Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 29 Jun 2000 17:39:12 +0200
From:      "laurens van alphen (craxx)" <freebsd.small@lists.craxx.nl>
To:        <freebsd-small@freebsd.org>
Subject:   Using a CD for firewalls
Message-ID:  <NCBBJKKDJIOIKDHNDOCAAEIFFJAA.freebsd.small@lists.craxx.nl>

next in thread | raw e-mail | index | archive | help
[This is a resend, my message also went to -stable, unintendedly]

Hello,

We're using PicoBSD on floppy disks (1.44MB) for our current firewall
config.
As our version is highly customized, I dont like the complex build proces
and the
uneasy way to keep track of changes in the PicoBSD base system (the build
proces
for example).

However, as space is limited, so are the possibilities. You can't have all
ipfilter tools, openssh (client & server), snmpd, dchrelay and a bloated
kernel
on a single disk.

Also, floppy disks tend to go bad once in a while and are painfully slow.

We're currently looking into using CD's as a replacement. The are cheap to
replace
and easy to build (keep an image on a bsd toaster). Also the firewall itself
will
be standards-based (unlike LS120 or Flashdisk) and can be swapped in and out
with
standard hardware, when shit hits the fan; the firewall could be any desktop
machine with a cdrom and 3 or more NICs.

I'm looking for pointers on how to best approach this. So far it's easy to
make
a 2.88MB disk image that holds a kernel & boot loader but then;

- I'd prefer to use the floppy emulation for bootloading only and mount the
  rest of the CD (up to about 650MB) as root that holds the kernel, init, rc
  and basically the rest of the OS.

- Where does cdboot (/usr/src/sys/i386/boot/cdboot) come in handy? What does
  it do and when better avoid it?

Any help, hints, pointers are welcome. Is anyone working on the same? We
might as
well share experience.

Of course I'll be willing to contribute whatever i come up with back to the
FreeBSD project.

Other things to keep in mind about this CD thing:

- You can't edit a single file. Maybe /etc should move off to MD so we can
at
  edit online. How would mounting another CD work when the CD is our root
fs?

- Could be better to keep / to the 2.88MB floppy and mount /bin /var /usr
and
  /etc from the CD so it can be unmounted at runtime. Does CD support
different
  labels (sessions?) on a single CD so I could say:

		mount	/dev/acd0?	/usr
		mount	/dev/acd0?	/etc

- Could / be double mounted? Once from the 2.88MB floppy emulation, once
from
  the CD itself? You can then unmount the CD and remount another CD. How
  would that work?

Thanks in advance,

--
laurens van alphen, craxx
alphen@craxx.nl, http://www.craxx.nl



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-small" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NCBBJKKDJIOIKDHNDOCAAEIFFJAA.freebsd.small>