a port which I can install to perform a more complete media test? I have this Lexar CF plugged into my Mac under OSX (sorry) via an opened Lacie external HDD enclosure with the CF in it with a CF-IDE adaptor.

      I'll plug it into my VAIO running OpenBSD 4.0 and do a proper test if there is such a program.

      From what I have read from a SanDisk paper and from what an OpenBSD developer (from memory) said in the misc@ list, I get the feeling that I could expect a 1-million-writes CF to last at least for many years in a firewall just by using noatime.

      Anyone had CF go bad under OpenBSD?

      Comments
      1. By Anonymous Coward (83.5.196.219) on


        >
        > Anyone had CF go bad under OpenBSD?

        not yet, I have maybe ten boxes running from CF over the last 3 years, but then I do /tmp and var on mfs...

  5. By Alan DeWitt (71.215.147.225) on

    I set up my first Soekris with flashdist on 3.5. While it worked great, it was kind of a pain.

    For later installs, I ended up buying an IDE to CF adapter, installing it in an old PC, and installing to the CF directly from the CD. It needs a relatively large CF card, but it's way easier. (Especially now that console redirection is an install option.) The generic kernel runs fine on a NET4801.

    Of course, I have been building them for my employer so I had the option of spending some of their money on hardware to save my hourly wage. Not everyone has that option, and I'm sure this will be a very helpful article for folks without that option. So thanks!

  6. By Anonymous Coward (66.199.184.254) on

    Is such a SOEKRIS-Board useable for a 16mbit ADSL-Line?
    I`ve heared that they propably do have problems because the CPU isn`t fast enought...?!

    Also: Are ther eother boards with no SIS?! I simply HATE sis because they do suck (chisets) so I wanna help them as less as possible to sell anything.

    Somebody also propably knows if they`ve Gbit-Ethernet (propably future proucts?!)

    Comments
    1. By earx (81.56.211.110) on

      i love it for fun in a nintendo nes box
      http://earxtacy.free.fr/phpwebgallery/picture.php?cat=12&image_id=171&expand=12

    2. By Bob Loblaw (207.61.43.5) on

      > Is such a SOEKRIS-Board useable for a 16mbit ADSL-Line?
      > I`ve heared that they propably do have problems because the CPU isn`t fast enought...?!
      >
      > Also: Are ther eother boards with no SIS?! I simply HATE sis because they do suck (chisets) so I wanna help them as less as possible to sell anything.
      >
      > Somebody also propably knows if they`ve Gbit-Ethernet (propably future proucts?!)

      Tehn you want to get a COMMELL LS-570 or some such box.
      http://www.commell.com.tw/Product/SBC.htm#5.25/3.5%20Embedded%20miniboard
      These are, obviously, not in the same price category as the soekris, but invariably, in one form or another, you pay to play.

    3. By Anonymous Coward (85.158.44.146) on

      > Is such a SOEKRIS-Board useable for a 16mbit ADSL-Line?

      Depends what you want to do with it, whether you're just routing or running pppoe, whether you have a lot of small packets, how many firewall rules, etc.etc.

      There are PCI adjustments that improve performance on the 45xx, see http://homepage.mac.com/quension/soekris/bsd/ but it's still a pretty slow processor.

      > Also: Are ther eother boards with no SIS?! I simply HATE sis because they do suck (chisets) so I wanna help them as less as possible to sell anything.

      Not Soekris. There are a whole bunch of other small systems available though (often based on VIA Eden and with realtek or intel nics).

      > Somebody also propably knows if they`ve Gbit-Ethernet (propably future proucts?!)

      Have been "future products" for years now. I think most people are fed up of waiting and are looking at alternatives now.

    4. By Anonymous Coward (83.5.194.87) on

      >
      > Somebody also propably knows if they`ve Gbit-Ethernet (propably future proucts?!)


      try nexcom, commel, iei or search for "industrial pc"

      there's a ton of products out there based on the geode and other CPU's (VIA, INTEL) with fxp, gigE etc.

      Comments
      1. By Wim (88.82.33.37) wim@kd85.com on http://liantec.kd85.com/

        > > > > Somebody also propably knows if they`ve Gbit-Ethernet (propably future proucts?!) > > > try nexcom, commel, iei or search for "industrial pc" > > there's a ton of products out there based on the geode and other CPU's (VIA, INTEL) with fxp, gigE etc.

        Try Liantec

        cu -s 9600 -l /dev/ttyU0
        Connected
        >> OpenBSD/i386 PXEBOOT 1.06
        
        com0: 9600 baud
        boot>
        booting tftp:/bsd: 5340064
        entry point at 0x200120
        
        [ using 521852 bytes of bsd ELF symbol table ]
        Copyright (c) 1982, 1986, 1989, 1991, 1993
                The Regents of the University of California.  All rights reserved.
        Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org
        
        OpenBSD 4.0-beta (GENERIC) #1055: Thu Aug  3 11:39:24 MDT 2006
            deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
        cpu0: Intel(R) Celeron(R) M processor 1.00GHz ("GenuineIntel" 686-class) 1.01 GHz
        cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF
        real mem  = 501772288 (490012K)
        avail mem = 449880064 (439336K)
        using 4256 buffers containing 25190400 bytes (24600K) of memory
        mainbus0 (root)
        bios0 at mainbus0: AT/286+(a1) BIOS, date 08/23/06, BIOS32 rev. 0 @ 0xfaf90, SMBIOS rev. 2.2 @ 0xf0800 (34 entries)
        apm0 at bios0: Power Management spec V1.2
        apm0: AC on, battery charge unknown
        apm0: flags 70102 dobusy 1 doidle 1
        pcibios0 at bios0: rev 2.1 @ 0xf0000/0xdf84
        pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde30/320 (18 entries)
        pcibios0: PCI Exclusive IRQs: 7 9 10 11
        pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801DB LPC" rev 0x00)
        pcibios0: PCI bus #1 is the last bus
        bios0: ROM list: 0xc0000/0xc800 0xd0000/0x1000
        cpu0 at mainbus0
        pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
        pchb0 at pci0 dev 0 function 0 "Intel 82852GM Hub-PCI" rev 0x02
        "Intel 82852GM Memory" rev 0x02 at pci0 dev 0 function 1 not configured
        "Intel 82852GM Configuration" rev 0x02 at pci0 dev 0 function 3 not configured
        vga1 at pci0 dev 2 function 0 "Intel 82852GM AGP" rev 0x02: aperture at 0xe0000000, size 0x8000000
        wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
        wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
        "Intel 82852GM AGP" rev 0x02 at pci0 dev 2 function 1 not configured
        uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x02: irq 11
        usb0 at uhci0: USB revision 1.0
        uhub0 at usb0
        uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
        uhub0: 2 ports with 2 removable, self powered
        uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x02: irq 7
        usb1 at uhci1: USB revision 1.0
        uhub1 at usb1
        uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
        uhub1: 2 ports with 2 removable, self powered
        uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x02: irq 10
        usb2 at uhci2: USB revision 1.0
        uhub2 at usb2
        uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
        uhub2: 2 ports with 2 removable, self powered
        ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x02: irq 7
        usb3 at ehci0: USB revision 2.0
        uhub3 at usb3
        uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
        uhub3: 6 ports with 6 removable, self powered
        ppb0 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x82
        pci1 at ppb0 bus 1
        em0 at pci1 dev 8 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 7, address 00:06:93:f0:2e:45
        em1 at pci1 dev 9 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 10, address 00:06:93:f0:2e:46
        em2 at pci1 dev 10 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 11, address 00:06:93:f0:2e:47
        em3 at pci1 dev 11 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 9, address 00:06:93:f0:2e:48
        ichpcib0 at pci0 dev 31 function 0 "Intel 82801DB LPC" rev 0x02
        pciide0 at pci0 dev 31 function 1 "Intel 82801DB IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility
        pciide0: channel 0 disabled (no drives)
        pciide0: channel 1 disabled (no drives)
        ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x02: irq 9
        iic0 at ichiic0
        isa0 at ichpcib0
        isadma0 at isa0
        pckbc0 at isa0 port 0x60/5
        pckbd0 at pckbc0 (kbd slot)
        pckbc0: using irq 1 for kbd slot
        wskbd0 at pckbd0: console keyboard, using wsdisplay0
        pcppi0 at isa0 port 0x61
        midi0 at pcppi0: 
        spkr0 at pcppi0
        lm0 at isa0 port 0x290/8: W83627HF
        npx0 at isa0 port 0xf0/16: using exception 16
        pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
        pccom0: console
        pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
        biomask ffe5 netmask ffe5 ttymask ffe7
        pctr: 686-class user-level performance counters enabled
        mtrr: Pentium Pro MTRR support
        uhub4 at uhub2 port 2
        uhub4: Mitsumi Electric Hub in Apple Extended USB Keyboard, rev 1.10/3.95, addr 2
        uhub4: 3 ports with 2 removable, bus powered
        uhidev0 at uhub4 port 3 configuration 1 interface 0
        uhidev0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/3.95, addr 3, iclass 3/1
        ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 13
        wskbd1 at ukbd0 mux 1
        wskbd1: connecting to wsdisplay0
        uhidev1 at uhub4 port 3 configuration 1 interface 1
        uhidev1: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/3.95, addr 3, iclass 3/0
        uhidev1: 3 report ids
        uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0
        uhid1 at uhidev1 reportid 3: input=3, output=0, feature=0
        

        Comments
        1. By ahafey (82.69.184.245) on

          >
          > Try Liantec
          >

          Hiya Wim, already saving for one!

          Going to "retire" the Soekris 4801 to WiFi AP with hostapd and use the bigger Liantec to face the Internets.

          Any updates on the 5842?

          Thanks,
          Alex.

          Comments
          1. By Wim (88.82.33.37) wim@kd85.com on http://liantec.kd85.com/


            > Going to "retire" the Soekris 4801 to WiFi AP with hostapd and use the bigger Liantec to face the Internets.
            >
            > Any updates on the 5842?

            The dmesg above is from a 5842 I just got in, it works just fine with PXEboot and all,
            the only downside is that the ULV Celeron still needs a fan keep it cool.

            I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.

            Comments
            1. By Anonymous Coward (61.132.73.254) on

              > I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.

              And also would even provide the advantage of the AES-Engine! :-)
              Wim do you`ve a Mailinglist where peoples can do subscripe to get informed about propably new stuff?

              Comments
              1. By ahafey (82.69.184.245) on

                > > I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.
                >
                > And also would even provide the advantage of the AES-Engine! :-)

                Oh YES!!! Worth it for that alone...

                > Wim do you`ve a Mailinglist where peoples can do subscripe to get informed about propably new stuff?

                I make purchases rarely (outside of OpenBSD CD's) so that side of it wouldn't be so useful and Wim posts out his new product pages with the CD's.

                It'd be interesting to see some of the stuff Wim gets up to. The photos are good but the stories behind them (all those open cases, the drilling, etc, etc) would be excellent!

                Cheers,
                Alex.

                Comments
                1. By Anonymous Coward (88.198.7.68) on

                  > > > I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.
                  > >
                  > > And also would even provide the advantage of the AES-Engine! :-)
                  >
                  > Oh YES!!! Worth it for that alone...

                  Well right me if I`m wrong but it does not yet (or will ever?!)
                  use the Via-CPU also for the SHA-Calculations, right?
                  For now it just does AES.

                  Comments
                  1. By Anonymous Coward (211.30.242.137) on

                    > > > > I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.
                    > > >
                    > > > And also would even provide the advantage of the AES-Engine! :-)
                    > >
                    > > Oh YES!!! Worth it for that alone...
                    >
                    > Well right me if I`m wrong but it does not yet (or will ever?!)
                    > use the Via-CPU also for the SHA-Calculations, right?
                    > For now it just does AES.

                    The C3 does NOT do SHA, only AES.

                    The C7 series DOES do SHA calculations as well as AES.

                    The question of course, does OpenBSD support this feature?
                    (and has VIA provided the necessary docs to implement this?).

                    If they have, that would be AWESOME! :D

            2. By Amir S Mesry (208.52.133.98) starkiller@web-illusions.net on

              >
              > > Going to "retire" the Soekris 4801 to WiFi AP with hostapd and use the bigger Liantec to face the Internets.
              > >
              > > Any updates on the 5842?
              >
              > The dmesg above is from a 5842 I just got in, it works just fine with PXEboot and all,
              > the only downside is that the ULV Celeron still needs a fan keep it cool.
              >
              > I really look forward to get my hands on the C7 prototypes, that will be a better choice for a fast fanless board.

              What is the throughput on these boards, does anyone know, I love the Soekris but I hate the 22MB Limit I hit with them.

            3. By Cor (24.28.122.214) maxentropic@hotmail.com on

              Got one, a Jetway with a C7 1.2Ghz. I wanted to run it fanless as well, but it runs about 60 °C, and hotter if it's doing anything. The part number on the Jetway implies that it's the 12W low-voltage model, but it sure doesn't feel like it. I chickened out and put a case fan on it.

              OpenBSD 4.0 now supports the clock speed reduction on it via APM, and I enabled that, but it doesn't seem to make much difference (meaning 400MHz is not much cooler than 1200 MHz). I still like it, though. I got one of those Silenx fans, and now the hard disk makes more noise.

  7. By SleighBoy (24.113.29.23) on http://www.code.cx/

    net48xx + IDE mounting hardware + 80 GB IDE drive + PXE Boot install = Happy Happy Joy Joy.

    The worst part of the whole thing was Soekris not having an SSL order form when they ask for credit card info, what century are they living in?

    Comments
    1. By Anonymous Coward (217.205.77.85) on

      > net48xx + IDE mounting hardware + 80 GB IDE drive + PXE Boot install = Happy Happy Joy Joy.
      >
      > The worst part of the whole thing was Soekris not having an SSL order form when they ask for credit card info, what century are they living in?
      >

      You mean you didn't purchase it from kd85.org???

      Comments
      1. By SleighBoy (24.113.29.23) on http://www.code.cx/

        > > net48xx + IDE mounting hardware + 80 GB IDE drive + PXE Boot install = Happy Happy Joy Joy.
        > >
        > > The worst part of the whole thing was Soekris not having an SSL order form when they ask for credit card info, what century are they living in?
        > >
        >
        > You mean you didn't purchase it from kd85.org???

        Is that considered heresy?
        Unless I am mistaken, he ships from Europe. So shipping to WA, USA from Europe or from CA, USA.. hmmmmm

    2. By Anonymous Coward (82.196.114.48) on

      > net48xx + IDE mounting hardware + 80 GB IDE drive + PXE Boot install = Happy Happy Joy Joy.
      >

      I had the exact same configuration on obsd 3.3, but the harddrive gets too hot and dies after a while. Mine lasted 10months.

      Now I run on a 1Gb CF (obsd 3.9), but I'm gonna try PfSense soon.

      Comments
      1. By Igor Sobrado (81.37.167.25) on

        > > net48xx + IDE mounting hardware + 80 GB IDE drive + PXE Boot install = Happy Happy Joy Joy.
        > >
        >
        > I had the exact same configuration on obsd 3.3, but the harddrive gets too hot and dies after a while. Mine lasted 10months.

        Not really too hot. 2.5" drives are usually not designed to work 24/7. In fact, these drives are designed for being used up to five hours/day. You need what is called an "enhanced availability" drive. Something like the Hitachi E* series (e.g., E5K100 or E7K100) or the Seagate *B drives.

        Standard 2.5" drives are just not designed for continuous work. The bad news are that these enhanced availability drives are extremely difficult to buy. I started looking for two this summer and I am looking for them yet. Sadly, good cooling will not help.

        That is the reason I suggested Wim buying a number of these drives to sell with the Soekris computers. These drives are *really* difficult to buy through standard channels.

        See at a S.M.A.R.T. report on your computer ("atactl wd0 readattr" or "atactl wd1 readattr" as root, when running at securelevel 1, not 2). You will see that the drive does not complain about a too high temperature, but about the "power-on hours", a very different beast.

        My guess (and it is only a guess, nothing more) is that now that blade computers are being widely available in datacenters, these enhanced availability drives will be easier to get through standard distribution channels. Hope not being wrong!

        Igor.

  8. By Anonymous Coward (69.70.207.240) on

    Can the serial 'console' (on Soekris and WRAP devices) also be used as a regular serial port, ie, for trunking, using trunk(4) to 'trunk' that interface with the NIC(s) and then use an external modem for Dial-on-Demand Routing as a backup link?

    If so, would this require ifstated(8) with pppd(8) or is there an easier or better route that I should look into studying?

    Comments
    1. By mcbride (210.138.35.53) on

      > Can the serial 'console' (on Soekris and WRAP devices) also be used as a
      > regular serial port,

      Yes, the 'console' on these devices is a regular serial port after the BIOS is done with it.

      If you do something like this, you'll lose the ability to use the console, either when you're using the backup link or all the time (depending on how things are implemented)

      > ie, for trunking, using trunk(4) to 'trunk' that interface with the
      > NIC(s) and then use an external modem for Dial-on-Demand Routing as a
      > backup link?

      trunk(4) is a layer-2 failover/aggregation mechanism for ethernet interfaces, it's not going to help you in this situation.

      > If so, would this require ifstated(8) with pppd(8) or is there an easier
      > or better route that I should look into studying?

      Ifstated+pppd is probably the simplest.

    2. By Paladdin (213.97.233.52) on

      > Can the serial 'console' (on Soekris and WRAP devices) also be used as a regular serial port, ie, for trunking, using trunk(4) to 'trunk' that interface with the NIC(s) and then use an external modem for Dial-on-Demand Routing as a backup link?
      >
      > If so, would this require ifstated(8) with pppd(8) or is there an easier or better route that I should look into studying?

      Ummm... there's no need to trash the console, at least with NET4501. It has a second serial port head on the board that works beautifully :)

      I'm currently developing a supervision system for a fuel cell that uses two serial ports -one for the cell, the other for a GSM cellphone-, and the GPIO interface to enable and disable several external switches, with no problem at all!

      Comments
      1. By wim (88.82.33.37) wim@kd85.com on https://kd85.com/soekris.html

        > Ummm... there's no need to trash the console, at least with NET4501. It has a second 
        > serial port head on the board that works beautifully :)
        > 
        > I'm currently developing a supervision system for a fuel cell that uses two serial ports 
        > -one for the cell, the other for a GSM cellphone-, and the GPIO interface to enable and
        >  disable several external switches, with no problem at all!
        

        Thanks to Fkr, we now how the matching serial cables and cases that have the right holes. The top one has room for a quad serial port card that costs about EUR 50, the middle one just uses the extra onboard serial port with an extention cable.

  9. By anavarro (194.69.224.8) on

    Nice article Sean! BTW, has somebody played with this?. Seems to work fine with OpenBSD + Cherokee web server.

    Comments
    1. By sean (139.142.208.98) on

      > Nice article Sean!
      > BTW, has somebody played with this?. Seems to work fine with OpenBSD + Cherokee web server.

      Nope, but I would if I had one.

      There is a boat load of proprietary devices in my day that I wish to replace with tiny OpenBSD machines.

    2. By Anonymous Coward (76.3.196.122) on

      > Nice article Sean!
      > BTW, has somebody played with this?. Seems to work fine with OpenBSD + Cherokee web server.

      How much does it cost? I'd be happy to buy one if the pricing would be not as insane as with Via Epia C3/C7 and Soekris.

  10. By Anonymous Coward (76.3.196.122) on http://www.newegg.com/Product/Product.asp?Item=N82E16856110056

    Why no-one but Asus offers an under-100-dollar barebone?

    http://www.newegg.com/Product/Product.asp?Item=N82E16856110056

    ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.

    Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.

    Comments
    1. By Anonymous Coward (24.46.21.229) on

      > Why no-one but Asus offers an under-100-dollar barebone?

      I don't know why, but thanks for pointing this out; I just bought three. Cheers

    2. By Paladdin (213.97.233.52) on

      > Why no-one but Asus offers an under-100-dollar barebone?
      >
      > http://www.newegg.com/Product/Product.asp?Item=N82E16856110056
      >
      > ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.
      >
      > Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.

      One nice alternative to Soekris products is PC Engines, manufacturers of WRAP boards (http://www.pcengines.ch/wrap.htm)

      This is specially true when talking about european customers... Good performance, good price! :)

      Comments
      1. By sthen (85.158.44.148) on

        > One nice alternative to Soekris products is PC Engines, manufacturers of WRAP boards (http://www.pcengines.ch/wrap.htm)
        >
        > This is specially true when talking about european customers...

        netgate sell them, too.

        > Good performance, good price! :)

        yes, they turn in a little better network performance (NPtcp from a faster host to the box itself gave something like 40Mbit/s vs 32Mbit/s - I didn't test routing performance there). No IDE connector, though I don't think that's really a bad thing, even 4200rpm drives run too warm in a net4801 with the standard case.

        Comments
        1. By Anonymous Coward (76.3.196.122) on

          > yes, they turn in a little better network performance (NPtcp from a faster host to the box itself gave something like 40Mbit/s vs 32Mbit/s - I didn't test routing performance there). No IDE connector, though I don't think that's really a bad thing, even 4200rpm drives run too warm in a net4801 with the standard case.

          personally, I'm a fan of USB 2.0 HDD enclosures, which work quite nicely with OpenBSD and add the benefit of quick swaps between the systems.

    3. By Jim (198.62.124.245) on

      > Why no-one but Asus offers an under-100-dollar barebone?
      >
      > http://www.newegg.com/Product/Product.asp?Item=N82E16856110056
      >
      > ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.
      >
      > Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.

      I have a 4801. Works great. I've waited and waited for a slightly faster, slightly more ram, version from Soekris to replace my server. I've given up on them. Just bought one of these to replace the aging Compaq desktop (1998) that I call a server. Hopefully this new box uses less power than that old Compaq.

      Thanks for the tip!

      Jim

    4. By Anonymous Coward (76.3.196.122) on http://www.ewiz.com/detail.php?p=MB-V21G

      > Why no-one but Asus offers an under-100-dollar barebone?
      >
      > http://www.newegg.com/Product/Product.asp?Item=N82E16856110056
      >
      > ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.
      >
      > Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.

      I though I'd share this -- some froogling around, and I've just found a PC CHIPS VIA C7 motherboard which accepts DDR2-533 memory and costs only 66 USD (with UPS Ground for 10,47, total price should be 76,47 USD)!

      It has 400MHz FSB!!! Processor speed should be at least 1,5GHz, according to http://en.wikipedia.org/wiki/VIA_C7

      http://www.ewiz.com/detail.php?p=MB-V21G
      http://www.pcchips.com.tw/PCCWeb/Products/ProductsDetail.aspx?DetailID=384&MenuID=49&LanID=0

      Compare this price with what VIA charges for its own boards!!!

      Now only problem is to find out which C7 processor this board has, whether it has a fan-controlling chip, and a Flex-ATX box with tiny power supply.

      Else, I hope that ASUS will release a Terminator C7 soon. :)

      Comments
      1. By Anonymous Coward (211.30.242.137) on

        > > Why no-one but Asus offers an under-100-dollar barebone?
        > >
        > > http://www.newegg.com/Product/Product.asp?Item=N82E16856110056
        > >
        > > ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.
        > >
        > > Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.
        >
        > I though I'd share this -- some froogling around, and I've just found a PC CHIPS VIA C7 motherboard which accepts DDR2-533 memory and costs only 66 USD (with UPS Ground for 10,47, total price should be 76,47 USD)!
        >
        > It has 400MHz FSB!!! Processor speed should be at least 1,5GHz, according to http://en.wikipedia.org/wiki/VIA_C7
        >
        > http://www.ewiz.com/detail.php?p=MB-V21G
        > http://www.pcchips.com.tw/PCCWeb/Products/ProductsDetail.aspx?DetailID=384&MenuID=49&LanID=0
        >
        > Compare this price with what VIA charges for its own boards!!!
        >
        > Now only problem is to find out which C7 processor this board has, whether it has a fan-controlling chip, and a Flex-ATX box with tiny power supply.
        >
        > Else, I hope that ASUS will release a Terminator C7 soon. :)

        Its a good find...The thing about C7 is that the performance isn't what you expect. At best, its about 10% (overall) faster compared to the older C3 "Nehemiah". (Like the old PIII, a bigger bus doesn't do much for the C3 or C7.)

        The C7 comes in a few speed grades...If you want fanless, go for 1.2Ghz or slower.

        Comments
        1. By Anonymous Coward (76.3.196.122) on http://www.via.com.tw/en/products/processors/c7/

          > > > Why no-one but Asus offers an under-100-dollar barebone?
          > > >
          > > > http://www.newegg.com/Product/Product.asp?Item=N82E16856110056
          > > >
          > > > ASUS Terminator C3 barebone costs only 98 USD _delivered_, which even includes CD-ROM drive, i.e. the only thing you have to buy is DDR SDRAM and HDD.
          > > >
          > > > Does anyone have any suggestions on cheaper alternatives to Soekris? Having a relative monopoly in the market, Soekris prices are otherwise very much unreasonable.
          > >
          > > I though I'd share this -- some froogling around, and I've just found a PC CHIPS VIA C7 motherboard which accepts DDR2-533 memory and costs only 66 USD (with UPS Ground for 10,47, total price should be 76,47 USD)!
          > >
          > > It has 400MHz FSB!!! Processor speed should be at least 1,5GHz, according to http://en.wikipedia.org/wiki/VIA_C7
          > >
          > > http://www.ewiz.com/detail.php?p=MB-V21G
          > > http://www.pcchips.com.tw/PCCWeb/Products/ProductsDetail.aspx?DetailID=384&MenuID=49&LanID=0
          > >
          > > Compare this price with what VIA charges for its own boards!!!
          > >
          > > Now only problem is to find out which C7 processor this board has, whether it has a fan-controlling chip, and a Flex-ATX box with tiny power supply.
          > >
          > > Else, I hope that ASUS will release a Terminator C7 soon. :)
          >
          > Its a good find...The thing about C7 is that the performance isn't what you expect. At best, its about 10% (overall) faster compared to the older C3 "Nehemiah". (Like the old PIII, a bigger bus doesn't do much for the C3 or C7.)

          I'd be happy with C3 Nehemiah, but it looks like PC CHIPS has skipped Nehemiah completely, and only has C3 Samuel 2 and C7 Esther processors in their boards. And Terminator C3 specifically has a Samuel 2 processor (at least, mine does), so C7 _is_ like 50% faster than C3 (of the same clock) in this respect. :)

          > The C7 comes in a few speed grades...If you want fanless, go for 1.2Ghz or slower.

          I'd like that, but unfortunately, sellers of PC CHIPS motherboards usually seem to offer only the fastest of the embedded processors, I guess, to satisfy the Desktop users. For example, when it comes to AMD Geode NX, only the NX 1750 model is available.

          But this is not a problem with C7, as according to the VIA C7 web-page, C7 consumes 1 W of power on average (!), it's only the peak power that can go up to 20W on 2.0GHz, so with proper system load and fan-controlling chip (it looks like PC CHIPS V21G should have some ITE chip, according to the pictures), there is no problem as far as noise is concerned. :)

          I'd really be happy to see a dmesg from V21G, if you have one. :)

          Cheers,
          Constantine.

          Comments
          1. By Anonymous Coward (211.30.242.137) on

            >
            > I'd really be happy to see a dmesg from V21G, if you have one. :)
            >
            > Cheers,
            > Constantine.

            Unfortunately, I can't find any in Australia...But I do see alot of EPIA mobos. I've got the PD10000 (C3 1Ghz "Nehemiah") with Dual WAN connections.

  11. By RC (71.105.39.54) on http://rc.xoompages.com/

    If anyone is interested in a mini-distro of OpenBSD, rather than working through the flashdist hassle, see http://rc.xoompages.com/

    I put it together because all other mini-distros like emBSD were so terribly out-of-date, limited and very buggy.

    UnnamedBSD is mostly just a stock install of OpenBSD 3.8 base, stripped of a tremendous ammount of unnecessary files (compilation-related, redundant database sets, perl, many redundant files into symlinks, etc.--it's amazing how much in base is completely unnecessary), while still being a full-fledged OpenBSD system.

    The kernel is 100% stock (just gzipped for space) so it fully supports any device 3.8 does. What's more, you can install any of the OpenBSD 3.8 binary packages (and/or dist sets) without any extra effort or tweaking, giving you access to any additional programs you might want or need.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]