DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th November 2013
albator albator is offline
Port Guard
 
Join Date: Jul 2011
Location: France
Posts: 38
Thanked 0 Times in 0 Posts
Default Fanless firewall

Hi,

I am aiming at installing an OpenBSD firewall for home usage (with only two or three PC connected).

Did any of you tried this ?
http://www.wdlsystems.com/Box-PC/Lig...-and-Dual.html

I found this on the misc mailing list, but it diverted into talks about SD cards :
http://marc.info/?l=openbsd-misc&m=123964416120381&w=2

Specifications :

Processor MSTI PDX-600 -1GHz (Fanless)
Memory 512 MB DDR2 onboard
VGA XGI Z9S with 32MB DDR2
1st Eth Int Integrated 10/100 Mbps LAN
2nd Eth Int Realtek 8100B 10/100Mbps LAN
BIOS AMI BIOS

Would it be powerfull enough ? (The processor is an equivalent of a 486DX)

I found this as an alternative :
http://store.netgate.com/ALIX6F2-Kit...d-P345C82.aspx

Last edited by albator; 28th November 2013 at 08:42 PM. Reason: netgate link
Reply With Quote
  #2   (View Single Post)  
Old 28th November 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by albator View Post
Would it be powerfull enough ?
This depends on your needs.
Quote:
I found this as an alternative :
http://store.netgate.com/ALIX6F2-Kit...d-P345C82.aspx
Alix systems have been discussed extensively on misc@ for many years. There are even some threads here. They are low-powered, & nominally cheap. The NIC's aren't barn-burners, but good enough for average home use.

I run -current on a number of Alix systems myself. Other regulars here do too.

If gigabit Ethernet is a requirement, note that PC Engines is supposedly coming out with an updated model in 2014:

http://www.pcengines.ch/apu.htm

Last edited by ocicat; 28th November 2013 at 10:13 PM. Reason: clarity
Reply With Quote
  #3   (View Single Post)  
Old 29th November 2013
bsdplus bsdplus is offline
Real Name: Alan Cheng
Port Guard
 
Join Date: Jun 2009
Location: Shanghai, China
Posts: 21
Thanked 0 Times in 0 Posts
Default

100Mbps NIC could be a limiting factor when you want to copy files from one PC to another

Last edited by bsdplus; 29th November 2013 at 06:54 AM. Reason: fix MB to Mbps
Reply With Quote
  #4   (View Single Post)  
Old 29th November 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,159
Thanked 182 Times in 149 Posts
Default

See http://www.daemonforums.org/showthread.php?t=7632 for some details and pictures of my Alix system.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #5   (View Single Post)  
Old 29th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by bsdplus View Post
100Mbps NIC could be a limiting factor when you want to copy files from one PC to another
I've found that an Alix platform with three vr(4) NICs is certainly capable of 230+ Mbps in production as measured with net/nfsen. I recall a comment on misc@ that the individual Alix NICs can sustain no more than 80-85 Mbps. That aligns with my observed performance results.

Last edited by jggimi; 29th November 2013 at 04:51 PM. Reason: typo
Reply With Quote
  #6   (View Single Post)  
Old 29th November 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by jggimi View Post
I've found that an Alix platform with three vr(4) NICs...
For those interested, this is the alix2d13:

http://www.pcengines.ch/alix2d13.htm
Reply With Quote
  #7   (View Single Post)  
Old 30th November 2013
albator albator is offline
Port Guard
 
Join Date: Jul 2011
Location: France
Posts: 38
Thanked 0 Times in 0 Posts
Default

Thank you all for your answers.

The eBox might not be the best choice as not many people seem to be using it in favor of Alix or Soekris systems.
I plan to connect to the serial port over USB, so I'll search the mailing list for more feedback.

Among possible installation methods on the Alix systems there are :
- flashrd which writes directly to the compact flash
http://www.nmedia.net/flashrd/
- PXE
I found this guide which looks nice :
http://markshroyer.com/guides/router/

I was wondering if this was possible to boot through an OpenBSD USB stick and install from it as I do on my netbook. In other words, if these cards were usb bootable, and if the boot loader was accessible on the console then. But in fact it is not, leaving two ways to install.
Reply With Quote
  #8   (View Single Post)  
Old 30th November 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,159
Thanked 182 Times in 149 Posts
Default

The simplest method is to insert the Compact Flash card in an USB card reader and use an OpenBSD i386 install CD/disk to install to the CF card. You just have to do inspect the dmesg output to figure out which device name the installer is assigning to the CF card.

An example with an old 512MB CF card:

Code:
umass0 at uhub0 port 5 configuration 1 interface 0 "Genesys Logic USB Storage" rev 2.00/93.21 addr 2
umass0: using SCSI over Bulk-Only
scsibus3 at umass0: 2 targets, initiator 0
sd0 at scsibus3 targ 1 lun 0: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable
sd0: 488MB, 512 bytes/sector, 1000944 sectors
sd1 at scsibus3 targ 1 lun 1: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable
sd2 at scsibus3 targ 1 lun 2: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable
sd3 at scsibus3 targ 1 lun 3: <Generic, STORAGE DEVICE, 9321> SCSI0 0/direct removable
Here it has been detected as sd0.

If during the disk partitioning, you use a DUID (Data Unit Identifier) instead of a disk device name like sd0 it does not matter how the Alix board identifies the CF card.
The /etc/fstab file will then look something like this:
Code:
3a6d4322b09ba067.b none swap sw
3a6d4322b09ba067.a / ffs rw 1 1
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #9   (View Single Post)  
Old 30th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

The Alix motherboards do not boot from USB. They only boot from CF card or via PXE.

(The serial port's factory default speed is 38400 bps.)
Reply With Quote
Old 30th November 2013
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,888
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by albator View Post
I found this guide which looks nice :
http://markshroyer.com/guides/router/
This guide references OpenBSD 4.8 which was released in November 2010. It appears to discuss installation & general post-installation configuration. The latter is covered more completely in afterboot(8), plus the manpage is more up-to-date.

As for installation on an Alix system, the initial install onto a blank (or unrecognized...) CF card will require the most thought. The Alix BIOS supports PXE booting, & setting this up is really a useful exercise for the uninitiated. PXE requires TFTP & DHCP servers be accessible. Section 6.10 of the FAQ describes the process. Of course, having a serial connection set up is necessary to make the appropriate changes to the Alix BIOS.

...& jggimi was right on the connection speed. There was a question on misc@ just a few days ago on this very question, & apparently, the OP hadn't read PC Engines' documentation, or explored the BIOS options.
Quote:
I was wondering if this was possible to boot through an OpenBSD USB stick and install from it as I do on my netbook.
I configure tftpd(8), dhcpd(8), & connect via cu(1) over a serial connection along with a cross-over Ethernet cable (directly connecting the NIC's...) all on the same laptop. The corresponding file sets are added from a USB drive (There are other options as to the source...). Once one gets used to how the Alix is handling USB devices, the process is really straight-forward.

Last edited by ocicat; 2nd December 2013 at 08:05 PM. Reason: correction: Shroyer's guide references OpenBSD 4.8
Reply With Quote
Old 30th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

I have found that with a pair of them interconnected via null-modem cable, it is better to have the tty00 devices disabled in /etc/ttys, so that they do not interfere with one another while in multiuser mode (normal operation).

During maintenance, such as with bsd.rd for upgrades or while in single user mode, the /dev/tty00 serial port console is used without /dev/ttys. One merely need ssh into the operational platform and then connect to the system under maintenance with cu(1).
Reply With Quote
Old 1st December 2013
albator albator is offline
Port Guard
 
Join Date: Jul 2011
Location: France
Posts: 38
Thanked 0 Times in 0 Posts
Default

Thanks for all your tips, I do appreciate it.
Quote:
Originally Posted by J65nko View Post
The simplest method is to insert the Compact Flash card in an USB card reader and use an OpenBSD i386 install CD/
I didn't think about this !
Ocicat is right too in saying that going through a PXE installation could be a good exercice.

While the APU device should be a good one, I am also looking at the Shuttle DS47. It's just a little more expensive than an Alix system but more powerfull (and more power hungry I guess).

Last edited by albator; 1st December 2013 at 04:05 PM. Reason: typo
Reply With Quote
Old 1st December 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,719
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by albator View Post
Ocicat is right too in saying that going through a PXE installation could be a good exercice.
Once you've done this once, you'll likely say to yourself, "Oh. That wasn't as difficult as I expected it to be." It really is pretty easy, and operationally it has a similar convenience to USB once the two boot services (DHCP, TFTP) are configured.

There is no requirement that the boot services be the same OS that you're booting. They may also be on separate servers. As far as I know, though, there is a requirement that you used a wired Ethernet connection. I've yet to see a WiFi NIC that could be used with PXE.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tunnelling SSH though a firewall with ssh -L Carpetsmoker Guides 0 13th November 2010 09:09 PM
Needs for a firewall milo974 OpenBSD Security 1 31st December 2009 03:00 PM
PF firewall bsdnewbie999 OpenBSD General 3 28th April 2009 12:35 PM
Windows Firewall JMJ_coder Other OS 8 20th July 2008 08:22 PM
Web GUI for firewall ? giga FreeBSD General 6 8th May 2008 05:10 AM


All times are GMT. The time now is 04:12 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick