From owner-freebsd-stable Thu Jun 29 6:50:29 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mail.craxx.nl (mail.craxx.nl [195.85.153.249]) by hub.freebsd.org (Postfix) with ESMTP id F31CE37BCC8 for ; Thu, 29 Jun 2000 06:50:20 -0700 (PDT) (envelope-from freebsd.stable@lists.craxx.nl) Received: from cartman (segfault.craxx.nl [195.85.153.236]) by mail.craxx.nl (Postfix) with SMTP id 1C7EE1E80E for ; Thu, 29 Jun 2000 15:50:16 +0200 (CEST) From: "laurens van alphen (craxx)" To: Subject: Using a CD for firewalls Date: Thu, 29 Jun 2000 15:50:15 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, We're using PicoBSD on floppy disks (1.44MB) for our current firewall config. As our version is highly customized, I dont like the complex build proces and the uneasy way to keep track of changes in the PicoBSD base system (the build proces for example). However, as space is limited, so are the possibilities. You can't have all ipfilter tools, openssh (client & server), snmpd, dchrelay and a bloated kernel on a single disk. Also, floppy disks tend to go bad once in a while and are painfully slow. We're currently looking into using CD's as a replacement. The are cheap to replace and easy to build (keep an image on a bsd toaster). Also the firewall itself will be standards-based (unlike LS120 or Flashdisk) and can be swapped in and out with standard hardware, when shit hits the fan; the firewall could be any desktop machine with a cdrom and 3 or more NICs. I'm looking for pointers on how to best approach this. So far it's easy to make a 2.88MB disk image that holds a kernel & boot loader but then; - I'd prefer to use the floppy emulation for bootloading only and mount the rest of the CD (up to about 650MB) as root that holds the kernel, init, rc and basically the rest of the OS. - Where does cdboot (/usr/src/sys/i386/boot/cdboot) come in handy? What does it do and when better avoid it? Any help, hints, pointers are welcome. Is anyone working on the same? We might as well share experience. Of course I'll be willing to contribute whatever i come up with back to the FreeBSD project. Other things to keep in mind about this CD thing: - You can't edit a single file. Maybe /etc should move off to MD so we can at edit online. How would mounting another CD work when the CD is our root fs? - Could be better to keep / to the 2.88MB floppy and mount /bin /var /usr and /etc from the CD so it can be unmounted at runtime. Does CD support different labels (sessions?) on a single CD so I could say: mount /dev/acd0? /usr mount /dev/acd0? /etc - Could / be double mounted? Once from the 2.88MB floppy emulation, once from the CD itself? You can then unmount the CD and remount another CD. How would that work? Thanks in advance, -- laurens van alphen, craxx alphen@craxx.nl, http://www.craxx.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message