Soekris Net4801 Debian

Well – after getting a new teacher at my school, there was a big change in the setup of the network – and one of the new things he came up with was getting a Soekris as Firewall. That´s a little special machine (i386) that I have the luck to play with. After doing some research about the way to install – I discovered that it was not possible to install Arch Linux on this machine – so I have to find another distro to put on this machine. My choice became Debian – becaurse others have done that. And in making the TFTPboot server there was some good documentation about tftp in debian – so that’s why I’d allso choose this to be mine install-server. So here’s my way of making this to work:

Preparing the install:

Well to begin with you’ll need the following things to get this to work:

1 Soekris Net4801
1 x CFcard or 1 x2,5″”harddirve
1 normal Debian installed PC with COM port
1 NULLmodem cable
Internet connection + switch
Proberly a CFcard reader (if using CFcards)

In this example the following machine should be taken for granted:
Soekris Net4801 –> 192.168.0.202
DHCP-TFTP Server –> 192.168.0.11
Router –> 192.168.0.1

To begin with start installing the Debian on the PC – that you will use for DHCP- and TFTP server. afterwards we need some programs to make this works – so let’s install those:
$# apt-get install tftp-hpa dhcp minicom

DHCP Server:

Then afterwards we have installed those – we need to configure these to match the Soekris. Forst of all the setup of the DHCP-server, the conf file is /etc/dhcp.conf:

# Configurationfile for the DHCP-server

option domain-name “your domain.xx”;
option domain-name-servers 000.000.000.000;
allow booting;
allow bootp;

# The subnet
option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.200 192.168.0.250;
option broadcass-address 192.168.0.255;
option routers 192.168.0.1;
}

host NAME-OF-SOEKRIS {
filename “/pxelinux.0”;
server-name “192.168.0.11”;
next-server 192.168.0.11;
hardware ethernet XX:XX:XX:XX:XX:XX:XX; # MACaddress of the Soekris
fixed-address 192.168.0.202;
}

This should be enough to make the DHCP server running – when you run into problems – look in /var/log/syslog for solutions.

TFTP server:

This could be a little more tricky – but nothing to worry about. You’ll have to make a file called /etc/bootptab with these parametres in:

# The bootptab file

client:\
hd=/tftpboot:\
bf=/pxelinux.0:\
ip=192.168.0.11:\
sm=255.255.255.0:\
sa=192.168.0.11:\
ha=XX:XX:XX:XX:XX:XX.\ –> Soekris MACADDRESS

Then you’ll have to edit the file /etc/default/tftp-hpa to look like this:

# Defaults for tftp-hpa
RUN_DAEMON=”yes”
OPTION=”-l -s /var/lib/tftpboot”

It’ s also possible to make it run by using inetd.conf – but for me this was the best solution.Then you’ll have to put secure the following line is in /etc/inetd.conf:

tftp     dgram udp     wait     root    /usr/sbin/in.tftpd /usr/sbin/in.tftpd -v -v -p -u tftpd -s /var/lib/tftpdboot

in this file you can also put in > -v -v < before the -l to make more output in the logfile.

The image:

The image to load on to the Soekris is a Debian image – and can be downloaded here at the Debian wesite
this image needs to be changed a bit – so download the image – put it into the Directory – /var/lib/tftpboot/

$# tar -xvzf netboot.tar.gz

Afterwards you’ll have to do following changes:
# Rename pxelinux.cfg to pxelinux.cfg_old (move it out of the way)
# Move pxelinux.cfg.serial-9600 to pxelinux.cfg
And that´s it – you’ re now ready trying to install the image ……..

Soekris:

To get in touch with the Soekris machine you need to connect the Soekris (using the NULLmodem cable) to the COMport on the machine. Then start a console and start minicom:

$# minicom

To begin with you’re still offline – that’s becaurse we’re need to change the BAUD to the rigth speed. SO press these commands:
CTRL+A – o (serial setup) e – f -enter -enter – save as default – exit
now we have changed the speed to 19200BAUD – CTRL-A – X exitting minicom – then start it up again – if still not online – go into the serial setup again – and change the console port. When you’ re able to be online – restart the Soekris and after the memorytest – press CTRL-P to interrupt the bootsequence. The next step is to get the Soekris to boot on the network – so the commandline in minicom for this are:

> boot f0

Then you can see the machine getting the IP 192.168.0.202 – starting the TFTP – and afterwards a lot og strange things happend with the curser – it blinks in the top of the left corner – writing some lines here – DON’T WORRY – ITS NORMAL – now all you have to do is wait – here at my network it takes almost ½hour before getting somewhere – suddenly the screen changes to some funny signs and letters – that’ s becaurse you´ll now have to change the BAUD again – this time it should be set for 9600BAUD – save as default.

The installing face:

The installing face are almost – if not exactly like doing a normal debian install – so just do what you’re normally do. After the install is finish – then the problems begins -becaurse I haven’t been able to make changes in the grub/menu.lst – so I have to take out the CFcard and mount it on another machine – to manully edit grub to work on a Soekris. Here is what your menu.lst should look like:

# Grubconfigfile
default 0
timeout 5
serial –unit=0 –speed=9600
terminal serialtitle Debian GNU/linux kernel ????
root (hd0,0)
kernel /vmlinuz-????? root=/dev/hda? ro console=ttyS0,9600n81
initrd /initrd.img????
savedefault
boot

This is depending on wich kernel you’ll get during the install – BUT about wich drive is the root device – I can’ t tell – I have installed 3machine ny this metode – all with CFcards – one was hda – the other 2 was hdb ??? – so try find it out.
Now you can plug the CFcard/harddrive back into the Soekris and finishing the installation.
I have experienced some problems about the /etc/apt/source.list – but this command clear the files – and make everything to work:

$# dpkg –clear-avail

So hopefully you’ll now have a Soekris with a Debian installation on – This machine could also be used for printserver- Webserver – firewall etc etc. The big pointer here is the power – its only using 12V – and less than 10WATT!

I have the idea that use mine for a Router/firewall for my network with WAN-LAN-DMZ and WIRELESS. I had to do a lot of reading about IPTABLES and a lot of other stuff, but in the end I was able to build my own firewall exactly like I wanted with IPTABLES. The script for 4NICSare placed under scripts. The only thing I can say about my network rigth now – is Wouv – its damn quiet at the office.

Thanks to:

Søren Boll Overgård
Jakob Sparre
Mathias Mejborn
Sslug.dk
Linuxin.dk

O´reilly´s IPTABLES pocket reference ISBN 0-596-00569-5

For helping out with my problems and questions about this installation.