Contributed by sean on from the fooling-around-with-tiny-computers dept.
Soekris FunTable Of Contents:
I have a real soft spot for small computers and a real hatred for black box systems. The smaller the computer the more I will like it and the Soekris line is no exception. I was introduced to these computers a few years ago and have been yearning for reasons to make my employer buy a whole bunch of them to do something neat. Their price is unfortunately kind of steep for a toy which may or may not have any use other than messing around (relative to say an Xbox or Playstation) so I had to wait until I could get my hands on one before exploring further.
Now that I have a few to play with I've been having nothing but fun with them. They are a great platform to learn how the OpenBSD boot process works as well as figuring out how all the pieces of OpenBSD fit together in excrutiating detail. As well, being compact flash based and being relatively low power these boards make great firewalls and 'quick fix' appliances.
Unfortunately it wasn't all a smooth ride getting my first machine up and running. It tried a few different 'tools' to setup and build an image for the machine and fought with my lack of knowledge regarding drive geometry. In order to save you a headache or two I will explain how to get a machine up and running from start to finish.
Since this isn't a 'small' topic I will be writing a number of articles which will take you through building a default image (ie. this article) through setting up a flexible imaging environment as well as setting up the device for some common appliance like situations (ie. such as a firewall, transparent bridge for spamd, traffic inspection and the ever amusing dsniff, and maybe even how to set up a WAP once I figure out how to get it right).
For the purposes of this article I will be referring to the NET4501 (as that's what I have) but the following procedures should work for good number of other CF based i386 systems (such as the WRAP boards). This machine is a tiny 486 with three network interfaces (sis) and a wee bit of RAM (in my case 64MB). It is by no means a speed demon but as far as I'm concerned, more fun than a barrel of monkeys.You will need the following:
- A NET4501 board and power supply.
- A computer with OpenBSD i386 installed.
- Access to either the OpenBSD CD set or an FTP mirror.
- A supported compact flash reader. I have found that many that act as a mass storage device 'just' work but you might want to test this.
- A DB9 female to DB9 female null modem serial cable.
- A compact flash card 32MB or greater. I'm using 64MB cards but CF cards prices have fell through the floor in the past year so finding one shouldn't be too hard.
You will need to have OpenBSD installed on your 'staging' machine and you will need to install the source tree either from the OpenBSD CD, FTP or CVS. Once you have it ready to go. Make yourself a folder to work in. I've chosen /home/soekris. This is where we will work from and store the image sets so we don't have to mess around with the current installation and allow for a bit more customization for different image sets.
Next you will need to download flashdist which is a shell script package written by Chris Cappuccio to bootstrap OpenBSD installations onto compact flash media. I have tried a few different packages to accomplish this though flashdist is definitely the best I've come across. I would suggest de-archiving the downloaded tar-ball into /home/soekris and keep the folder name as it is (again to makes things easier on you if you need to switch versions of flashdist). As of this article the current version is currently 20061013.
root@craptop:~$ mkdir /home/soekris root@craptop:~$ lynx -source http://www.nmedia.net/~chris/soekris/flashdist-20061013.tar > ~/flashdist-20061013.tar root@craptop:~$ tar xpf ~/flashdist-20061013.tar -C /home/soekris
Now that we have flashdist ready to go we need to grab the base and etc packages from the OpenBSD distribution. You can definitely use the installed versions on your machine if you want to (and have space issues) but using a separate sandbox will in the long run make your life easier when having to make different images and dealing with system upgrades. Either grab base40.tgz and etc40.tgz off of the OpenBSD CD's or the FTP site and place them in a safe place (I put them in /home/soekris/obsd).Before we can go any further we will need to build a kernel that is setup and small enough to work with the NET4501. Luckily the flashdist package includes a kernel config for you that (as of 3.9) works right out of the box. Previous versions needed some mangling to take care of some dependancies not included but since things have stabilized 'it should just work.' First thing off when building a new kernel is to setup the build environment. This is pretty simple and very easy to forget so let's just get it out of the way.
root@craptop:~$ cd /usr/src root@craptop:~$ make obj
This will run through the source tree and build a bunch of symlinks and setup our build environment.
Next we need to copy the kernel config we have chosen into the proper place, setup the kernel build environment and then make our new kernel. Note we are not replacing the kernel on the local machine, we are creating one to use solely on our NET4501.
root@craptop:~$ cd /usr/src/sys/arch/i386/conf/ root@craptop:~$ cp /home/soekris/flashdist-20061013/NET4501 . root@craptop:~$ config NET4501 root@craptop:~$ cd ../../compile root@craptop:~$ make depend && make
Once the compile is done successfully you will have a kernel located at /usr/src/sys/arch/i386/compile/NET4501/bsd remember that location as you will need it shortly.
Building your first image:
So now we have everything we need ready to build an image to boot with this NET4501. In order to keep things organized into a nice little sandbox we will call this sandbox newimage and place it in /home/soekris/newimage. Go a head and create your sandbox and extract the contents of base40.tgz and etc40.tgz into that folder but do not forget to preserve permissions (or you will quickly get a headache).
root@craptop:~$ mkdir /home/soekris/newimage root@craptop:~$ tar zxpf /home/soekris/obsd/base40.tgz -C /home/soekris/newimage/ root@craptop:~$ tar zxpf /home/soekris/obsd/etc.tgz -C /home/soekris/newimage/
Now we have the basic set of files needed to choose from and build a complete bootable system. If you want to add new things to this sandbox we will go over that later but for now this is all we need to get you started.
From here out we will be playing with the flashdist script itself. Let's go into our flashdist folder and see what we have available. You can go the flashdist website to get a general description of what each of the files are but in the following listing I've emboldened the files we will be talking about.
root@craptop:~$ cd /home/soekris/flashdist-20061013/ root@craptop:~$ ls -al total 140 drwxr-xr-x 2 root wheel 512 Nov 8 00:43 . drwxr-xr-x 3 root wheel 512 Nov 8 00:43 .. -rw-r--r-- 1 root wheel 4122 Apr 13 2006 NET4501 -rw-r--r-- 1 root wheel 4285 Jan 16 2006 NET45xx -rw-r--r-- 1 root wheel 5747 Jan 16 2006 NET4801 -rw-r--r-- 1 root wheel 1439 Oct 13 14:40 NOTES -rw-r--r-- 1 root wheel 43 Apr 12 2006 boot.conf -rw-r--r-- 1 root wheel 20953 Oct 13 14:39 flashdist.sh -rw-r--r-- 1 root wheel 2174 Oct 13 14:38 flashsmall.txt -rw-r--r-- 1 root wheel 23 Apr 4 2002 fstab -rw-r--r-- 1 root wheel 111 Sep 9 2003 nshrc -rw-r--r-- 1 root wheel 3653 Oct 13 14:39 rc -rw-r--r-- 1 root wheel 877 May 20 2003 syslog.conf -rw-r--r-- 1 root wheel 6748 Apr 5 2002 ttys
- NET4501: The kernel config file we used to create our custom kernel.
- flashdist.sh: A ksh script which will be doing most of our heavy lifting.
- flashsmall.txt: This file contains a listing of every file we will be copying onto our compact flash card. The default is 32MBs and is quite spartan. We will discuss how to expand on this a bit later.
- rc: Something you might find familiar. This is the script init calls after the kernel has been loaded. A horrible analogy is the 'autoexec.bat' from MS-DOS. This RC script is stripped down and will need to be customized. More on that later.
At this point we'll just use the stock configuration provided by flashdist and get our NET4501 booting. Plug your nice new compact flash card into your compact flash reader and plug said reader into your computer (it is best to use an external reader (ie. via USB) in case you want to switch cards of different sizes as 'mass storage' is not the same as 'removable'). Once plugged in look in dmesg for the reader and get the device node for your compact flash card.
root@craptop:~$ dmesg | tail umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0:
Here you see my flash card reader is actually a multi-port device (a cheap 6 in 1 gadget I picked up online a long while ago). The flashcard I have inserted is bound to sd0 (or /dev/sd0) and is acting like a SCSI generic block device (which it is). We can do all kinds of things to it that you would do with a block device such as dd'ing it, partitioning it, making a disk label etc. Flashdist does the heavy lifting for us here so we don't have to worry about it. All we need to know is the device node we have our card on (ie. sd0).
Up until recently this step was a real pain in the butt as you had to make sure flashdist knew the geometry of the device it is writing to but now there is an 'autodetect' that which makes live easier. The following command writes out our system to the compact flash card and makes the system bootable. We are asked a few questions about some local configuration options. Like the OpenBSD installer you pretty much just need to get ENTER a bunch of times and put in a root password.The parameters to the flashdist script are as follows:
- -d: Use what the kernel 'thinks' the drive geometry to initialize the disklabel.
- sd0: The device node which we are going to write to.
- flashsmall.txt: The file set to populate the file system with.
- /usr/src/sys/arch/i386/compile/NET4501/bsd: The kernel we want to boot with.
- ../newimage/: The location of all the files specified in flashsmall.txt in our sandbox.
root@craptop:~$ cd /home/soekris/flashdist-20061013/ root@craptop:~$ ./flashdist.sh -d sd0 flashsmall.txt /usr/src/sys/arch/i386/compile/NET4501/bsd ../newimage/ flashdist.sh 20061013 email@example.com Using disk device: sd0 Using distfile: flashsmall.txt Copying kernel from: /usr/src/sys/arch/i386/compile/NET4501/bsd Please pay attention to any error messages that you may receive from the commands this script is using. If you end up having problems, they could explain why. WARNING: This will erase ALL DATA on the sd0 disk device! Press enter key to continue or Control-C to abort... Updating MBR and partition table... fdisk: sysctl(machdep.bios.diskinfo): Device not configured Note, you may ignore "sysctl(machdep.bios.diskinfo)" errors if present. Setting up disklabel... # Inside MBR partition 3: type A6 start 32 size 124896 The install script is using the following parameters: Total size of media: 125440 sectors (64225280 bytes) Bytes/Sector: 512 Sectors/Track: 32 Sectors/Cylinder: 2048 Tracks/Cylinder (heads): 64 Cylinders: 61 Press enter key to continue or Control-C to abort... Checking distribution list... Installing disklabel... # Inside MBR partition 3: type A6 start 32 size 124896 Creating new filesystem... /dev/rsd0a: 124896 sectors in 122 cylinders of 32 tracks, 32 sectors 61.0MB in 3 cyl groups (60 c/g, 30.00MB/g, 7552 i/g) Mounting destination to /tmp/flashdist.htoI30989... Checking free space on sd0... Copying OpenBSD distribution to media... done Copying bsd kernel, boot blocks, /etc/resolv.conf... Installing boot blocks... using MBR partition 3: type 166 (0xa6) offset 32 (0x20) Running MAKEDEV...done Setting up directories and links... Changing any instance of /bin/csh in /tmp/flashdist.htoI30989/etc/master.passwd to /bin/ksh Generating new RSA host key... done Generating new RSA1 host key... done Generating new DSA host key... done Please assign a root password... Password: Verify: Copying configuration files to /etc... ttys fstab rc syslog.conf boot.conf nshrc Please enter the hostname or IP address of the central log host which will receive udp syslog packets from this installation. (Press enter for none, and syslog will log to ramdisk) Loghost: Installation finished. Unmounting filesystem...done!
If for some reason the -d option doesn't work for you (and the values in dmesg do not work for some reason) then the geometry of the device can be be determined at the BIOS text sent to the serial port when the NET4501 boots up. The NET4501 boot messages are as follows with the drive geometry for our card in bold.
POST: 0123456789bcefghipajklnopq,,,tvwxy^[[2J comBIOS ver. 1.28 20050527 Copyright (C) 2000-2005 Soekris Engineering. net45xx CPU 80486 133 Mhz 0064 Mbyte Memory Pri Mas SanDisk SDCFB-64 LBA 490-8-32 62 Mbyte Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int ------------------------------------------------------------------- 0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000 0:16:0 1260 3873 02800001 0117 0290 10 3C 00 A0000008 00000000 10 0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0001000 11 0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0002000 05 0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0003000 09 5 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
At this point we are done and can unplug the card from our reader and plug it into our NET4501. It would be safer to unplug the reader if you can as reading or writing to the device node while there is no card in the reader would net you a kernel panic (which is never fun). If you cannot unplug the reader for any reason, you can pull the card but just be careful not try to read or write from the device node (ie. sd0).
Booting and playing around:
Since the NET4501 doesn't have a VGA display output we are going to have to use a serial console to connect to the machine. You can use ethernet to connect via SSH but you won't see the boot messages nor be able to get into the BIOS should things need fiddling. Plug the newly minted compact flash card into your soekris and grab your null modem cable , connect it to your serial port and to the serial port on the NET4501.
You can use any terminal emulator you wish but since I'm lazy I'll use whatever comes stock with OpenBSD (which in this case is cu(1)). cu isn't exactly the most straight forward application and can be down right confusing (and frustrating) if you don't read man page or understand it. Connecting is pretty simple if you know what serial port you are using. In this case I'm using tty00 (which is analogolus to COM1 in MS-DOS, cu(1) also defaults to a speed of 9600 but the NET4501 uses 19200.
root@craptop:~$ cu -l /dev/tty00 -s 19200 Connected
Not very entertaining huh! Now you might be wondering how do I quit this application? You've probably tried CTRL-D (ie. EOF) or CTRL-C (ie. break) or even CTRL-Z (suspend) only to find out that neither is working. You could read the man page and scratch your head a bit (if you don't know what all those key symbols mean). But I'll save you the headache. To quit cu all you have to do is clear whatever line you are on of input (hit enter a few times) and type a tilde (ie. SHIFT-`) and then hit CTRL-D. After which you will see [EOT] and get your shell prompt back. If this doesn't work your current line isn't cleared or your typing the sequence wrong. I would suggest trying this a few times to get the hang of it.
Well you can now plug in your NET4501 and watch it boot through the serial console. If you don't see anything you either haven't used the right serial cable (you need a null modem cable) or you are not using the right serial port or speed. Booting looks as follows.
root@craptop:~$ cu -l /dev/tty00 -s 19200 Connected POST: 0123456789bcefghipajklnopq,,,tvwxy^[[2J comBIOS ver. 1.28 20050527 Copyright (C) 2000-2005 Soekris Engineering. net45xx CPU 80486 133 Mhz 0064 Mbyte Memory Pri Mas SanDisk SDCFB-64 LBA 490-8-32 62 Mbyte Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int ------------------------------------------------------------------- 0:00:0 1022 3000 06000000 0006 2280 00 00 00 00000000 00000000 0:16:0 1260 3873 02800001 0117 0290 10 3C 00 A0000008 00000000 10 0:18:0 100B 0020 02000000 0107 0290 00 3F 00 0000E001 A0001000 11 0:19:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0002000 05 0:20:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0003000 09 5 Seconds to automatic boot. Press Ctrl-P for entering Monitor. Using drive 0, partition 3. Loading..... probing: pc0 com0 com1 pci mem[639K 63M a20=on] disk: hd0+ >> OpenBSD/i386 BOOT 2.10 switching console to com0 >> OpenBSD/i386 BOOT 2.10 com0: changing speed to 19200 baud in 5 seconds, change your terminal to match! com0: 19200 baud boot> booting hd0a:/bsd: 1695608+220956 [52+94129+84928]=0x1ffbac entry point at 0x200120 [ using 179480 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2006 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 4.0 (NET4501) #0: Sat Nov 4 10:53:20 CST 2006 root@craptop:/usr/src/sys/arch/i386/compile/NET4501 cpu0: AMD Am486DX4 W/B or Am5x86 W/B 150 ("AuthenticAMD" 486-class) cpu0: FPU real mem = 66678784 (65116K) avail mem = 57319424 (55976K) using 839 buffers containing 3436544 bytes (3356K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 20/50/27, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf0000/0x10000 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) elansc0 at pci0 dev 0 function 0 "AMD ElanSC520 PCI" rev 0x00: product 0 stepping 1.1, CPU clock 133MHz, reset 0 gpio0 at elansc0: 32 pins sis0 at pci0 dev 18 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 11, address 00:00:24:c1:d9:c8 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 19 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 5, address 00:00:24:c1:d9:c9 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 20 function 0 "NS DP83815 10/100" rev 0x00, DP83815D: irq 9, address 00:00:24:c1:d9:ca nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 isa0 at mainbus0 isadma0 at isa0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0:
Congratulations! You now have a bootable NET4501 and you can login and poke around. As the default configuration isn't quite helpful (since odds are you don't have the IP addresses the defaults are set for) it gives you a basis to play around. In the next article I'll get into how to make changes and how to setup a flexible imaging environment to save you heart ache and headaches.
If you have any questions or suggestions as to what I should cover please make comments below, I promise I'll read every one (even the damned trolls).
See you next time! Same puffy time, same puffy channel!
(Comments are closed)