OpenBSD Journal

OpenBSD on a Soekris net4801

Contributed by grey on from the how-to's for OpenBSD? dept.

Thanks to Lionel Riem for writing on his experiences with OpenBSD on the increasingly popular soekris i386 embedded platform:

Hi,

I wrote a little howto on how to build your own embedded OpenBSD system using a Soekris net4801 and a 2.5" IDE HD.

This sytem has 3 100 Mbps interfaces and thus can act as a network gateway/firewall with a DMZ, in example.

The howto is available here and is provided "as is".

(Comments are closed)


Comments
  1. By RC (4.61.199.192) on

    I had some... how to say... electricity bill and noise problems

    Noise problems are solved by investing $10 in a couple decent, quiet 12v fans. The 80mm Enermax fans are very cheap, incredibly quiet, and tempurature controlled so they can move more air when necessary. If you you are competent at striping and splicing wires (or soldering conector, as I prefer to do) then you can handle replacing the noisy fan in your power supply. Otherwise, you'll need to spend a few dollars more to buy a cheap Enermax Power supply to get your computer totally quiet.

    As for electricity and heat, a 600MHz system is serious overkill for a router/firewall. The best thing to do is to underclock like crazy. Once your CPU is running at 133MHz, it's barely putting out noticable heat at all. (AMD processors don't seem to underclock very well... I believe it's due to the S2K Bus Disconnect issue, but running fvcool at startup would take care of that on most AMD motherboards.)

    Now then, I hope nobody minds me ranting a little bit...

    It's an incredibly nice feature to be able to put "set tty com0" in boot.conf and have everything go over the serial port, despite no hardware support for a serial console. However, I've never yet seen it work completely... If you type anything in at the BOOT> prompt, the system freezes there. So, it works if you need to manually run fsck, but not if you need to force it into single-user mode, or anything similar.

    It's also a bit crazy that there's no way to spin-down your hard drives while they are not in-use... They spin right back up, no matter what. Especially for uses like this, where the hard drive won't need to be accessed for at least days at a time, that's a real drawback to OpenBSD. I've been considering FreeBSD, since it can spindown drives, and now has PF...

    And finally, they don't make computers like they used to... (Grumble, grumble)

    Comments
    1. By Lionel Riem (212.254.187.22) on http://www.devrandom.ch

      Hi, Thanks for the feedback. Well, you're totally right, I could have managed to make it quiet. But since I got this 600 Mhz to do the job, I thought it would be a waste of Mhz too. And you can't compare the elecricity consumption of a PC with that Soekris. That was important too for me. And now, I've got that 600 Mhz Dell usable for something else.

      Comments
      1. By RC (4.61.194.226) on

        And you can't compare the elecricity consumption of a PC with that Soekris.

        The website says 15watts... My own x86-based system is running at just over double that. It's good, but not amazing.

        I hope you are happy with your new Soekris, but I'll continue to stick with my very reliable, extremely expandable, old PC.

        Comments
        1. By sthen (81.168.66.228) on

          15W is a maximum - you're probably looking more in the 5W region. There are a number of low-power modes (e.g. auto-halt, which stops the TSC) used automatically when the system is idle, significantly dropping power consumption in many situations. A number of these boards are found in small remote solar/wind-powered wireless setups.

    2. By alexandre (147.173.98.28) on

      you can spin-down IDE drives with atactl(8) when they are not in use. For instance: atactl wd0 setidle 1800 if you are using yp and/or rwho, you can use ramdisks for /var/yp/binding and /var/rwho.

      Comments
      1. By RC (4.61.194.226) on

        No, you can't I'm afraid. They spin right back up in seconds, even with no disk read/writes pending. It's a kernel thing. Unless the disk is completely unmounted, it won't stay spun-down for more than about 5 seconds.

        Comments
        1. By Daniel (212.184.120.194) on

          Yes you can. I have this working on an old 486 with a 1G Western Digital disc. The disc spins down after some time of inactivity and only spins up, when I'm logging in via ssh (this can be serveral hours later)

          Don't recall ATM if this works in my desktop, if I don't put the machine to sleep with 'zzz'. But at least if I issue the latter command, the disc will spin down too after some time and spin up only if I issue some disc reading command.

          Comments
          1. By RC (4.61.198.238) on

            The disc spins down after some time of inactivity and only spins up, when I'm logging in via ssh (this can be serveral hours later)

            Sorry, but no.

            I just tried it on a system of mine, and checked not only the power usage, but also the sound, and the output of: atactl wd0 status. In all cases, when using atactl idle, standby, sleep; the drive spins down only for about 15 seconds at most, then spins right back up. All tests confirm this, and there was nothing going on that would try to write to disk.

    3. By Anonymous Coward (204.42.254.5) on

      I've used serial console on i386 many times, am currently installingusing it. Never had a problem doing a single user boot, or boot fromalternate disk/kernel, or setting a timeout, or changing memory, orother boot commands. This goes for a variety of i386 types. Checkyour cable and use a good terminal program. I generally use tip onOpenBSD to connect to other OpenBSD servers as well as Solaris andlinux servers.

      Comments
      1. By RC (4.61.194.226) on

        I've done this on a dozen different PCs, all with verified working serial ports and all that. The nul cable was also working just fine. I always use cu.

        Comments
        1. By RC (4.61.192.56) on

          Just tested it, and I've discovered that it's been fixed, as of 3.5. I know for a fact it wasn't working for me in 3.3. I also think I tested it in 3.4, but I don't remember that clearly, so let's just say 3.3.

          Anyhow, it's working fine now. Which is a major plus.

    4. By jose (12.7.85.10) on http://monkey.org/~jose/

      actually, when you set the tty to com0 at boot>, i don't think it's freezing, it's switching over. i used to think it was freezing too but someone on a list somewhere said it wasn't and ... sure enough, i could still use it.

      Comments
      1. By RC (4.61.194.226) on

        No, I am quite sure it's freezing. I have had both monitor and serial visible, with no results. After tying in anything, even ENTER, it freezies, and even waiting several minutes for it to time-out is unsucessful.

        Appreciate the attempt though.

        Comments
        1. By grey (207.215.223.2) on

          I swear I once experienced the same problem with typing at the boot> prompt over serial console that you describe, a character or two would echo back and then it would stop responding. I seem to recall having fixed it at as well, but don't remember exactly what was done. Maybe messing around with flow control settings on your terminal program? (With the soekris at least, I find that I need to disable any RTS/CTS or hardware flow control settings - particularly if uploading new BIOS firmware).

          Comments
          1. By Anonymous Coward (209.142.209.161) on

            The last time i had strange or no output via the serial console, it was b/c i was running getty on the local machine on the same serial port i was using to connect to the other machine. That is, a serial cable was between com0 and com0 on each machine. Machine B had the standard 'set tty com0' and on machine A i had:

            tty00 "/usr/libexec/getty std.9600" vt100 on secure

            and on machine A i tried running 'tip tty00'. This would sometimes repeatedbly echo what was happening on machine B, at other times nothing would be printed, and sometimes just the boot messages would be printed but no input accepted.

            Yeah it was a little stupid mistake, and once i moved the cable to com1 on machine A, it worked a lot better.

          2. By Kurt Miller (24.46.36.183) on

            I just had the same problem. Type a char and it would freeze. I was using HyperTerminal in W2K. Switching to another program (SecureCRT) solved the problem for me.

            Comments
            1. By James Herber (217.155.229.169) jamesherbert@gmx.net on

              I also find Tera Term very good for this purpose. My old Dell P-150 laptop makes a great serial terminal ;)

    5. By Anonymous Coward (67.71.119.35) on

      Have you tried installboot(8)?

      Comments
      1. By RC (4.61.194.226) on

        Deja-vu... I got this same question on some other deadly.org thread, and there too, it was wrong, as the poster was confusing installboot with some other program... You wouldn't be the same person who posted this before have you? As I said last time, I certainly have used installboot extensively, but it has nothing to do with anything being discussed here.

  2. By sthen (81.168.66.228) on

    A nicely written and presented article, well done. By the way, OpenBSD probes all 128mb with comBIOS 1.24, so the "machine mem" step is no longer required. btw, Flashboot is well worth a look if you're interested in trying out a CF-based system (you don't even need a working OpenBSD system to use it, since there's a binary distribution that can be installed via pxeboot).

  3. By Dunceor (130.243.30.36) on

    Hmm is it only me that get page not found on the link?

  4. By Jim (198.62.124.245) on

    Would anyone mind sharing their experience/solution for using CF in a Soekris with /var on mfs. Specifically, I want to run named and dhcpd on my Soekris with as close to a generic install as possible, but haven't quite skinned the problem of /var being empty when it's mounted as a mfs during the boot. misc@ had a thread mentioning using a generic install on CF but did not elaborate/discuss running named et al. Thanks in advance. Jim

    Comments
    1. By jose (12.7.85.10) on http://monkey.org/~jose/

      i use mount_mfs to create a small /var partition. it holds all of my files i need for runtime. i keep my CF card mounted RO, and edit as needed either directly or on my laptop. works like a champ, it's my only gateway device. even the broadband folks were impressed and liked it ... and my GF likes it since she can reboot it without any hassle and it's madfast for starup times.

      anyhow, mount_mfs ... make a small partition for /var and let it be ... it's in my custom /etc/rc script for my firewall device.

      Comments
      1. By Anonymous Coward (210.239.97.65) on

        Hi Jose,thanks for the help.
        Interesting is how you deal with the following problems:
        1. On my system OpenBSD trying to do something in /dev during the boot time. How to stop this?
        2. PF logging. It's extreamly convenient to have pf logging - IDS, antispam etc. For other log files (syslog) i can redirect them to remote logging host, but this is impossible for pflog.
        3. I saw several articles describing mfs mounting, but all they was different and mostly not working. Can you post the exact line from /etc/fstab for /var mounted in mfs

        Thanks in advance

        Comments
        1. By Anonymous Coward (209.142.209.161) on

          1- make /dev an mfs
          2- how about: `tcpdump -n -e -ttt -i pflog0 | logger -t pflog`
          3- something like: 'swap /mnt mfs rw,-s=266240 0 0' in /etc/fstab. and it helps to also mention what you've tried, how that didn't work.

        2. By jose (12.7.85.10) on http://monkey.org/~jose/

          1. i modified /etc/rc heavily (actually wrote my own) to not do such things. basically all my soekris is is a kernel, a ksh interpreter for /etc/rc, a ttys file, a minimal /dev filesystem, a few basic binaries (mount_ffs, mount_mfs, route, ifconfig, pfctl), a stripped down dhclient script, and nsh, the network shell as my primary mechanism for interaction. hence i don't get /dev/ resets during a boot. all of this should be available via my minisoekris page on my website. my personal copy of nsh also can handle a dhcp interface via a callout to dhclient.

          2. i actually wrote a small tool, pflogexport, to read /dev/pflog0 and export it via encapsulated UDP datagrams to a target box (much like netflow records). i haven't updated the version on the opensoekris CVS repo with one that works right, but it should be easy to fix. this leaves no logs locally and lets me inspect them.

          3. someone else already posted a mechanism for it, mine was basically "mount_mfs -s 4096 swap /var" .... a small 4MB /var filesystem for what little i do store. works like a champ.

          hope this helps.

  5. Comments
    1. By Johan M:son Lindman (62.119.71.140) on

      I seem to recall this being an english forum, maybe you could post those links on undeadly.fr or some such?

      Comments
      1. By Anonymous Coward (66.130.40.54) on

        -I found that link helpful and interesting
        -most people outside the US speak English + their own language
        -non-english speakers usually don't complain about the OS and the docs being in english, time is spent translating it instead
        -nobody forced you to read this page
        -do you really think your whinings are more relevant to the article then the link that was provided ?????

        Comments
        1. By Johan M:son Lindman (213.114.133.76) on

          Let's put it this way, would you mail a question (or answer) in french to misc@? No? Well the same applies here... EOD.

          Comments
          1. By SH (217.215.150.208) on

            It's just a link to a home page in french with alot of pictures of a Soekris. Why work yourself up for this? /SH

          2. By Anonymous Coward (4.16.136.107) on

            The pictures are in English. Forget about it. :)

  6. By Anonymous Coward (66.108.252.16) on

    Curious to see, what does everyone's "sysctl hw.sensors.2" look like?

    Comments
    1. By Lionel Riem (212.254.187.22) on http://www.devrandom.ch/

      Mine looks, on the Soekris net4801, like that : # sysctl hw.sensors.2 hw.sensors.2=nsclpcsio0, TNSC, temp, 59.00 degC / 138.20 degF The hw.sensors.1 gives me 127 degC :/

  7. By Jimmy (68.226.139.219) on

    I am having an issue trying to set up OpenBSD 3.5 on the net4801.I loaded the OS on a CF card (two of them actually: IBM 1G, IBM 340MB) and verified the files.After powering up the Soekris, the system hangs.

    1 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
    Using drive 0, partition 3.
    Loading...
    probing: pc0 com0 com1 pci mem[639K 127M a20=on]
    disk: hd0+
    >> OpenBSD/i386 BOOT 2.06
    boot>
    booting hd0a:/bsd: 4669908+843804 [58+213376+190976]=0x5a4f48
    entry point at 0x100120

    Any ideas? The net4801 is configured:
    > show

    ConSpeed = 9600
    ConLock = Disabled
    ConMute = Disabled
    BIOSentry = Enabled
    PCIROMS = Enabled
    PXEBoot = Disabled
    FLASH = Primary
    BootDelay = 10
    BootPartition = Disabled
    ShowPCI = Enabled
    Reset = Hard

    Thanks in advance.

    Comments
    1. By thom (62.167.75.113) on

      It looks like you didn't configure /etc/boot.conf. You have to insert
      set tty com0
      stty com0 19200
      into /etc/boot.conf.

      Comments
      1. By rrm3 (138.88.42.158) on

        I think he did configure his /etc/boot.conf, I have "set tty com0" in my boot.conf on an old IBM Aptiva, and the same ("entry point") happens. I don't know what I'm doing wrong either, since I've never set up a serial console before.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]