[Sussex] Soekris question for Steve D
Steve Dobson
steve at dobson.org
Sun Feb 26 20:29:58 UTC 2006
Ronan
On Sun, 2006-02-26 at 19:00 +0000, Ronan Chilvers wrote:
> Question for Steve D here. I think you mentioned some time ago that you
> used a soekris box for your home firewall. Can you fill in some
> details? Where did you get it, specs, debian install gotchas, things
> you like, things you don't like?
I use a net4801 (with 128MB ram) which I got from http://www.kd85.com/.
At first I did the old PXE boot thing using another machine on the LAN
as the network boot disk server for it. I notice from Andy's reply that
there are now some more up to date install instructions.
However, if you buy the net4801 (rather than the net4501 - I have both)
you can make use of the disk interface and put a laptop HDD in the box
too. You need the hard disk mounting kit to do it but at 9 Euros it is
a very small price to pay - especially if you already have a spare
laptop disk.
There are no install gotchas for Debian (sarge), but as the system has
no display hardware you do need to configure the thing for serial
console. Also you have to do the install on a machine with a CDROM
drive - the net4801 can only has one IDE interface and the flash takes
up the one. You can switch between the HDD/Flash as primary in the BIOS
(set FLASH=PRIMARY/SECONDARY). Just install a basic i386 system and
configure the kernel (and grub) to use the serial port as console.
The default Soekris is 19200 baud, eight bits, no parity and 1 stop bit.
The configuration below is set to match this.
In /etc/grub/menu.lst:
* Add
###################################################################
## Serial/Console setup
###################################################################
#
# Setup serial (COM0) here with baudrate 19200
serial --unit=0 --speed=19200 --word=8 --parity=no --stop=1
terminal serial
* Also add "console=ttyS0,19200" to the boot kernel option lines.
There was also, IIRC, some talk in the serial grub docs of removing some
graphics line. I don't think Debian uses that option, but check the
web.
You also need to edit /etc/inittab. Find the line for T0 that is
commentted out that runs getty on ttyS0 and add one like this:
T0:23:respawn:/sbin/getty -L ttyS0 19200 vt100
You can test this all works on your install machine. Connect a null
modem cable to COM1 to another machine (yes you do need a two computers
for this). I use minicom on another Debian machine, but you could use
HyperTerminal on a Windows). Once you see both grub and the kernel
using the serial port as console and you get a login in prompt you're
good to transfere the HDD to the Soekris box.
But just before you do comment out the tty1-6 lines in /etc/inittab as
these provide the veriual consoles which you don't get if you have not
display hardware.
> I want to change my current firewall machine for something much smaller
> and am thinking about either a fanless mini ITX machine (epia or
> similar) or a soekris. I don't want to go the router route(?) because
> I like having a linux machine doing the firewalling.
I would go with the Soekris. It is much, much smaller than a miniIPX
system and cheaper too I think.
If you want more network ports than just the three the ports provide on
the motherboad then I have used the lan1641 without problem. It just
provides four more ports of the same type as the motherboard.
Steve
P.S. If you do go with the Sokris could you please add a HDD mounting
kit (14480110) and a seven port extended case (kd85_07h) for me. I need
them, but at 39 Euros (+VAT) it isn't worth ording them on their own.
More information about the Sussex
mailing list