adminguy
/
Teardowns_2020
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

u

master
Your Name 4 years ago
parent
f69e4dfa75
commit
d51dccb225
4 changed files with 4684 additions and 0 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +572
    -0
      soekris_engineering_net4801-60/resources/Debian_on_Soekris
  2. +94
    -0
      soekris_engineering_net4801-60/resources/chiark_.html
  3. +3825
    -0
      soekris_engineering_net4801-60/resources/openwrt-15051-on-soekris-net4801.html?m=1
  4. +193
    -0
      soekris_engineering_net4801-60/resources/soekris.html

+ 572
- 0
soekris_engineering_net4801-60/resources/Debian_on_Soekris View File

@ -0,0 +1,572 @@
<!DOCTYPE html>
<html lang="en" dir="ltr" class="client-nojs">
<head>
<meta charset="UTF-8" />
<title>Debian on Soekris - Strugglers</title>
<meta http-equiv="X-UA-Compatible" content="IE=EDGE" />
<meta name="generator" content="MediaWiki 1.23.5" />
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="search" type="application/opensearchdescription+xml" href="/w/opensearch_desc.php" title="Strugglers (en)" />
<link rel="EditURI" type="application/rsd+xml" href="http://strugglers.net/w/api.php?action=rsd" />
<link rel="copyright" href="http://creativecommons.org/licenses/by-sa/2.5/" />
<link rel="alternate" type="application/atom+xml" title="Strugglers Atom feed" href="/w/index.php?title=Special:RecentChanges&amp;feed=atom" />
<link rel="stylesheet" href="http://strugglers.net/w/load.php?debug=false&amp;lang=en&amp;modules=mediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.skinning.interface%7Cmediawiki.ui.button%7Cskins.vector.styles&amp;only=styles&amp;skin=vector&amp;*" />
<meta name="ResourceLoaderDynamicStyles" content="" />
<style>a:lang(ar),a:lang(kk-arab),a:lang(mzn),a:lang(ps),a:lang(ur){text-decoration:none}
/* cache key: wiki:resourceloader:filter:minify-css:7:29b70323345a439ab9ed7007e0c178a6 */</style>
<script src="http://strugglers.net/w/load.php?debug=false&amp;lang=en&amp;modules=startup&amp;only=scripts&amp;skin=vector&amp;*"></script>
<script>if(window.mw){
mw.config.set({"wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Debian_on_Soekris","wgTitle":"Debian on Soekris","wgCurRevisionId":1469,"wgRevisionId":1469,"wgArticleId":1324,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["Debian","Sysadmin"],"wgBreakFrames":false,"wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy","wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgMonthNamesShort":["","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"wgRelevantPageName":"Debian_on_Soekris","wgIsProbablyEditable":false,"wgRestrictionEdit":[],"wgRestrictionMove":[]});
}</script><script>if(window.mw){
mw.loader.implement("user.options",function($,jQuery){mw.user.options.set({"ccmeonemails":0,"cols":80,"date":"default","diffonly":0,"disablemail":0,"editfont":"default","editondblclick":0,"editsectiononrightclick":0,"enotifminoredits":0,"enotifrevealaddr":0,"enotifusertalkpages":1,"enotifwatchlistpages":1,"extendwatchlist":0,"fancysig":0,"forceeditsummary":0,"gender":"unknown","hideminor":0,"hidepatrolled":0,"imagesize":2,"math":1,"minordefault":0,"newpageshidepatrolled":0,"nickname":"","norollbackdiff":0,"numberheadings":0,"previewonfirst":0,"previewontop":1,"rcdays":7,"rclimit":50,"rows":25,"showhiddencats":0,"shownumberswatching":1,"showtoolbar":1,"skin":"vector","stubthreshold":0,"thumbsize":2,"underline":2,"uselivepreview":0,"usenewrc":0,"watchcreations":1,"watchdefault":1,"watchdeletion":0,"watchlistdays":3,"watchlisthideanons":0,"watchlisthidebots":0,"watchlisthideliu":0,"watchlisthideminor":0,"watchlisthideown":0,"watchlisthidepatrolled":0,"watchmoves":0,"wllimit":250,
"useeditwarning":1,"prefershttps":1,"language":"en","variant-gan":"gan","variant-iu":"iu","variant-kk":"kk","variant-ku":"ku","variant-shi":"shi","variant-sr":"sr","variant-tg":"tg","variant-uz":"uz","variant-zh":"zh","searchNs0":true,"searchNs1":false,"searchNs2":false,"searchNs3":false,"searchNs4":false,"searchNs5":false,"searchNs6":false,"searchNs7":false,"searchNs8":false,"searchNs9":false,"searchNs10":false,"searchNs11":false,"searchNs12":false,"searchNs13":false,"searchNs14":false,"searchNs15":false,"variant":"en"});},{},{});mw.loader.implement("user.tokens",function($,jQuery){mw.user.tokens.set({"editToken":"+\\","patrolToken":false,"watchToken":false});},{},{});
/* cache key: wiki:resourceloader:filter:minify-js:7:8d7e903275f4fc5a5ad6387c1fbe7337 */
}</script>
<script>if(window.mw){
mw.loader.load(["mediawiki.page.startup","mediawiki.legacy.wikibits","mediawiki.legacy.ajax","skins.vector.js"]);
}</script>
<!--[if lt IE 7]><style type="text/css">body{behavior:url("/w/skins/vector/csshover.min.htc")}</style><![endif]--></head>
<body class="mediawiki ltr sitedir-ltr ns-0 ns-subject page-Debian_on_Soekris skin-vector action-view vector-animateLayout">
<div id="mw-page-base" class="noprint"></div>
<div id="mw-head-base" class="noprint"></div>
<div id="content" class="mw-body" role="main">
<a id="top"></a>
<div id="mw-js-message" style="display:none;"></div>
<h1 id="firstHeading" class="firstHeading" lang="en"><span dir="auto">Debian on Soekris</span></h1>
<div id="bodyContent">
<div id="siteSub">From Strugglers</div>
<div id="contentSub"></div>
<div id="jump-to-nav" class="mw-jump">
Jump to: <a href="#mw-navigation">navigation</a>, <a href="#p-search">search</a>
</div>
<div id="mw-content-text" lang="en" dir="ltr" class="mw-content-ltr"><div class="thumb tright"><div class="thumbinner" style="width:182px;"><a href="/wiki/File:Net4801_tops.jpg" class="image"><img alt="" src="/w/images/thumb/3/3d/Net4801_tops.jpg/180px-Net4801_tops.jpg" width="180" height="198" class="thumbimage" srcset="/w/images/3/3d/Net4801_tops.jpg 1.5x, /w/images/3/3d/Net4801_tops.jpg 2x" /></a> <div class="thumbcaption"><div class="magnify"><a href="/wiki/File:Net4801_tops.jpg" class="internal" title="Enlarge"><img src="/w/skins/common/images/magnify-clip.png" width="15" height="11" alt="" /></a></div>Soekris net4801</div></div></div>
<div class="thumb tright"><div class="thumbinner" style="width:182px;"><a href="/wiki/File:Net4801_front_case.jpg" class="image"><img alt="" src="/w/images/thumb/2/2b/Net4801_front_case.jpg/180px-Net4801_front_case.jpg" width="180" height="136" class="thumbimage" srcset="/w/images/thumb/2/2b/Net4801_front_case.jpg/270px-Net4801_front_case.jpg 1.5x, /w/images/thumb/2/2b/Net4801_front_case.jpg/360px-Net4801_front_case.jpg 2x" /></a> <div class="thumbcaption"><div class="magnify"><a href="/wiki/File:Net4801_front_case.jpg" class="internal" title="Enlarge"><img src="/w/skins/common/images/magnify-clip.png" width="15" height="11" alt="" /></a></div>Front of the net4801 case</div></div></div>
<p>Recently I bought a <a rel="nofollow" class="external text" href="http://soekris.com/net4801.htm">Soekris net4801</a> from <a rel="nofollow" class="external text" href="https://kd85.com/soekris.html">kd85.com</a>. This article is about my experiences installing <a href="http://www.wikipedia.org/wiki/Debian" class="extiw" title="wikipedia:Debian">Debian</a> sarge onto it.
</p>
<div id="toc" class="toc"><div id="toctitle"><h2>Contents</h2></div>
<ul>
<li class="toclevel-1 tocsection-1"><a href="#What_is_it.3F"><span class="tocnumber">1</span> <span class="toctext">What is it?</span></a></li>
<li class="toclevel-1 tocsection-2"><a href="#Why.3F"><span class="tocnumber">2</span> <span class="toctext">Why?</span></a></li>
<li class="toclevel-1 tocsection-3"><a href="#Installation"><span class="tocnumber">3</span> <span class="toctext">Installation</span></a>
<ul>
<li class="toclevel-2 tocsection-4"><a href="#Preparing_the_net4801"><span class="tocnumber">3.1</span> <span class="toctext">Preparing the net4801</span></a></li>
<li class="toclevel-2 tocsection-5"><a href="#DHCP"><span class="tocnumber">3.2</span> <span class="toctext">DHCP</span></a></li>
<li class="toclevel-2 tocsection-6"><a href="#TFTP"><span class="tocnumber">3.3</span> <span class="toctext">TFTP</span></a></li>
<li class="toclevel-2 tocsection-7"><a href="#Installing_Debian"><span class="tocnumber">3.4</span> <span class="toctext">Installing Debian</span></a></li>
<li class="toclevel-2 tocsection-8"><a href="#Custom_kernel"><span class="tocnumber">3.5</span> <span class="toctext">Custom kernel</span></a>
<ul>
<li class="toclevel-3 tocsection-9"><a href="#CPU_and_architecture"><span class="tocnumber">3.5.1</span> <span class="toctext">CPU and architecture</span></a></li>
<li class="toclevel-3 tocsection-10"><a href="#Suspend_modulation"><span class="tocnumber">3.5.2</span> <span class="toctext">Suspend modulation</span></a></li>
<li class="toclevel-3 tocsection-11"><a href="#IDE_chipset"><span class="tocnumber">3.5.3</span> <span class="toctext">IDE chipset</span></a></li>
<li class="toclevel-3 tocsection-12"><a href="#Ethernet"><span class="tocnumber">3.5.4</span> <span class="toctext">Ethernet</span></a></li>
<li class="toclevel-3 tocsection-13"><a href="#USB"><span class="tocnumber">3.5.5</span> <span class="toctext">USB</span></a></li>
<li class="toclevel-3 tocsection-14"><a href="#Serial"><span class="tocnumber">3.5.6</span> <span class="toctext">Serial</span></a></li>
<li class="toclevel-3 tocsection-15"><a href="#Miscellaneous"><span class="tocnumber">3.5.7</span> <span class="toctext">Miscellaneous</span></a></li>
<li class="toclevel-3 tocsection-16"><a href="#TSC_autohalt_bug"><span class="tocnumber">3.5.8</span> <span class="toctext">TSC autohalt bug</span></a></li>
</ul>
</li>
<li class="toclevel-2 tocsection-17"><a href="#Compilation"><span class="tocnumber">3.6</span> <span class="toctext">Compilation</span></a></li>
</ul>
</li>
<li class="toclevel-1 tocsection-18"><a href="#Still_to_come.21"><span class="tocnumber">4</span> <span class="toctext">Still to come!</span></a></li>
</ul>
</div>
<h2><span class="mw-headline" id="What_is_it.3F">What is it?</span></h2>
<p>Soekris boards are essentially complete x86 computers on a single board. The net4801 offers the following on its main board:
</p>
<ul>
<li> 266MHz <a href="http://www.wikipedia.org/wiki/Geode_(processor)" class="extiw" title="wikipedia:Geode (processor)">Geode</a> CPU
</li>
<li> Up to 3 100M ethernet ports (NatSemi DP83816)
</li>
<li> <a href="http://www.wikipedia.org/wiki/CompactFlash" class="extiw" title="wikipedia:CompactFlash">CompactFlash</a> type I/II socket
</li>
<li> 44 pin IDE interface supporting UDMA 33
</li>
<li> Up to 256MB RAM soldered onto the board
</li>
<li> 2 serial (only one has a DB9 connector, the other is just a header)
</li>
<li> 1 USB 1.1
</li>
<li> 1 3.3v PCI slot
</li>
<li> 1 Mini-PCI type III socket
</li>
</ul>
<p>All that on a board measuring just 13.2 x 14.5cm.
</p><p>Notice there are no VGA, keyboard or mouse connectors. All communication with the net4801 goes over serial, or by normal network means once you've installed an OS on it.
</p><p>The model I bought had 128MB RAM, 3 ethernet, and came with a case 21.6 x 15 x 3cm, and I made sure to get a PSU with a UK plug! I bought a 512M CompactFlash card from elsewhere.
</p>
<h2><span class="mw-headline" id="Why.3F">Why?</span></h2>
<p>The practical goal was to get a pretty much fully-functioning Linux box onto small low-power hardware with no moving parts, to replace my home firewall/DSL router/<a href="http://www.wikipedia.org/wiki/NAT" class="extiw" title="wikipedia:NAT">NAT</a> gateway that I had running on an old PC. With no moving parts it would be silent, energy-efficient and hopefully very reliable.
</p><p>Note however that for what they are, Soekris products are very expensive! My order, after the 21% tax of Belgium (where kd85.com is) and shipping to UK, came to just over 250 Euro - and that's before the cost of the CF is counted. If you just want a Linux box that can do DSL, routing, firewalling and NAT then you will find it much cheaper to get something like a <a rel="nofollow" class="external text" href="http://www.linksys.com/products/product.asp?prid=508&amp;scid=35">Linksys WRT54G</a> and install <a rel="nofollow" class="external text" href="http://openwrt.org/">OpenWRT</a> firmware on it. Alternatively if you wanted a full machine to install your chosen operating system on then you could build a mini-ITX-based machine. That would cost more, but you'd get a much faster CPU and more memory.
</p><p>But the geek in me wanted to play with installing Debian over <a href="http://www.wikipedia.org/wiki/PXE" class="extiw" title="wikipedia:PXE">PXE</a>, having a familiar Linux distribution installed how I wanted, with a serial console to provide some administrative comforts (if you're the type of person that finds administering things over serial better than using some web interface that is...).
</p><p>There are a variety of Soekris boards and add-ons, so you can add a wifi card to make a wlan access point, or a crypto card to make a <a href="http://www.wikipedia.org/wiki/VPN" class="extiw" title="wikipedia:VPN">VPN</a> concentrator, or just add an extra 4-port ethernet to make a bigger router/firewall. The basic net4801 on its own was enough for my purposes.
</p>
<h2><span class="mw-headline" id="Installation">Installation</span></h2>
<p>Most of the installation instructions I gleaned from the following excellent sites:
</p>
<ul>
<li> <a rel="nofollow" class="external free" href="http://roland.entierement.nu/index.php/archives/2005/02/16/debian-on-soekris-howto/">http://roland.entierement.nu/index.php/archives/2005/02/16/debian-on-soekris-howto/</a>
</li>
<li> <a rel="nofollow" class="external free" href="http://www.davidcourtney.org/soekris/debian/">http://www.davidcourtney.org/soekris/debian/</a>
</li>
</ul>
<p>Things needed:
</p>
<ul>
<li> A server that can run <a href="http://www.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol" class="extiw" title="wikipedia:Dynamic Host Configuration Protocol">DHCP</a> and <a href="http://www.wikipedia.org/wiki/TFTP" class="extiw" title="wikipedia:TFTP">TFTP</a> on the same network that the net4801 would be plugged into
</li>
<li> Somewhere to get Debian from (in my case an Internet mirror, but no doubt you could set up a local mirror).
</li>
<li> A null modem cable
</li>
<li> Somewhere to plug the null modem cable into that has a terminal emulator (minicom works).
</li>
<li> A toothpick or something of similar size is useful to trigger the reset button
</li>
</ul>
<h3><span class="mw-headline" id="Preparing_the_net4801">Preparing the net4801</span></h3>
<p>I plugged an ethernet cable into the net4801's eth0, the null modem cable into the net4801's serial port, the other end into my laptop, and started a terminal emulator. The default settings for the net4801's serial console are 19200 8N1. After setting my terminal emulator to that, I then plugged the power into the net4801. I saw something like this:
</p>
<pre>
POST: 0123456789bcefghipajklnopq,,,tvwxy
comBIOS ver. 1.28 20050529 Copyright (C) 2000-2005 Soekris Engineering.
net4801
CPU Geode 266 Mhz 0128 Mbyte Memory
Pri Mas TOSHIBA THNCF512MPG LBA 993-16-63 500 Mbyte
Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int
-------------------------------------------------------------------
0:00:0 1078 0001 06000000 0107 0280 00 00 00 00000000 00000000
0:06:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0000000 10
0:07:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0001000 10
0:08:0 100B 0020 02000000 0107 0290 00 3F 00 0000E301 A0002000 10
0:18:2 100B 0502 01018001 0005 0280 00 00 00 00000000 00000000
0:19:0 0E11 A0F8 0C031008 0117 0280 08 38 00 A0003000 00000000 11
5 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
</pre>
<p>I hit Ctrl-P to get into the comBIOS.
</p><p>The first comBIOS setting to change is the serial speed; the easiest way to make every piece of software involved in booting happy is to have it all set to 9600 8N1:
</p>
<pre>
&gt; set ConSpeed 9600
&gt; reboot
</pre>
<p>At this point I had to alter my terminal emulator to 9600 as well of course.
</p>
<h3><span class="mw-headline" id="DHCP">DHCP</span></h3>
<p>I was planning to install over DHCP/PXE so for that I needed to know the MAC address of the ethernet card. An easy way to do that is to tell it to boot over the network. Ctrl-P again then:
</p>
<pre>
&gt; boot f0
</pre>
<p>The net4801 printed its MAC address to the console and started looking for a DHCP server.
</p><p>Over on my DHCP server, since I'm using ISC dhcpd, the following went into <tt>dhcpd.conf</tt>:
</p>
<pre>
host pride {
hardware ethernet 00:00:24:C4:36:DC;
fixed-address 192.168.0.7;
filename &quot;soekpxe.0&quot;;
}
</pre>
<p>At this point I rebooted the Soekris again and did <tt>boot f0</tt> to be sure that it was able to get an IP address from DHCP.
</p>
<h3><span class="mw-headline" id="TFTP">TFTP</span></h3>
<p>Back on my DHCP server, I installed a TFTP server. My DHCP server is actually <a href="http://www.wikipedia.org/wiki/Fedora_Core" class="extiw" title="wikipedia:Fedora Core">Fedora Core</a> where the correct package is <tt>tftp-server</tt>, but on Debian I would use <tt>tftpd-hpa</tt>.
</p><p><tt>/tftpboot</tt> is the default path for files to get served out of via TFTP. As I was installing Debian I needed to get the netboot installer image, <tt>netboot.tar.gz</tt> from <a rel="nofollow" class="external text" href="http://ftp.debian.org/debian/dists/stable/main/installer-i386/current/images/netboot/">a Debian download site</a>, and unpacked it in <tt>/tftpboot</tt>:
</p>
<pre>
drwxr-xr-x 4 root root 4096 Jun 10 00:35 .
drwxr-xr-x 26 root root 4096 Jun 9 23:49 ..
drwxr-xr-x 3 root root 4096 Mar 5 19:00 debian-installer/
lrwxrwxrwx 1 root root 32 Jun 10 00:00 pxelinux.0 -&gt;
debian-installer/i386/pxelinux.0
drwxr-xr-x 2 root root 4096 Jun 17 20:47 pxelinux.cfg -&gt;
debian-installer/i386/pxelinux.cfg
</pre>
<p>The <tt>pxelinux.0</tt> that comes with netboot does not work very well with the Soekris boards. A working image can be found as <tt>pxelinux.0.gz</tt> at <a rel="nofollow" class="external free" href="http://centerclick.org/net4801/pxelinux/">http://centerclick.org/net4801/pxelinux/</a> which is also mirrored at <a rel="nofollow" class="external free" href="http://strugglers.net/~andy/soekris/net4801/pxelinux/">http://strugglers.net/~andy/soekris/net4801/pxelinux/</a>. I downloaded that, uncompressed it and renamed it to <tt>soekpxe.0</tt>.
</p><p>By default after unpacking <tt>netboot.tar.gz</tt>, <tt>pxelinux.cfg</tt> is symlinked to <tt>debian-installer/i386/pxelinux.cfg</tt>. I found that this would not work for me, halting just before I would expect the <tt>boot:</tt> prompt to appear. I had to change the symlink instead to <tt>debian-installer/i386/pxelinux.cfg.serial-9600</tt>.
</p>
<h3><span class="mw-headline" id="Installing_Debian">Installing Debian</span></h3>
<p>With everything now in place, I was finally ready to do the install:
</p>
<pre>
POST: 0123456789bcefghipajklnopq,,,tvwxy
comBIOS ver. 1.28 20050529 Copyright (C) 2000-2005 Soekris Engineering.
net4801
CPU Geode 266 Mhz 0128 Mbyte Memory
Pri Mas TOSHIBA THNCF512MPG LBA 993-16-63 500 Mbyte
Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int
-------------------------------------------------------------------
0:00:0 1078 0001 06000000 0107 0280 00 00 00 00000000 00000000
0:06:0 100B 0020 02000000 0107 0290 00 3F 00 0000E101 A0000000 10
0:07:0 100B 0020 02000000 0107 0290 00 3F 00 0000E201 A0001000 10
0:08:0 100B 0020 02000000 0107 0290 00 3F 00 0000E301 A0002000 10
0:18:2 100B 0502 01018001 0005 0280 00 00 00 00000000 00000000
0:19:0 0E11 A0F8 0C031008 0117 0280 08 38 00 A0003000 00000000 11
5 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
&gt; boot f0
NSC DP83815/DP83816 Fast Ethernet UNDI, v1.03
Copyright (C) 2002, 2003 National Semiconductor Corporation
All rights reserved.
Pre-boot eXecution Environment PXE-2.0 (build 082)
Copyright (C) 1997-2000 Intel Corporation
CLIENT MAC ADDR: 00 00 24 C4 36 DC
CLIENT IP: 192.168.0.7 MASK: 255.255.255.0 DHCP IP: 192.168.0.4
PXELINUX 2.06 0x3fb30aea Copyright (C) 1994-2003 H. Peter Anvin
Press control and F then 1 for help, or ENTER to boot:
</pre>
<p>At this point I typed "expert26" to get the "expert" Debian Installer with 2.6 kernel.
</p><p>The install proceeded just the same as for any minimal server install. Only select the minimum needed! That means just openssh really. One thing I completely forgot about before rebooting was to set the serial side of things up.
</p><p><b><tt>/boot/grub/menu.lst</tt></b>:
</p>
<pre>
[...]
serial --unit=0 --speed=9600
terminal serial
[...]
# kopt=root=/dev/hda1 ro console=ttyS0,9600n81
[...]
</pre>
<pre>
# update-grub
</pre>
<p>Make sure that <tt>ttyS0</tt> is in <tt>/etc/securetty</tt> so you can log in as root from there.
</p><p>And make sure you have something like:
</p>
<pre>
T0:23:respawn:/sbin/getty -L ttyS0 9600 vt102
</pre>
<p>in <tt>/etc/inittab</tt> so there is a getty on the serial port at all.
</p><p>And after all that you should have a working Debian install, probably in about 250MB of space. You could make it much smaller if you really wanted.
</p>
<h3><span class="mw-headline" id="Custom_kernel">Custom kernel</span></h3>
<p>The next thing I wanted to do was build a custom kernel. This would be much smaller, stripped down, and would take advantage of some features specific to the net4801's CPU. I found it advisable to run at least a 2.6.12 kernel because a number of bug fixes and Geode-specific enhancements had been added in that release.
</p><p>I found useful information about a suitable kernel config at <a rel="nofollow" class="external free" href="http://dev.gentoo.org/~brix/papers/net4801/net4801.html">http://dev.gentoo.org/~brix/papers/net4801/net4801.html</a>
</p><p>Here follows the important parts of the kernel configuration.
</p>
<h4><span class="mw-headline" id="CPU_and_architecture">CPU and architecture</span></h4>
<p>The Geode SC1100 is a 586-class CPU.
</p>
<ul>
<li> Subarchitecture Type (PC-compatible) (<tt>CONFIG_X86_PC</tt>)
</li>
<li> Processor family (GeodeGX1) (<tt>CONFIG_MGEODEGX1</tt>)
</li>
<li> PCI support (<tt>CONFIG_PCI</tt>)
</li>
<li> PCI device name database (<tt>CONFIG_PCI_NAMES</tt>)
</li>
<li> ISA support (<tt>CONFIG_ISA</tt>)
</li>
<li> NatSemi SCx200 support (<tt>CONFIG_SCx200</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="Suspend_modulation">Suspend modulation</span></h4>
<p>Suspend modulation allows the CPU to run slower and consume less power when it is not busy.
</p>
<ul>
<li> CPU Frequency scaling (<tt>CONFIG_CPU_FREQ</tt>)
</li>
<li> Cyrix MediaGX/NatSemi Geode Suspend Modulation (<tt>CONFIG_X86_GX_SUSPMOD</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="IDE_chipset">IDE chipset</span></h4>
<p>I needed the following options to use CompactFlash. Note that the CF is not hot pluggable. It also doesn't support DMA, although a hard drive should.
</p>
<ul>
<li> ATA/ATAPI/MFM/RLL support (<tt>CONFIG_IDE</tt>)
</li>
<li> Enhanced IDE/MFM/RLL disk/cdrom/tape/floppy support (<tt>CONFIG_BLK_DEV_IDE</tt>)
</li>
<li> Include IDE/ATA-2 DISK support (<tt>CONFIG_BLK_DEV_IDEDISK</tt>)
</li>
<li> PCI IDE chipset support (<tt>CONFIG_BLK_DEV_IDEPCI</tt>)
</li>
<li> Sharing PCI IDE interrupts support (<tt>CONFIG_IDEPCI_SHARE_IRQ</tt>)
</li>
<li> National SCx200 chipset support (<tt>CONFIG_BLK_DEV_SC1200</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="Ethernet">Ethernet</span></h4>
<ul>
<li> Ethernet (10 or 100Mbit) (<tt>CONFIG_NET_ETHERNET</tt>)
</li>
<li> Generic Media Independent Interface device support (<tt>CONFIG_MII</tt>)
</li>
<li> EISA, VLB, PCI and on board controllers (<tt>CONFIG_NET_PCI</tt>)
</li>
<li> National Semiconductor DP8381x series PCI Ethernet support (<tt>CONFIG_NATSEMI</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="USB">USB</span></h4>
<p>I had no intention of using the USB support so I didn't bother putting support in my kernel. If I had wanted to though, I would have needed the following:
</p>
<ul>
<li> Support for Host-side USB (<tt>CONFIG_USB</tt>)
</li>
<li> OHCI HCD support (<tt>CONFIG_USB_OHCI_HCD</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="Serial">Serial</span></h4>
<p>The net4801 has two 8250 serial ports.
</p>
<ul>
<li> 8250/16550 and compatible serial support (<tt>CONFIG_SERIAL_8250</tt>)
</li>
<li> Maximum number of non-legacy 8250/16550 serial ports (2) (<tt>CONFIG_SERIAL_8250_NR_UARTS</tt>)
</li>
</ul>
<p>And for serial console:
</p>
<ul>
<li> Console on 8250/16550 and compatible serial port (<tt>CONFIG_SERIAL_8250_CONSOLE</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="Miscellaneous">Miscellaneous</span></h4>
<p>The net4801 has a red error LED which is controllable from the GPIO on the SC1100.
</p>
<ul>
<li> NatSemi SCx200 GPIO Support (<tt>CONFIG_SCx200_GPIO</tt>)
</li>
</ul>
<p>Using a kernel with the aove support and having a device created as follows:
</p>
<pre>
# mknod -m 600 /dev/error_led c 254 20
</pre>
<p>It is possible to turn the error LED on by writing 1 to the device and turn it off by writing 0. e.g.:
</p>
<pre>
# echo 1 &gt; /dev/error_led
# echo 0 &gt; /dev/error_led
</pre>
<p>There is also a hardware watchdog feature which can be used with a user-space watchdog program to reboot the board if problems are detected.
</p>
<ul>
<li> Watchdog Timer Support (<tt>CONFIG_WATCHDOG</tt>)
</li>
<li> National Semiconductor SCx200 Watchdog (<tt>CONFIG_SCx200_WDT</tt>)
</li>
</ul>
<p>Finally, there is also a realtime clock:
</p>
<ul>
<li> Enhanced Real Time Clock Support (<tt>CONFIG_RTC</tt>)
</li>
</ul>
<h4><span class="mw-headline" id="TSC_autohalt_bug">TSC autohalt bug</span></h4>
<p>I only found the following out much later on but for those using this article as a guide I better point this out now.
</p><p>There is a hardware bug with the SC1100 and similar CPUs where the TSC (timestamp counter) does not increment when the CPU enters autohalt state. Autohalt state is what happens when the CPU is idle, and it serves to reduce power consumption of the board. The effect is that the system clock appears to run very slow, often losing hours in a day. Even when using <a href="http://www.wikipedia.org/wiki/NTP" class="extiw" title="wikipedia:NTP">NTP</a>, it will continually lose sync.
</p><p>A workaround would be to disable CPU frequency scaling, which would result in the CPU running at full speed at all times and the maximum amount of power being used.
</p><p>Fortunately for those that do not wish to do that there is a patch available which applies cleanly to 2.6.12, and may even be already present in later kernels. It can be found at <a rel="nofollow" class="external free" href="http://www.gnusto.com/scx200-hr-timer.html">http://www.gnusto.com/scx200-hr-timer.html</a>
</p>
<pre>
# cd /usr/src
# cp -a linux-2.6.12 linux-2.6.12-scx200-hr-timer
# cd linux-2.6.12-scx200-hr-timer
# wget -qO - http://www.gnusto.com/src/scx200-hr-timer-2.6.12-rc6-6.diff.bz2 | \
bunzip2 -c | patch -p1
patching file arch/i386/Kconfig
patching file arch/i386/kernel/scx200.c
patching file arch/i386/kernel/timers/Makefile
patching file arch/i386/kernel/timers/timer.c
patching file arch/i386/kernel/timers/timer_scx200hr.c
patching file include/asm-i386/timer.h
patching file include/linux/scx200.h
</pre>
<p>This provides a new kernel config option.
</p>
<ul>
<li> NatSemi SCx200 27MHz High-Resolution Timer Support (<tt>CONFIG_SCx200HR_TIMER</tt>)
</li>
</ul>
<p>When booting you will see something like:
</p>
<pre>
scx200hr: timer not yet accessible; will probe later.
Detected 266.647 MHz processor.
Using tsc for high-res timesource
</pre>
<pre>
scx200: NatSemi SCx200 Driver
scx200: GPIO base 0x6100
scx200: Configuration Block base 0x6000
switching to scx200 high-resolution timer (255961 cpt)
</pre>
<p>Your net4801 should now keep perfect time.
</p>
<h3><span class="mw-headline" id="Compilation">Compilation</span></h3>
<p>So after all that I had some kernel source, patched and ready to configure and compile. I recommend you do this on a normal machine, as it will be much faster than the net4801's 266MHz Geode (probably about equivalent to a Pentium 133MHz)!
</p>
<pre>
$ cd /usr/src/linux-2.6.12-scx200-hr-timer
$ sudo make-kpkg --config=menuconfig --revision=1 \
--append-to-version=-scx200-hr-timer-pride kernel_image
</pre>
<p>That left me with <tt>kernel-image-2.6.12-scx200-hr-timer-pride_1_i386.deb</tt> in <tt>/usr/src/</tt>. I transferred that to my net4801 and installed it:
</p>
<pre>
$ sudo dpkg -i kernel-image-2.6.12-scx200-hr-timer-pride_1_i386.deb
</pre>
<p>That updates <tt>/boot/grub/menu.lst</tt>, too.
</p>
<h2><span class="mw-headline" id="Still_to_come.21">Still to come!</span></h2>
<p>How I set up a read-only root filesystem.
</p>
<!--
NewPP limit report
CPU time usage: 0.068 seconds
Real time usage: 0.084 seconds
Preprocessor visited node count: 215/1000000
Preprocessor generated node count: 396/1000000
Post‐expand include size: 0/2097152 bytes
Template argument size: 0/2097152 bytes
Highest expansion depth: 2/40
Expensive parser function count: 0/100
-->
<!-- Saved in parser cache with key wiki:pcache:idhash:1324-0!*!*!!en!2!* and timestamp 20200427180449 and revision id 1469
-->
</div> <div class="printfooter">
Retrieved from "<a href="http://strugglers.net/w/index.php?title=Debian_on_Soekris&amp;oldid=1469">http://strugglers.net/w/index.php?title=Debian_on_Soekris&amp;oldid=1469</a>" </div>
<div id='catlinks' class='catlinks'><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Special:Categories" title="Special:Categories">Categories</a>: <ul><li><a href="/w/index.php?title=Category:Debian&amp;action=edit&amp;redlink=1" class="new" title="Category:Debian (page does not exist)">Debian</a></li><li><a href="/wiki/Category:Sysadmin" title="Category:Sysadmin">Sysadmin</a></li></ul></div></div> <div class="visualClear"></div>
</div>
</div>
<div id="mw-navigation">
<h2>Navigation menu</h2>
<div id="mw-head">
<div id="p-personal" role="navigation" class="" aria-labelledby="p-personal-label">
<h3 id="p-personal-label">Personal tools</h3>
<ul>
<li id="pt-login"><a href="/w/index.php?title=Special:UserLogin&amp;returnto=Debian+on+Soekris" title="You are encouraged to log in; however, it is not mandatory [o]" accesskey="o">Log in</a></li> </ul>
</div>
<div id="left-navigation">
<div id="p-namespaces" role="navigation" class="vectorTabs" aria-labelledby="p-namespaces-label">
<h3 id="p-namespaces-label">Namespaces</h3>
<ul>
<li id="ca-nstab-main" class="selected"><span><a href="/wiki/Debian_on_Soekris" title="View the content page [c]" accesskey="c">Page</a></span></li>
<li id="ca-talk" class="new"><span><a href="/w/index.php?title=Talk:Debian_on_Soekris&amp;action=edit&amp;redlink=1" title="Discussion about the content page [t]" accesskey="t">Discussion</a></span></li>
</ul>
</div>
<div id="p-variants" role="navigation" class="vectorMenu emptyPortlet" aria-labelledby="p-variants-label">
<h3 id="mw-vector-current-variant">
</h3>
<h3 id="p-variants-label"><span>Variants</span><a href="#"></a></h3>
<div class="menu">
<ul>
</ul>
</div>
</div>
</div>
<div id="right-navigation">
<div id="p-views" role="navigation" class="vectorTabs" aria-labelledby="p-views-label">
<h3 id="p-views-label">Views</h3>
<ul>
<li id="ca-view" class="selected"><span><a href="/wiki/Debian_on_Soekris" >Read</a></span></li>
<li id="ca-viewsource"><span><a href="/w/index.php?title=Debian_on_Soekris&amp;action=edit" title="This page is protected.&#10;You can view its source [e]" accesskey="e">View source</a></span></li>
<li id="ca-history" class="collapsible"><span><a href="/w/index.php?title=Debian_on_Soekris&amp;action=history" title="Past revisions of this page [h]" accesskey="h">View history</a></span></li>
</ul>
</div>
<div id="p-cactions" role="navigation" class="vectorMenu emptyPortlet" aria-labelledby="p-cactions-label">
<h3 id="p-cactions-label"><span>Actions</span><a href="#"></a></h3>
<div class="menu">
<ul>
</ul>
</div>
</div>
<div id="p-search" role="search">
<h3><label for="searchInput">Search</label></h3>
<form action="/w/index.php" id="searchform">
<div id="simpleSearch">
<input type="search" name="search" placeholder="Search" title="Search Strugglers [f]" accesskey="f" id="searchInput" /><input type="hidden" value="Special:Search" name="title" /><input type="submit" name="fulltext" value="Search" title="Search the pages for this text" id="mw-searchButton" class="searchButton mw-fallbackSearchButton" /><input type="submit" name="go" value="Go" title="Go to a page with this exact name if exists" id="searchButton" class="searchButton" /> </div>
</form>
</div>
</div>
</div>
<div id="mw-panel">
<div id="p-logo" role="banner"><a style="background-image: url(/w/images/5/5b/arnie-135px.png);" href="/wiki/Main_Page" title="Visit the main page"></a></div>
<div class="portal" role="navigation" id='p-navigation' aria-labelledby='p-navigation-label'>
<h3 id='p-navigation-label'>Navigation</h3>
<div class="body">
<ul>
<li id="n-mainpage-description"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z">Main page</a></li>
<li id="n-recentchanges"><a href="/wiki/Special:RecentChanges" title="A list of recent changes in the wiki [r]" accesskey="r">Recent changes</a></li>
<li id="n-randompage"><a href="/wiki/Special:Random" title="Load a random page [x]" accesskey="x">Random page</a></li>
<li id="n-help"><a href="https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents" title="The place to find out">Help</a></li>
</ul>
</div>
</div>
<div class="portal" role="navigation" id='p-tb' aria-labelledby='p-tb-label'>
<h3 id='p-tb-label'>Tools</h3>
<div class="body">
<ul>
<li id="t-whatlinkshere"><a href="/wiki/Special:WhatLinksHere/Debian_on_Soekris" title="A list of all wiki pages that link here [j]" accesskey="j">What links here</a></li>
<li id="t-recentchangeslinked"><a href="/wiki/Special:RecentChangesLinked/Debian_on_Soekris" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li>
<li id="t-specialpages"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li>
<li id="t-print"><a href="/w/index.php?title=Debian_on_Soekris&amp;printable=yes" rel="alternate" title="Printable version of this page [p]" accesskey="p">Printable version</a></li>
<li id="t-permalink"><a href="/w/index.php?title=Debian_on_Soekris&amp;oldid=1469" title="Permanent link to this revision of the page">Permanent link</a></li>
<li id="t-info"><a href="/w/index.php?title=Debian_on_Soekris&amp;action=info">Page information</a></li>
</ul>
</div>
</div>
</div>
</div>
<div id="footer" role="contentinfo">
<ul id="footer-info">
<li id="footer-info-viewcount">This page has been accessed 22,646 times.</li>
<li id="footer-info-credits">This page was last modified 14:24, 13 January 2006 by <a href="/wiki/User:Andy" title="User:Andy">Andy Smith</a>.</li>
<li id="footer-info-copyright">Content is available under <a class="external" rel="nofollow" href="http://creativecommons.org/licenses/by-sa/2.5/">Attribution-ShareAlike 2.5</a> unless otherwise noted.</li>
</ul>
<ul id="footer-places">
<li id="footer-places-privacy"><a href="/wiki/Strugglers:Privacy_policy" title="Strugglers:Privacy policy">Privacy policy</a></li>
<li id="footer-places-about"><a href="/wiki/Strugglers:About" title="Strugglers:About">About Strugglers</a></li>
<li id="footer-places-disclaimer"><a href="/wiki/Strugglers:General_disclaimer" title="Strugglers:General disclaimer">Disclaimers</a></li>
</ul>
<ul id="footer-icons" class="noprint">
<li id="footer-copyrightico">
<a href="http://creativecommons.org/licenses/by-sa/2.5/"><img src="http://creativecommons.org/images/public/somerights20.png" alt="Attribution-ShareAlike 2.5" width="88" height="31" /></a>
</li>
<li id="footer-poweredbyico">
<a href="//www.mediawiki.org/"><img src="/w/skins/common/images/poweredby_mediawiki_88x31.png" alt="Powered by MediaWiki" width="88" height="31" /></a>
</li>
</ul>
<div style="clear:both"></div>
</div>
<script>/*<![CDATA[*/window.jQuery && jQuery.ready();/*]]>*/</script><script>if(window.mw){
mw.loader.state({"site":"ready","user":"ready","user.groups":"ready"});
}</script>
<script>if(window.mw){
mw.loader.load(["mediawiki.action.view.postEdit","mediawiki.user","mediawiki.hidpi","mediawiki.page.ready","mediawiki.searchSuggest","skins.vector.collapsibleNav"],null,true);
}</script>
<script>if(window.mw){
mw.config.set({"wgBackendResponseTime":109});
}</script>
</body>
</html>

+ 94
- 0
soekris_engineering_net4801-60/resources/chiark_.html View File

@ -0,0 +1,94 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html>
<head>
<title>Installing Linux on the Soekris net4501</title>
<link rel="stylesheet" href="../../style/pjb.css" type="text/css">
<link rel="next" href="bootstrap.html">
<meta name="Author" content="Peter Benie">
<meta name="keywords" lang="en" content="net4501, Linux">
<meta name="description" content="This guide shows how to install Red Hat Linux 7.2 on a Soekris Engineering net4501 computer using PXE.">
</head>
<body>
<p>[<a href="./">intro</a> |
<a href="bootstrap">bootstrap</a> |
<a href="kernel">linux kernel</a> |
<a href="filesystem">root filesystem</a> |
<a href="netboot">network boot</a> |
<a href="flash">install on flash card</a> ]</p>
<h1>Linux on net4501</h1>
<p>This page explains how to install <a
href="http://www.redhat.com/software/linux/">Red Hat Linux</a> 7.2 on
the <a href="http://www.soekris.com/net4501.htm">net4501</a>.</p>
<p>The net4501 is a small computer designed for firewalls and VPN
routers, made by <a href="http://www.soekris.com/">Soekris
Engineering</a>. It has three network ports and a slot for a flash
card, but no hard disk, floppy disk or CD-ROM drive. You can install
Linux onto the flash card either by using a machine with appropriate
hardware, or by using PXE (network boot). The PXE method is described
here.</p>
<h2>Prerequisits</h2>
<p>Before you begin, you will need the following hardware and software:</p>
<ul>
<li>A machine on which to build and export the filesystem</li>
<li>A net4501 with flash card installed</li>
<li>A serial cable</li>
</ul>
<ul>
<li><a href="ftp://ftp.kernel.org/pub/linux/kernel/v2.4/">Linux 2.4 kernel source</a></li>
<li><a href="ftp://ftp.redhat.com/pub/redhat/linux/7.2/en/os/i386/RedHat/RPMS/">Red Hat 7.2 RPMS for i386</a></li>
<li>NFS server</li>
<li>DHCP server</li>
<li>PXE server</li>
<li>TFTP server</li>
<li><a href="http://syslinux.zytor.com/pxe.php">PXELINUX</a></li>
<li>C compiler</li>
<li>Perl interpreter</li>
<li>A terminal emulator (eg. minicom)</li>
</ul>
<p>Red Hat doesn't ship pxelinux in their syslinux package. Get it
from <a
href="http://www.kernel.org/pub/linux/utils/boot/syslinux/">kernel.org</a>
or an old copy from this page, below.</p>
<h2>Installation</h2>
<ol>
<li><a href="bootstrap">Set up the bootstrap environment (PXE, DHCP etc.)</a></li>
<li><a href="kernel">Create a network boot kernel</a></li>
<li><a href="filesystem">Construct a root filesystem on another machine</a></li>
<li><a href="netboot">Boot the net4501 from the network</a></li>
<li><a href="flash">Copy the root filesystem onto the net4501's flash card</a></li>
</ol>
<h2>Download</h2>
<ul>
<li><a href="soekris.tar.gz">soekris.tar.gz</a> [12K] (<a href="filelist">View contents</a>)</li>
<li><a href="pxelinux.0">pxelinux</a> [8K]</li>
</ul>
<table border=0 width="100%"><tr><td align=right><a href="bootstrap">Next</a></td></tr></table>
<hr>
<p class="right">
<a href="http://validator.w3.org/check/referer" style="border-width: 0"><img
src="http://www.w3.org/Icons/valid-html401"
alt="Valid HTML 4.01!" height="31" width="88"></a>
<a href="http://jigsaw.w3.org/css-validator/check/referer"><img
src="http://jigsaw.w3.org/css-validator/images/vcss"
alt="Valid CSS!" height="31" width="88"></a>
</p>
<p>Peter Benie &lt;peterb+linux-net4501@chiark.greenend.org.uk&gt;<br>
<a href="../">Linux</a></p>
</body>
</html>

+ 3825
- 0
soekris_engineering_net4801-60/resources/openwrt-15051-on-soekris-net4801.html?m=1
File diff suppressed because it is too large
View File


+ 193
- 0
soekris_engineering_net4801-60/resources/soekris.html View File

@ -0,0 +1,193 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml111/DTD/xhtml111.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Soekris Router Project</title>
<link rel="stylesheet" href="style.css"/>
</head>
<body>
<p>
This document no longer reflects my configuration, but rather
than delete possibly useful information, I've made notes of my
changes on a new <a href="errata.html">errata</a> page.
</p>
<h1>Introduction</h1>
<p>
Typically there are two choices when setting up a small network:
buy consumer grade commercial hardware, or find an old machine
and install unix. A small wireless router and firewall from <a href="https://www.netgear.com"> NetGear</a> or <a href="https://www.linksys.com">Linksys</a> could hardly be easier
to install and has many pretty <a
href="http://www.brabandt.de/html/blinken_lights.html">blinken
lights</a>. It isn't very flexible though, often two or more
different boxes are needed, upgrading means buying another one,
and some "enterprise" features are plain not available at the
low end. On the other hand, a full fledged computer makes a lot
of noise and has many moving parts to fail.
</p>
<p>
The solution: create a custom network device running on silent
hardware designed for embedded systems. Select the best
hardware and software available to create a device
unparalleled by anything in the commercial marketplace.
</p>
<ol>
<li>Stateful packet filtering with NAT</li>
<li>High power 802.11b wireless access point</li>
<li>Routing</li>
<li>Network services (DHCP, NTP, SSH, caching DNS)</li>
<li>IPsec endpoint</li>
<li>Upgradable (802.11g, IPv6, etc)</li>
</ol>
<p>
The real selling point however is that this network device will
be running a full unix operating system, which provides nearly
infinite flexibility. All aspects of operation can be fine
tuned, comprehensive monitoring is possible, and arbitrary
programs may be installed.
</p>
<h1>The Platform</h1>
<p>
<a href="https://www.soekris.com">Soekris Engineering</a>
produces an excellent line of tiny, x86 compatible,
embedded computers complete with cases. So first on the list, one <a href="https://www.soekris.com/net4521.htm">net4521</a> which has
the following key specifications:
</p>
<ul>
<li>AMD <a href="https://www.amd.com/epd/processors/4.32bitcont/14.lan5xxfam/24.lansc520/">Elan SC520</a> 486 class 133mhz CPU, 64 megs of RAM</li>
<li>Two 10/100 megabit ethernet ports</li>
<li>Two PCMCIA/PCCard/CardBus slots</li>
<li>One Mini-PCI slot, filled with a
<a href="https://www.soekris.com/vpn1201.htm">vpn1211</a> hardware crypto board</li>
<li>A CompactFlash card slot for permanent storage of the system software</li>
</ul>
<p>
The Soekris boards support all the free *BSD variants, Linux,
and probably anything else that runs on standard PC compatible
hardware. Soekris has quite a following amongst the wireless
networking community, and so has a lively <a
href="http://lists.soekris.com/mailman/listinfo/soekris-tech">mailing
list</a> with volumes of information about how to get everything
working.
</p>
<h1>The Wireless Card</h1>
<p>
Next is an 802.11b wireless card. Many aren't capable of acting
as an access point, and some aren't even supported under open
source operating systems. Fortunately there is a wonderful
chipset called Prism from <a
href="http://www.intersil.com">Intersil</a> that is very well
supported under *BSD and Linux, and it supports an access point
mode.
</p>
<p>
One of the people on the Soekris mailing list happens to have a
company named <a href="https://www.netgate.com">NetGate</a>, and
this company just happens to ship a <a href="https://www.netgate.com/EL2511.html"> 802.11b PC-Card</a>
based on the Prism 2.5 chipset which puts out 200mw with
excellent sensitivity ratings. Not only that but they sell <a href="https://www.netgate.com/kits.html">kits</a> which include:
</p>
<ul>
<li>The card itself</li>
<li>A "pigtail" which connects the card to a connector on the outside of
the Soekris case</li>
<li>An antenna which greatly increases the range</li>
</ul>
<p>Great stuff!</p>
<h1>The Operating System</h1>
<p>
Choosing the right network operating system may be the toughest
task. Linux and the *BSDs (FreeBSD, NetBSD, OpenBSD) will all
run on this hardware, as will other non-free operating systems
which I gave no thought to. The <a
href="http://hostap.epitest.fi">HostAP</a> driver and software
are what allow a Prism based 802.11b card to act as an access
point. Apparently this was written for Linux but it is
available on BSD too.
</p>
<p>
<a href="https://www.openbsd.org">OpenBSD</a> has a hard won
reputation for security, stability, and everything else I am
looking for. It was the natural choice, and many other people
on the Soekris mailing list have discovered the same thing.
There is even a project called <a
href="http://opensoekris.sourceforge.net">OpenSoekris</a> which
will help set up a Soekris based system from an existing OpenBSD
install.
</p>
<p>Some of the key features of OpenBSD are:</p>
<ul>
<li>A great <a href="https://www.openbsd.org/faq/faq6.html#PF">packet filter</a>
with which to make a firewall and NAT engine</li>
<li>An <a href="https://www.openbsd.org/faq/faq13.html">IPsec</a> engine</li>
<li>Plus hardened services like a DNS server</li>
</ul>
<h1>Security</h1>
<p>
Sure WEP can be cracked, so can a copper cable network, it just
requires more intrusive physical access. Even more intrusive is
tapping into fiberoptic cables, but that too is possible. Real
security requires top strength crypto and a great solution
is <a href="https://www.ietf.org/html.charters/ipsec-charter.html">IPsec</a>.
</p>
<p>
IPsec, via the ISAKMP protocol, can handle client authentication
via passphrases or x.509 certificates. No need to worry about
802.1x or proprietary enhancements to WEP. IPsec is extremely
strong and isn't tied to wireless networks. So, the security
portion of the plan is:
</p>
<ol>
<li>Deny all access from the internet interface</li>
<li>Allow all local clients access to DHCP and ISAKMP</li>
<li>Deny all other unencrypted communications to wireless clients</li>
<li>Allow IPsec traffic from authenticated wireless clients</li>
<li>Allow local administration via SSH</li>
</ol>
<h1>Sections</h1>
<p>The project is divided into the following sections:</p>
<ol>
<li>Introduction</li>
<li><a href="openbsd.html">OpenBSD Configuration</a></li>
<li><a href="diskless.html">Diskless Booting</a></li>
<li><a href="cf-install.html">CompactFlash Installation</a></li>
</ol>
<p>There are also client configuration how-tos:</p>
<ol>
<li><a href="macosx-ipsec.html">Mac OS X IPSec</a></li>
</ol>
<p>
<a class="section" href="openbsd.html">
Next: OpenBSD Configuration &gt;&gt;</a>
</p>
<p><img alt="email address" src="contact.png"/></p>
</body>
</html>

Write Preview
Loading…
Cancel
Save