» blog.e-shell.org

Soekris order (just ordered!)

This morning I ordered some stuff from Wim again, just some minutes after placed the order, the confirmation email arrived:

[ ... ]

Subject: Order confirmation Soekris
Date: Tue, 16 Oct 2007 13:47:41 +0200

[ ... ]

Dear Francisco,

Thank you for your Soekris Order!

Have a look at the order below, is that what you had in mind?

                                      Units ordered:
2+   with discount
soekris_10550160 (net5501-60 Board and 1 slot case   EUR 237.00): 01
soekris_10550170 (net5501-70 Board and 1 slot case   EUR 279.00): 01
soekris_14550110 (2.5 Parallel ATA hard drive kit    EUR  11.00): 01
soekris_31201225 (Power Supply, 12V, 2.5A, .eu cable EUR  20.00): 02
kit_rala_9       (802.11Abg miniPCI RAL, 1 Pigt9dBi  EUR  75.00): 02
hole_rptnc       (3 drilled holes for RP-TNC connect EUR   6.00): 02
belkin_nullmodem (1.8m null modem cable FDB9 to FDB9BEUR   4.00): 01
usb_serial       (USB-Serial adapter                 EUR  10.00): 01
tshirt_openbsd   (Puffy the Kid Shirt size M         EUR  20.00): 01
tshirt_openbsd   (The Because Security Matters Back LEUR  20.00): 01
tshirt_openbsd   (Hackers of the Lost Raid Shirt L   EUR  20.00): 01

[ ... ]

Yes, two net5501 with some extra stuff (cables, adapters, etc) and some nice OpenBSD t-shirts.

This is not my first OpenBSD order, but the first time I order soekris hardware, and I can't wait to have them here and begin to use and test them.

Soekris arrived!

Yes, YES, YEEESSSSS! My latest order from OpenBSD is here! As I wrote here, last week I ordered some Soekris hardware from Wim, as well as some nice OpenBSD t-shirts.

Well, just a week later I got the package:

Excited, I just took a picture of it and I proceeded opening it.

Just to find inside everything from my order. The soekris stuff, the rubber duck antennas, the usb-to-serial adapter, the null-modem cable and the t-shirts. Everything OK.

Now I only have to find some time to install OpenBSD in one of the net5501-70 to use it as my primary AP/Firewall/whatever device here, and then I'll install OpenBSD, FreeBSD and Linux in the net5501-60, just for testing purposes of the three operating systems.

So, more to come about this soekris topic, meanwhile relax with some pics of them:

OpenBSD 4.2 released

The OpenBSD project just announced some hours ago the release of the latest version of the OpenBSD operating system. The 4.2 release is dedicated to one of the well known developers from the team, Jun-ichiro "itojun" Itoh Hagino, who passed away recently.

From here, I would like to thank Itojun for all his work in the project, as well as all the help he gave those years to everybody that asked him about both IPV6 and embedded systems support in OpenBSD. We will miss him for sure.

Some of the highlights from this new release are:

• Native Serial-ATA support:
  • ahci(4) driver for SATA controllers conforming to the Advanced Host Controller Interface specification.
  • jmb(4) driver for the JMicron JMB36x SATA II and PATA Host Controller.
  • sili(4) driver for SATA controllers using the Silicon Image 3124/3132/3531 SATALink chipsets.
• New tht(4) driver for Tehuti Networks 10Gb Ethernet controllers
• New uts(4) driver for USB touch screens, and the xtsscale(1) calibration utility.
• CPU frequency and voltage can now be scaled on all CPUs when running GENERIC.MP on a multiprocessor i386 or AMD64 machine with enhanced speedstep or powernow.
• Intel enhanced speedstep is now supported on OpenBSD/amd64.
• New support for the on die CPU temperature sensor found on the Intel Core family of processors.
• FFS2, the updated version of the fast file system.
• ifconfig(8) now understands IP address/mask in CIDR notation.

Those are only some of the new features and improvements I would like to highlight, you can see all the stuff here:

http://openbsd.org/42.html

I would like to highlight that this is the first version of OpenBSD that ships with Xenocara, an effort to get a clean way to build and install X.org 7.2 with some external addons in OpenBSD.

OpenBSD to the rescue

This weekend I've been at my girlfriend parent's. The father of one of our close friends died last week, so we went there to be with her.

Anyway, we (specially my girlfriend) had a lot of work to be finished before monday, so we carried on our laptops. At home they had a cable modem and a computer connected to it. We needed Internet access, but that computer couldn't be disconnected from the Internet.

Luckily, I had there a soekris box with me, with OpenBSD 4.2 installed on it. On less than 15 minutes, I had a functional firewall, gateway and Wireless Access Point up and running, and sharing the Internet connection between two laptops and a desktop computer.

First, I got access to the soekris box from my MacBook using an usb-to-serial adapter and a null-modem cable.

OpenBSD/i386 (Arvak.e-shell.org) (tty00)

login:

Then I logged into the OpenBSD 4.2 system.

# uname -ap
OpenBSD Arvak.e-shell.org 4.2 GENERIC#375 i386 Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
#

Once there, I set up the configuration files for the network interfaces:

# cat /etc/hostname.vr1
dhcp
# cat /etc/hostname.vr2
inet 192.168.1.1 255.255.255.0 NONE
# cat /etc/hostname.ral0
inet 10.0.1.1 255.255.255.0 NONE mediaopt hostap mode 11g nwid OpenBSD_AP chan 11 -nwkey
#

being vr1 the interface connected to the cable modem (will get all the settings from a dhcp server), vr2 the interface connected to the windows computer and ral0 the interface that will act as the wireless access point link.

Next, I needed to set up a dhcp server for vr2, so the windows computer still get's the network settings from dhcp (as if it was still connected to the cable-modem). Easy, just opened /etc/dhcpd.conf and change the default settings a little bit:

shared-network LOCAL-NET {
        option  domain-name "codigo23.net";
        option  domain-name-servers 212.51.32.254, 212.51.33.110, 212.51.33.73;


        subnet 192.168.1.0 netmask 255.255.255.0 {
                option routers 192.168.1.1;

                range 192.168.1.32 192.168.1.127;
        }
}

I only added the domain name, and three nameserver ip addresses from the ISP.

After edited the dhcpd configuration I edited /etc/rc.conf to change that line:

dhcpd_flags=NO          # for normal use: ""

to

dhcpd_flags=""          # for normal use: ""

(so dhcpd will be started at boot time)

Now I was editing rc.conf, I decided to change one more line:

pf=NO                  # Packet filter / NAT

to

pf=YES                  # Packet filter / NAT

(to enable the OpenBSD packet filter)

Ok, next step was to activate ipv4 packet forwarding, changing one line in /etc/sysctl.conf:

#net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets

to

net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets

Fine, only one more step to go, I needed to set up PF, so I opened /etc/pf.conf and wrote some lines in it:

ext_if="vr1"
int_if="vr2"
wi_if="ral0"

set optimization normal
set block-policy return

scrub in on $ext_if all

nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $wi_if:network to any -> ($ext_if)

block in all

pass in quick on $int_if from $int_if:network to any keep state
pass out quick on $int_if from any to $int_if:network

pass in quick on $wi_if from $wi_if:network to any
pass out quick on $int_if from any to $wi_if:network

pass out quick on $ext_if from ($ext_if) to any keep state

Which basically means map all packets coming from the wireless link and from the internal network to the Internet as if they were from the firewall itself. Block all packets coming from the Internet that weren't a reply to the outgoing packets.

After a reboot, everything was running smoothly, the windows computer didn't notice the change and both laptops had Internet access.

Well, I only had one problem, it seems like the house walls were made of some material that block the Wireless radio signal, so we found some problems to connect to the wireless access point on some points of the house.

As wiwi would tell, it's OpenBSD, it's easy!

OpenBSD to the rescue (II)

Some days ago, I wrote about how I used OpenBSD to quickly set up a firewall to share an internet connection between a computer and some laptops and back then, I didn't think about what would happend later on this week.

Today, I visited an old friend of mine. After some talk, I noticed that he still has a little embedded computer which size is similar to one of my soekris.

Some months ago we talked about installing something there that could be configured as a firewall and router. The problem we found at that time was that the device only has a limited storage capability (128Mb) in a Industrial Grade flash card.

I recommended him to use OpenBSD for that, but we found out that the base system didn't fit in only 128Mb, we would have to create our own install sets.

But today I had another idea, we could use flashdist to directly put a running image of an OpenBSD system into the 128Mb flash card. With that, we will get a complete OpenBSD system (without some binaries anyway).

But we had a problem to do that, that kind of flash card couldn't be accessed using a USB card reader, and we needed direct access to it in order to use dd and put the image into the flash card.

The only way we could access the flash card directly was booting some operating system directly on the embedded device, an unix-like system that could mount an USB storage device (where the flashdist image was) and a system with the dd tool (to dump that image into the card.

So, we thought about netboot the OpenBSD installer...

Luckily, pAvl0 already has both dhcpd and tftp servers running on a Ubuntu box, so it was a matter of getting the installation files for OpenBSD, put them in the main directory of the tftp server and activate netboot on the embedded device.

Once the installer booted, we selected the (S)hell option and we used that shell within the installer to mount the USB storage device:

# mount -t msdos /dev/sd0i /mnt

(to know the correct partition to mount, we used disklabel to know the partitions avaliable)

and to dump the flashdist image:

# dd if=flashimg-20080308.GENERIC.console of=/dev/wd0c bs=64k

After dumped the image, we restarted the device and... it worked!. We got the usual OpenBSD boot prompt, and the system booted smoothly. It was even OpenBSD 4.3!! (-beta of course).

Only after the system was booted, we noticed that the whole system was read-only (loaded into RAM), so we couldn't modify nor the network configuration files neither the PF files.

One more thing to do, tweak our image file before dumping it into the flash card. That's pretty easy, although we didn't have more time to keep playing with that.

Tomorrow I'll try to mount the flashdist image as a normal disk, touch the needed configuration files and then dump again the image into the flash card.

Mounting SMB/CIFS shares in OpenBSD

Found how just some minutes ago. I was preparing a backup solution for a windows-based network using OpenBSD and rdiff-backup. The idea is very simple:

Some windows workstations store some data into a windows (or unix+samba) file server. The data needs to be backed up, just in case. All the information we will backup regularly are the user profiles and a backup directory shared through the whole network (so everyone could put in there everything they need to backup).

As those shares/folders/directories are exported using the SMB/CIFS protocol, I can mount them in the OpenBSD host using sharity-light, an userland implementation of smbfs (which operates in kernel space).

To mount a windows share using sharity-light, you only need an empty directory on your filesystem and do something like:

# shlight //windowsserver/backup /mnt/backup -U windows_user -P someuglypassword
#

NOTE: here windowsserver is a name pointing to the ip address of the windows server, while windows_user and someuglypassword are the user credentials needed to access (in this case) the backup share.

NOTE2: sharity does not allow ip addresses as the server name, and it will fail if you try to use the server.domain.ext naming convention, so you will probably need to add something like that to your /etc/hosts file:

192.168.1.111 windowsserver.mydomain.net windowsserver

After using calling the shlight script, you will be able to access the windows share just as any other mounted file system in OpenBSD:

# df -h
Filesystem       Size    Used   Avail Capacity  Mounted on

[ ... ]

shlight-31463    298G   93.8G    204G    31%    /mnt/backup

In my case, now I can safety run rdiff-backup to create an easy-to-recover full backup (with incrementals) on my local filesystem.

OpenBSD 4.3 released

Yes, the new release of OpenBSD have seen the light some hours ago. OpenBSD 4.3 have a lot of new things/features/upgrades and you can read about both in undeadly and in ONLamp (another nice interview with openbsd developers from Federico Biancuzzi). Of course, you could read the release announcement too.

This release theme is inspired by the Odyssey from Homer and, of course, there is a song (as with every release since 3.0). You can read the lyrics and see the usual comic here.

OpenBSD, PyCha and the Memory Error.

From the PyCha website:

Pycha is a very simple Python package for drawing charts using the great Cairo library.

And it is the perfect replacement for pychart, an old library to render charts that I've been using in my projects since near 2003.

Of course pychart is still a fine option to create charts from your python scripts, but the result is quite better with PyCha (you only have to take a look over the examples on both projects' websites to know what I mean).

PyCha depends on pycairo which depends on cairo, while pychart depends on ghostscript, and you can run both of them mostly without a problem in any unix-like operating system, like OpenBSD.

Well, that's True partially. Some weeks ago I've found an interesting problem with PyCha running on an OpenBSD server. I installed both pycairo and cairo from packages and PyCha from sources (as there was no package for my openbsd version, OpenBSD 4.4 already has a package).

I set up my python project (a django app in this case that asks users for some data and then creates some nice-looking charts from it) and I do some tests on it, just to check everything is running fine.

As soon as my app tried to generate a chart, I got an ugly Memory Error message:

At first I thought about some python memory limitation (as you can set some settings on compilation time), but it sounded somehow strange. I've been using python in OpenBSD machines for a long time now, and I've never found such problem.

A little more digging over the internet and I found a ticket in the project trac site, related to a MemoryError in FreeBSD, which pointed directly to cairo:

I installed cairo without x11, so I had no fonts installed. Installed freefont-ttf and now it works. I think cairo has no detection, if a font is missing, so it just crashes.

Nice error checking guys! There is no font, why we should show a "there is no fonts available", it is by far much better to crash the thing!.

As I've said, this is a server, so I've no X* install sets in it (more information about install sets here). That means no X11 fonts. Problem found!.

The solution:

I follow the instructions from the OpenBSD FAQ on adding a file set after install, I just grabbed the xfont42.tgz from ftp.openbsd.org and unpacked it on the root of the server:

# cd /
# tar xzvphf xfont42.tgz

A restart on the app server and it worked fine since then.