Well – after getting a new teacher at my school, there was a big change in the setup of the network – and one of the new things he came up with was getting a Soekris as Firewall. That´s a little special machine (i386) that I have the luck to play with. After doing some research about the way to install – I discovered that it was not possible to install Arch Linux on this machine – so I have to find another distro to put on this machine. My choice became Debian – becaurse others have done that. And in making the TFTPboot server there was some good documentation about tftp in debian – so that’s why I’d allso choose this to be mine install-server. So here’s my way of making this to work:
Preparing the install:
Well to begin with you’ll need the following things to get this to work:
1 Soekris Net4801
1 x CFcard or 1 x2,5″”harddirve
1 normal Debian installed PC with COM port
1 NULLmodem cable
Internet connection + switch
Proberly a CFcard reader (if using CFcards)
In this example the following machine should be taken for granted:
Soekris Net4801 –> 192.168.0.202
DHCP-TFTP Server –> 192.168.0.11
Router –> 192.168.0.1
To begin with start installing the Debian on the PC – that you will use for DHCP- and TFTP server. afterwards we need some programs to make this works – so let’s install those:
$# apt-get install tftp-hpa dhcp minicom
DHCP Server:
Then afterwards we have installed those – we need to configure these to match the Soekris. Forst of all the setup of the DHCP-server, the conf file is /etc/dhcp.conf:
# Configurationfile for the DHCP-server
option domain-name “your domain.xx”; # The subnet subnet 192.168.0.0 netmask 255.255.255.0 { host NAME-OF-SOEKRIS { |
This should be enough to make the DHCP server running – when you run into problems – look in /var/log/syslog for solutions.
TFTP server:
This could be a little more tricky – but nothing to worry about. You’ll have to make a file called /etc/bootptab with these parametres in:
# The bootptab file
client:\ |
Then you’ll have to edit the file /etc/default/tftp-hpa to look like this:
# Defaults for tftp-hpa RUN_DAEMON=”yes” OPTION=”-l -s /var/lib/tftpboot” |
It’ s also possible to make it run by using inetd.conf – but for me this was the best solution.Then you’ll have to put secure the following line is in /etc/inetd.conf:
tftp dgram udp wait root /usr/sbin/in.tftpd /usr/sbin/in.tftpd -v -v -p -u tftpd -s /var/lib/tftpdboot |
---|
in this file you can also put in > -v -v < before the -l to make more output in the logfile.
The image:
The image to load on to the Soekris is a Debian image – and can be downloaded here at the Debian wesite
this image needs to be changed a bit – so download the image – put it into the Directory – /var/lib/tftpboot/
$# tar -xvzf netboot.tar.gz |
---|
Afterwards you’ll have to do following changes:
# Rename pxelinux.cfg to pxelinux.cfg_old (move it out of the way)
# Move pxelinux.cfg.serial-9600 to pxelinux.cfg
And that´s it – you’ re now ready trying to install the image ……..
Soekris:
To get in touch with the Soekris machine you need to connect the Soekris (using the NULLmodem cable) to the COMport on the machine. Then start a console and start minicom:
$# minicom |
---|
To begin with you’re still offline – that’s becaurse we’re need to change the BAUD to the rigth speed. SO press these commands:
CTRL+A – o (serial setup) e – f -enter -enter – save as default – exit
now we have changed the speed to 19200BAUD – CTRL-A – X exitting minicom – then start it up again – if still not online – go into the serial setup again – and change the console port. When you’ re able to be online – restart the Soekris and after the memorytest – press CTRL-P to interrupt the bootsequence. The next step is to get the Soekris to boot on the network – so the commandline in minicom for this are:
> boot f0 |
---|
Then you can see the machine getting the IP 192.168.0.202 – starting the TFTP – and afterwards a lot og strange things happend with the curser – it blinks in the top of the left corner – writing some lines here – DON’T WORRY – ITS NORMAL – now all you have to do is wait – here at my network it takes almost ½hour before getting somewhere – suddenly the screen changes to some funny signs and letters – that’ s becaurse you´ll now have to change the BAUD again – this time it should be set for 9600BAUD – save as default.
The installing face:
The installing face are almost – if not exactly like doing a normal debian install – so just do what you’re normally do. After the install is finish – then the problems begins -becaurse I haven’t been able to make changes in the grub/menu.lst – so I have to take out the CFcard and mount it on another machine – to manully edit grub to work on a Soekris. Here is what your menu.lst should look like:
# Grubconfigfile default 0 timeout 5 serial –unit=0 –speed=9600 terminal serialtitle Debian GNU/linux kernel ???? root (hd0,0) kernel /vmlinuz-????? root=/dev/hda? ro console=ttyS0,9600n81 initrd /initrd.img???? savedefault boot |
This is depending on wich kernel you’ll get during the install – BUT about wich drive is the root device – I can’ t tell – I have installed 3machine ny this metode – all with CFcards – one was hda – the other 2 was hdb ??? – so try find it out.
Now you can plug the CFcard/harddrive back into the Soekris and finishing the installation.
I have experienced some problems about the /etc/apt/source.list – but this command clear the files – and make everything to work:
$# dpkg –clear-avail |
---|
So hopefully you’ll now have a Soekris with a Debian installation on – This machine could also be used for printserver- Webserver – firewall etc etc. The big pointer here is the power – its only using 12V – and less than 10WATT!
I have the idea that use mine for a Router/firewall for my network with WAN-LAN-DMZ and WIRELESS. I had to do a lot of reading about IPTABLES and a lot of other stuff, but in the end I was able to build my own firewall exactly like I wanted with IPTABLES. The script for 4NICSare placed under scripts. The only thing I can say about my network rigth now – is Wouv – its damn quiet at the office.
Thanks to:
Søren Boll Overgård
Jakob Sparre
Mathias Mejborn
Sslug.dk
Linuxin.dk
O´reilly´s IPTABLES pocket reference ISBN 0-596-00569-5
For helping out with my problems and questions about this installation.