Hosts Hosts/Servers Hosts/Gentoo

• Type: Core Router
• Model: Soekris net5501-70
• Location: Bedroom 1
• URL: http://santo.sihnon.net/
• Provides:
  • Routing
  • Gateway Firewall
  • DHCP server
  • Name server (master)
  • Directory server (LDAP master)

*Specs:

• 500MHz AMD Geode LX
• 512Mb Ram
• 4x 100Mb Ethernet
• 4Gb SanDisk Compact Flash II
• 120Gb Western Digital 5400rpm 8mb (disconnected)

Santo's system disk is a 4gb compact flash card.

{| class=“wikitable” cellspacing=“10”

! Partition Number ! Size ! Filesystem ! Mount point ! UUID ! Notes

There is also a 120Gb SATA drive present, though it is run through a SATA→PATA bridge and appears as /dev/sdb. It will be used to hold several logical volumes using LVM.

{| class=“wikitable” cellspacing=“10”

! Partition Number ! Size ! Filesystem ! Mount point ! UUID ! Notes

The logical volumes will be used to house filesystems which are frequently/heavily accessed and which may want to grow over time (eg logs).

{| class=“wikitable” cellspacing=“10”

! Name ! Size ! Filesystem ! Mount point ! UUID ! Notes

Full kernel .config files are stored in subversion, at configs:/kernel/santo/.

The following options are necessary for the system to boot under both VMware and the Soekris hardware.

In order to enable DMA, it is important not to select any generic IDE/SCSI controllers; only the hardware specific ones should be enabled.

2.6.28-gentoo-r1|<code>0@@</code>

The serial port on the Soekris hardware is currently configured to run at 38400 bps, using 8 bit words, no parity bits, and one stop bit (38440 8n1).

Grub will need to output the boot menu to the serial console: /boot/grub/grub.conf|<code>1@@</code>

Finally, add a login prompt to the serial console. -L forces the output to work, even if the cable isn't connected. /etc/inittab|<code>2@@</code>

Network configuration is stored in subversion, under configs:/network/router/.

Also see Essential software packages

• direct=yes|net-dns/bind
• direct=yes|net-dns/bind-tools
• direct=yes|net-misc/dhcp
• direct=yes|net-misc/bridge-utils
• direct=yes|net-firewall/iptables
• direct=yes|net-analyzer/tcpdump
• direct=yes|net-nds/openldap
• direct=yes|sys-auth/nss_ldap
• direct=yes|sys-auth/pam_ldap
• direct=yes|net-fs/samba
• direct=yes|net-wireless/hostapd
• direct=yes|net-wireless/madwifi-ng
• direct=yes|net-wireless/madwifi-ng-tools
• direct=yes|net-misc/ntp
• direct=yes|net-misc/openvpn
• direct=yes|www-servers/apache
• direct=yes|dev-lang/php
• direct=yes|dev-db/mysql {{EnableFlag|minimal}}
• direct=yes|dev-util/subversion
• direct=yes|mail-mta/postfix
• direct=yes|net-misc/linux-igd
• direct=yes|app-crypt/aespipe
• direct=yes|net-analyzer/vnstat

See Syslog. Santo's CF root disk wont appreciate lots of log writes, so all log messages will be sent to the central loghost, and only written to tmpfs locally. Logs will be permanently stored on the loghost's disk, or if that is unavailable can be read directly on Santo until it is rebooted.

Add the following mounts: /etc/fstab|<code>3@@</code>

If the kernel was compiled with support for the Geode LX and hardware watchdog, install direct=yes|sys-apps/watchdog and edit the configuration file to contain at least the following:

/etc/watchdog.conf|<code>4@@</code>

Then start the watchdog, and add it to the boot runlevel: <code>5@@</code>

See LDAP/Openldap. Configuration files are stored in subversion, under configs:/ldap/master/.

See DNS & DHCP. Configuration files are stored in subversion, under configs:/dhcp/master/ and configs:/named/master/.

See Iptables.

Edit <tt>/etc/postfix/main.cf</tt> to set the hostname. As this host is not a primary or backup MX, no other configuration is necessary.

<code>6@@</code>

Configuration is stored in subversion, under configs:/samba/master/. Samba's LDAP password must be set to the same value stored in the directory and then the service can be started.

<code>7@@</code>

Configuration is stored in subversion, under configs:/upnpd/master/. Merely copy these in place and start the daemon with:

<code>8@@</code>

TODO

Set up remote logging, as per Loging via syslog so that messages aren't written to the local CF disk.

See Wireless. Configuration is stored in subversion, under configs:/wireless/router/.

The options are:

• rsync, backing up directly to an NFS mount on Athens.
• perlbak, using the SATA hard drive as scratch space before copying the final tar across to Athens.

9@@

/dev/sda:

Model=SanDisk SDCFX3-004G Config={ HardSect NotMFM Removeable DTR>10Mbs nonMagnetic } RawCHS=7964/16/63, TrkSize=0, SectSize=576, ECCbytes=4 BuffType=DualPort, BuffSize=1kB, MaxMultSect=4, MultSect=?0? CurCHS=7964/16/63, CurSects=8027712, LBA=yes, LBAsects=8027712 IORDY=no, tPIO={min:120,w/IORDY:120}, tDMA={min:120,rec:120} PIO modes: pio0 pio1 pio2 pio3 pio4 DMA modes: mdma0 mdma1 mdma2 UDMA modes: udma0 udma1 *udma2 udma3 udma4 AdvancedPM=no WriteCache=disabled Drive conforms to: Unspecified: ATA/ATAPI-4

Timing cached reads: 370 MB in 2.00 seconds = 185.07 MB/sec Timing buffered disk reads: 82 MB in 3.05 seconds = 26.91 MB/sec

Santo on the Soekris hardware has had some stability issues in the past. It looks like these might be fixed with the current 2.6.28-gentoo-r1 kernel config, but just in case, here is a magic incantation to spam syslog every 5 minutes, just to show the kernel is still alive.

<code>10@@</code>