Well - after getting a new teacher at my school, there was a big change in the setup of the network - and one of the new things he came up with was getting a Soekris as Firewall. That´s a little special machine (i386) that I have the luck to play with. After doing some research about the way to install - I discovered that it was not possible to install Arch Linux on this machine - so I have to find another distro to put on this machine. My choice became Debian - becaurse others have done that. And in making the TFTPboot server there was some good documentation about tftp in debian - so that's why I'd allso choose this to be mine install-server. So here's my way of making this to work:
Preparing the install:
Well to begin with you'll need the following things to get this to work:
1 Soekris Net5501
1 x CFcard or 1 x2,5""harddirve
1 normal Debian installed PC with COM port
1 NULLmodem cable
Internet connection + switch
Proberly a CFcard reader (if using CFcards)
In this example the following machine should be taken for granted:
Soekris Net5501 --> 192.168.0.10
DHCP-TFTP Server --> 192.168.0.20
Router --> 192.168.0.1
To begin with start installing the Debian on the PC - that you will use for DHCP- and TFTP server. afterwards we need some programs to make this works - so let's install those:
| $# apt-get install tftpd-hpa dhcp minicom |
DHCP Server:
Then afterwards we have installed those - we need to configure these to match the Soekris. Forst of all the setup of the DHCP-server, the conf file is /etc/dhcp.conf:
|
# Configurationfile for the DHCP-server option domain-name "your domain.xx"; subnet 192.168.0.0 netmask 255.255.255.0 { |
This should be enough to make the DHCP server running - when you run into problems - look in /var/log/syslog for solutions.
TFTP server:
After installing the tftpd-hpa server, the default directory on the server are /srv/tftp. In there we're need to put our image (this version - squeeze) - get the file here - unzip in /srv/tftp - Then you're done about setting the image up.
Then you'll have to edit the file /etc/default/tftpd-hpa to look like this:
| # /etc/default/tftpd-hpa TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" TFTP_ADDRESS="192.168.0.20:69" TFTP_OPTIONS="-l -s -v" |
It' s also possible to make it run by using inetd.conf - but for me this was the best solution.Then you'll have to put secure the following line is in /etc/inetd.conf:
tftp dgram udp wait root /usr/sbin/in.tftpd /usr/sbin/in.tftpd -v -v -p -u tftpd -s /var/lib/tftpdboot
in this file you can also put in > -v -v < before the -l to make more output in the logfile.
Soekris:
To get in touch with the Soekris machine you need to connect the Soekris (using the NULLmodem cable) to the COMport on the machine. Then start a console and start minicom:
$# minicom
To begin with you're still offline - that's becaurse we're need to change the BAUD to the rigth speed. SO press these commands:
CTRL+A - o (serial setup) e - f -enter -enter - save as default - exit
now we have changed the speed to 19200BAUD - CTRL-A - X exitting minicom - then start it up again - if still not online - go into the serial setup again - and change the console port. When you' re able to be online - restart the Soekris and after the memorytest - press CTRL-P to interrupt the bootsequence. The next step is to get the Soekris to boot on the network - so the commandline in minicom for this are:
> boot f0
Then you can see the machine getting the IP 192.168.0.202 - starting the TFTP - and afterwards a lot og strange things happend with the curser - it blinks in the top of the left corner - writing some lines here - DON'T WORRY - ITS NORMAL - now all you have to do is wait - here at my network it takes almost ½hour before getting somewhere - suddenly the screen changes to some funny signs and letters - that' s becaurse you´ll now have to change the BAUD again - this time it should be set for 9600BAUD - save as default.
The installing face:
The installing face are almost - if not exactly like doing a normal debian install - so just do what you're normally do. After the install is finish - then the problems begins -becaurse I haven't been able to make changes in the grub/menu.lst - so I have to take out the CFcard and mount it on another machine - to manully edit grub to work on a Soekris. Here is what your menu.lst should look like:
| # Grubconfigfile default 0 timeout 5 serial --unit=0 --speed=9600 terminal serial title Debian GNU/linux kernel ???? root (hd0,0) kernel /vmlinuz-????? root=/dev/hda? ro console=ttyS0,9600n81 initrd /initrd.img???? savedefault boot |
This is depending on wich kernel you'll get during the install - BUT about wich drive is the root device - I can' t tell - I have installed 3machine ny this metode - all with CFcards - one was hda - the other 2 was hdb ??? - so try find it out.
Now you can plug the CFcard/harddrive back into the Soekris and finishing the installation.
I have experienced some problems about the /etc/apt/source.list - but this command clear the files - and make everything to work:
| $# dpkg --clear-avail |
So hopefully you'll now have a Soekris with a Debian installation on - This machine could also be used for printserver- Webserver - firewall etc etc. The big pointer here is the power - its only using 12V - and less than 10WATT!
I have the idea that use mine for a Router/firewall for my network with WAN-LAN-DMZ and WIRELESS. I had to do a lot of reading about IPTABLES and a lot of other stuff, but in the end I was able to build my own firewall exactly like I wanted with IPTABLES. The script for 4NICS can be downloaded here or under script in the main menu. The only thing I can say about my network rigth now - is Wouv - its damn quiet at the office.
O´reilly´s IPTABLES pocket reference ISBN 0-596-00569-5