|   Custom Router:
FreeBSD
on the
Soekris net4501
By Michael R. Brumm
My Related Routing Pages:
Introduction I've switched ISPs more than a few times due to changing locations, improving technologies, and expanding services. This can be a real hassle for someone who uses
their Internet connection for anything other than casual web browsing and e-mail. Not only do my IP addresses change, but often new hardware is required.Many ISPs require that you use the modem or modemrouter that they supply. And if you are replacing your router every time, then this means you'll have to learn a new set of proprietary command line instructions (assuming your new router is sophisticated enough to provide this) and spend a lot of time configuring things.
Even when I'm able to keep my own router, most commercial routers (yes, even expensive Cisco routers) are inflexible and leave me at the mercy of technical support people who often can't tell me the difference between FIN and SYN, and who provide firmware updates only until their next new model comes out. After my last move, I'd had enough. I decided to build my own custom router which would be flexible enough to use anywhere and do anything. Here are my experiences after
completing the project. Why FreeBSD? I'm not interested in the religious wars which wage between operating systems. I use what
works best to solve the problem. I use mostly Windows for my desktop and in corporate environments. I often use Linux for web servers. But for my router, I want FreeBSD because it does routing better than anything else. Here are a few examples of why:IPFW, IPF and IPNAT, DUMMYNET, MPD I also happen to think that fundamentally, FreeBSD beats Linux in everything from kernel engineering to the license. Why the
Soekris net4501?  I have plenty of old hardware that I could use to build this router, but I'm really not interested in having my router run on a hulking, noisy, CPU
overheating, hard disk crashing PC or laptop that is already past its expected lifetime and takes 40 seconds just to get past BIOS. I'd much rather have it run on a cooler (temperature-wise), smaller package that uses solid state storage and is (almost) instant-on.Soekris offers several nice little embedded computers, many of them faster and more impressive than their net4501, but I know the net4501's 133 MHz 486 class processor will
handle around 10Mbps, which is much more bandwidth than I'm likely to get within the next decade.
The Installation I won't get too involved with the details on how to get FreeBSD installed on computer with no video, no keyboard, no floppy drive, no CD/DVD-ROM drive, and no hard drive
(flash memory storage only). Unless you want to get really creative, you generally have two options with the Soekris net4501:Mount the CompactFlash memory card on a computer already running FreeBSD using a USB card reader and run the FreeBSD setup on it.
or
Use the Soekris net4501's PXE and a computer running a DHCP, TFTP and/or NFS server to install FreeBSD over the network. I've provided a tutorial on How to Install FreeBSD 4.x on a Soekris net4501 Using PXE.Both of these are also documented in the FreeBSD Handbook and by Soekris Support.
Either way, I suggest you get a USB card reader to allow you to easily modify and backup the file system on a different computer. Serial Console Until you get the network interface configuration working and sshd running, you will probably use the serial console port as a terminal. Before installing FreeBSD, I suggest
you set the net4501 comBIOS to use 9600bps. It is possible to run at other speeds, but it's easier this way. Custom Kernel Although the generic kernel will work, it's best to build a custom kernel for the net4501 after you get FreeBSD installed. By customizing the kernel, you can optimize the code for
the AMD ElanSC520 CPU and disable unnecessary device drivers and options. This will make the boot process quicker, your operating system faster and more stable, and leave you with more memory after the kernel has loaded.Here is the kernel configuration file I used for FreeBSD 4.x on the net4501: ROUTER Smaller Storage Since CompactFlash memory cards don't have the storage capacity of today's hard drives, you will probably want to keep the installation options to a minimum (no X-Windows, no ports collection, etc...). It's possible to install FreeBSD on cards with less than 16MB, but it is a big hassle and you won't have much flexibility if you do.
I wanted my router to have man pages, Perl, bind, isc-dhcpd, sendmail, and the ability to compile and add new software, like Apache, if necessary. I found that I could do this on a 256MB CompactFlash card and still have 39MB left (after I deleted the foreign language man pages). As cards get larger, and my needs grow, I'll upgrade. Read Only Storage
Here is where we depart from the norm. Because flash memory cards have a limited write endurance, you must minimize writing to storage. In addition, an embedded device is expected to be unplugged at any time and never corrupt the file system. The best way to do this is to use a file system in memory for dynamic storage and the flash disk as a read-only mount Never, I repeat: never, create a swap partition on a flash disk; or you will ruin it.
There are basically four sections of the FreeBSD which are expected to be writeable:
/dev, /root, /tmp, and /var I have constructed a boot script (rc.early) which detects whether the file system is read-only or read-write. If the file system is read-only, snapshots of these directories on the flash disk are copied into a memory file system and links direct access to these volatile, but writeable copies. If it is read-write, then the links direct access to the snapshots.
Here are the configuration files you need add to do this:
/etc/rc.early /etc/fstab.rw /etc/fstab.ro Then, create the snapshots and reboot:
Note that I've moved /etc/resolv.conf into /var. This is because dhclient dies if it cannot modify this file. If you install additional software, you may find other files in /etc which require this.To allow modifications to the file system (to change the configuration or install packages):
To return back to the read-only file system: Obviously, if you only need to change something in /etc (not resolv.conf!), then you can probably get away with:
Flexible, Powerful, Simple My router is running great and I love the flexibility to do basically anything in my packet filters and shapers. Some of the particularly interesting things I've done:- Segmented my network into two sections: one with public IP addresses (for my server, main workstation, and the Xbox) and one that is behind a NAT (for my
other computers, the networked printer, and for when friends bring over their computers).
- Created a script which automatically throttles all non-Xbox packets to 128Kbps up and 512Kbps down whenever packets from my Xbox to Xbox Live are detected. This ensures my Xbox Live games always run smoothly without lag.
- Configured mpd as a PPTP server to allow me to connect to my home network via a VPN from anywhere on the Internet.
BSD Daemon Copyright 1988 by Marshall Kirk McKusick. All Rights Reserved | |
