[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Firewalling with an embedded PC?

To: Chor Teik Joon <joon@twofishy.net>
Subject: Re: Firewalling with an embedded PC?
From: Chris Kuethe <ckuethe@ualberta.ca>
Date: Mon, 2 Sep 2002 18:38:23 -0600 (MDT)
Cc: misc@openbsd.org

On Tue, 3 Sep 2002, Chor Teik Joon wrote:

> >done both. i'm hacking at a crunch-style distro for the
> >soekris, which with a less stingy kernel would probably
> >run on all flavors of the nexcom as well. the kernel is
> >3.0MB, which means that it would fit very nicely onto a
> >4MB compactflash, and leave you 1MB for persistent storage
> >(like ssh keys, vpn configs, /dev/urandom backups, passwd)

to make that really work, i'd need to steal freebsd's clock
autocalibration routines (the elan's PIT runs at an odd freq)
and finish porting the mmcr device. and add 586 and 686 CPU
types back into the kernel...

> <snip>
>
> Nice work. How do you handle /var/log since disk space is very tight?

ramdisk + scp, remote log, ...

rd0a		/		ffs	rw
wd0a		/config		ffs	rw
/config/etc	/etc		union	rw,noauto
/config/usr	/usr		union	rw,noauto
/config/var	/var		union	rw,noauto
swap		/var/log	mfs	rw,-s=8192,noexec,nodev,noauto

/etc/rc mounts /{etc,var,usr} "manually" so that it can create
mountpoints if necessary. ideally, i want to be able to take a
blank compactflash, put the bootloader and a kernel on, and off
we go. the system will try divine the rest.

i've included vi and enough termcap that the system is usable
and configurable from the get-go. openssl is a bito of a pig,
so i haven't included that. i suppose i could do a 'lite'
version that needs 2-4M of flash, and a 'full' version that
needs 6-8M but has more stuff in it.

> I'm currently looking into making some of these, if anyone knows a vendor
> in the S.E. Asean region, drop me a line.

nexcom is in taiwan, which may or may not be less customs
hassle for you than it was for me. you might find something
useful on linuxdevices.com ...

CK

-- 
Chris Kuethe, GCIA CISSP: Secure Systems Specialist - U of A CNS
      office: 157 General Services Bldg.    +1.780.492.8135
              chris.kuethe@[pyxis.cns.]ualberta.ca

No trees were destroyed in the sending of this contaminant free message; we
do concede a significant number of electrons may have been inconvenienced.

References:
- Re: Firewalling with an embedded PC?
  - From: Chor Teik Joon <joon@twofishy.net>

Prev by Date: Re: misc questions
Next by Date: Fw: goldfish
Prev by thread: Firewalling tunning...
Next by thread: goldfish
Index(es):
- Date
- Thread