NetBoot Embedded (soekris)

From PFSenseDocs

This article is part of the HOWTO series.

WORK IN PROGRESS DOCUMENT MAY NOT CONTAIN ALL STEPS

Contents 1 Environment: 1.1 Hardware: 1.2 Software: 2 References 3 Software prereq 4 pfSense install 5 pfSense configuration

Environment:

This assumes you already have a working serial connection to your soekris box

Hardware:

• Soekris Net4801
  • http://soekris.com/net4801.htm
• Null Modem Adapter
  • http://www.radioshack.com/product/index.jsp?productId=2062210
• F-F RS232C Serial Cable
  • http://www.radioshack.com/product/index.jsp?productId=2049676
• alternative: F-F Null Modem RS232C Serial Cable
  • http://www.national-tech.com/popupspecs/10d1-20406.htm
• A working FreeBSD 6.2 x86 install
• 4801 eth0 port connected to same subnet as FreeBSD server

Software:

• pfSense - http://pfsense.org/
• FreeBSD 6.2 - http://freebsd.org/
• ISC dhcpd - http://www.isc.org/sw/dhcp/

References

• HowTo: netboot & install pfSense / Soekris Net4801 + HardDrive / OSX Much of this was stolen from this guide.

Software prereq

FreeBSD server:

• Install DHCP server

pkg_add -rv isc-dhcp3-server

• replace /usr/local/etc/dhcpd.conf with, replacing IPs as necessary

option domain-name "yourdomain.com";
option domain-name-servers 192.168.69.80;
default-lease-time 28800;
max-lease-time 86400;
subnet 192.168.69.0 netmask 255.255.255.0 {
	    range 192.168.69.180 192.168.69.199;
	    option routers 192.168.69.1;
}

• 4801-60

host 4801-60 {
	    # You will need to determine your ethernet mac address (tcpdump, dhcp lease log, etc)
	    hardware ethernet 00:00:24:c7:82:08;
	    fixed-address 192.168.69.103;
	    next-server 192.168.69.80;
	    filename "pfsense/boot/pxeboot";
	    option root-path "/usr/local/tftpboot/4801-60/";
	    option routers 192.168.69.1;
	    option host-name "4801-60";
}

• Put the following in your /etc/rc.conf (substitute NIC as needed)

dhcpd_enable="YES"                          # dhcpd enabled?
dhcpd_flags="-q"                            # command option(s)
dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration file
dhcpd_ifaces="gem0"                         # ethernet interface(s)
dhcpd_withumask="022"                       # file creation mask

• setup tftpd daemon
• put the following line in your /etc/inetd.conf

tftp    dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot

• and symlink /tftpboot to /usr/local/tftpboot

mkdir /usr/local/tftpboot
ln -s /usr/local/tftpboot /tftpboot

• Put the following in your /etc/rc.conf

inetd_enable="YES"              # Run the network daemon dispatcher (YES/NO).
inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one.
inetd_flags="-wW -C 60"         # Optional flags to inetd

• setup nfsd daemon
• I have other machines on the network doing this, feel free to trim down the exports line!

 echo "/usr -maproot=root,alldirs -network 192.168.69.0 -mask 255.255.255.0" > /etc/exports

• Put the following in your /etc/rc.conf

### Network daemon (NFS): All need rpcbind_enable="YES" ###
rpcbind_enable="YES"            # Run the portmapper service (YES/NO).
rpcbind_program="/usr/sbin/rpcbind"     # path to rpcbind, if you want a different one.
rpcbind_flags=""                # Flags to rpcbind (if enabled).
# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
mountd_enable="YES"             # Run mountd (or NO).
mountd_flags="-r"               # Flags to mountd (if NFS server enabled).
weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
nfs_server_enable="YES"         # This host is an NFS server (or NO).
nfs_server_flags="-u -t -n 4"   # Flags to nfsd (if enabled).
nfs_reserved_port_only="NO"     # Provide NFS only on secure port (or NO).
nfs_bufpackets=""               # bufspace (in packets) for client

• At this point it's probably easiest to just reboot your FreeBSD box to get all the services up

pfSense install

This will pull down the most recent snapshot

setenv PF_DL       "http://snapshots.pfsense.com/FreeBSD6/RELENG_1/embedded/"
wget ${PF_DL}/pfSense.img.gz
wget ${PF_DL}/pfSense.img.gz.md5
clear
cat pfSense.img.gz.md5
md5sum pfSense.img.gz
	MD5 (/usr/obj.pfSense//pfSense.img.gz) = ffc6edeea00af6c86b757e45b26b8c72
	ffc6edeea00af6c86b757e45b26b8c72  pfSense.img.gz
gunzip pfSense.iso.gz

Now we need to mount it

mkdir /mnt/pfsense
MD=`mdconfig -a -f pfSense.img`
mount /dev/${MD}a /mnt/pfsense
mount /dev/${MD}d /mnt/pfsense/cf
cd /mnt/pfsense
tar cvf - . | ( cd /usr/local/tftpboot/4801-60; tar xpf - )

pfSense configuration

This part will take place in /usr/local/tftpboot/4801-60 on the FreeBSD server

Modify etc/fstab to look like

192.168.69.80:/usr/local/tftpboot/4801-60 / nfs rw 1 1
192.168.69.80:/usr/local/tftpboot/4801-60/cf /cf nfs rw 1 1

Modify cf/conf/config.xml and modify the LAN address around line 39

                        <if>sis0</if>
	                    <ipaddr>192.168.69.103</ipaddr>

<subnet>24</subnet>

	                    <media></media>

Copy mount_nfs from your FreeBSD server

cp /sbin/mount_nfs sbin