Sunday, September 23, 2007

Setting up a Soekris 5501 with OpenBSD 4.2

undeadlyNew story of mine on The OpenBSD Journal:

I wrote about how I went about setting up my new Soekris net5501:

I recently purchased a new Soekris net5501 to replace my beige box firewall. I had previously set up a net4501 but I wasn't happy with it and sold it to a friend. Large file transfers would grind it to a halt and the performance wasn't as good as my beige box. The net5501 has increased horsepower (faster processor, more memory) and a better network chipset (vr(4)). And, most of all, because there are 4 network ports! At my house I have 3 network + my FiOS connection. I have my internal LAN (wired with full access to everything), my wireless network (requires authentication and has limited access to the LAN) and my DMZ (for my web server; no access to the LAN or wireless networks).

For my installation, I use Yaifo so I don't have to deal with a serial console or setting up pxeboot. (I actually did hook up a serial console to update the bios, which I'll discuss later). Also, I use a custom rc and a flashdist-like system so I can mount my CF read-only. My "fdlite" script doesn't rely on a customized install like flashdist. It does use some of the device modifications Chris uses to make the read-only / work properly, though.


Read more at The OpenBSD Journal.

4 comments:

  1. Out of curiosity, why did you move away from a grey OBSD firewall to the soekris? Just to save power, or were you having a space issue? Or maybe you just wanted something new to do :)

    Love your site, quite jealous about the FIOS (not jealous enough to move to the DC area mind you, but quite happy that you can use an openbsd box to route things for when I'm finally in a FIOS area.

    ReplyDelete
  2. > Out of curiosity, why did you move away from a grey OBSD firewall to
    > the soekris? Just to save power, or were you having a space issue?
    > Or maybe you just wanted something new to do :)

    It served two purposes. One: I was trying to save on power, space, moving parts. Two: I wanted "cool" new hardware.

    FIOS is awesome. I used to have residential FIOS and it required PPPOE. It worked quite well with the in-kernel PPPOE driver. I since upgraded to business FIOS which has no PPPOE. I'm very happy.

    ReplyDelete
  3. Can you provide details of your "fdlite" scripts? Do you get full logging in /var (which I presume is mounted on mfs).

    I've had a default openbsd install on my 4801 ro since 3.8, and the only real modifications I've done were in rc and rc.shutdown, but still can't shake the feeling there's some more stuff I need to configure...

    ReplyDelete
  4. Jonathan,

    I wrote about my fdlite script on Undeadly.
    I don't use it anymore. The general consensus has been that just installing a normal install onto the CF is adequate. I do, then, configure the box to log to a syslog server rather than have constant writes to /var/log.

    ReplyDelete