NanoBSD is a great set of scripts that facilitate the compilation and installation of a custom full FreeBSD system on embedded devices. It is particularly suited for booting from CF cards, as it creates a read-only root file system, with the read-write partitions mounted on RAM (md) so as to reduce wear on the card.
I have had for some time a Soekris net5501 box gathering dust, which I bought to replace the Linksys router I use on my home lan. It is time to roll up my sleeves and get my hands dirty. The Soekris board will be a perfect gateway with around 5W power consumption and no moving parts that allows loads of flexibility to install lan services that are not available (or not so configurable) in a cheap off-the shelf router, like:
- pf firewall
- dns with bind
- proxy with squid
- VPN, network monitoring, etc
I have installed a FreeBSD 8.1 system on vmware, to be used for building the NanoBSD images, which together with a null-modem serial cable for connecting to the net5501 console, and a 4GB Sandisk CF card (yes, I know it is overkill, but it is just 3 euro more than 2GB, the smallest one I can buy) is all I need to give some new life to my Soekris Net5501 box.
Initially I had to update the FlashDevice.sub file with the parameters corresponding to my Sandisk CF card. The quickest way I found of getting the cylinders/heads/sector information for this specific card was to insert it in the Soekris device and boot it up. The BIOS shows the parameters for the inserted card when booting.
These are the different ways to customize a NanoBSD installation:
- configuration settings that override the default values set within nanobsd.sh, as well as the kernel compilation settings that will be passed to the buildworld stage.
- configuration files or scripts copied to the Files directory. The file system hierarchy created on the Files directory gets overlaid into the target root file system during the build, by setting customize_cmd cust_install_files. I got some interesting scripts from here.
- packages for the software not included in the base system have to be copied to the Pkg directory. These packages will be installed into the target image by setting customize_cmd cust_pkg.
Any configuration changes on the live system need to be written into /cfg, as /etc is mounted on the md (malloc) disk and changes are lost on reboot. It is recommended to keep these changes synchronized with the configuration files in our main computer.
I built the image with
nanobsd –c <config_file>
There were some issues with booting the CF card, the most annoying being that the boot menu was missing and always the partition 1 was chosen automatically. This issue seems to be caused by boot/boot0sio, so I went to use boot/boot0 instead:
Thus we get the corresponding boot menu after BIOS initialization:
1 Seconds to automatic boot. Press Ctrl-P for entering Monitor.
Furthermore, the TERM environment variable has to match the setting on the terminal program used to connect to the serial console, otherwise there may be issues when displaying programs that use the whole terminal, like vi or sysinstall. I have used vt100 setting on minicom and putty, after updating /etc/ttys accordingly:
ttyu0 “/usr/libexec/getty std.9600” vt100 on secure
Finally, the NanoBSD images can be updated without removing the CF card from the box. In our setup, we have configured two identical partitions to be used alternatively when upgrading the software. When running from partition 1, /root/updatep2 is able to fetch and install remotely a new image on partition 2. Bear in mind there is currently an issue with boot0cfg in these update scripts.
ssh myhost cat _.disk.image.gz | zcat | sh updatep2
And now it is time to bury my head in the pf configuration book and install a bunch of services this box is screaming for.