My Network Lunchbox project (originally I was going to name it palantir) aims to provide a ready-to-use image for Soekris net4801 (and possibly 4501) to make them usable as general-purpose network troubleshooting devices. Specifically, the intent is enable administrators of large, complex or geographically dispersed networks to be able to install a Soekris device with one interface on a network reachable from their workstation and use the other two interfaces as entry points into unreachable or problematic networks.
At work, we were having some issues with viruses that run DHCP servers. Without getting into the nitty-gritty details, it was screwing up DHCP on one of the few hundred subnets that we run. But, since the affected subnets are in buildings spead across a few square miles, it isn't always feasible to send someone out with a laptop to do a packet capture (especially if it's a transient problem). Due to the network architecture (specifically, DHCP helper on the routers and VLANs constrained to access routers) we couldn't jump on the affected subnets from the office and dump the traffic. So, Network Lunchbox was born.
The current procedure for us is as follows:
ssh -c, start a packet capture and save the output directly on our workstation.
To download and use the Lunchbox, there are a few options:
ddit to a CF card. The 1GB image includes a root filesystem mounted read only with 446MB free, and a /var filesystem mounted rw with 145MB free.
The server-side components for the phoneHome script are in subversion in the phonehome-server/ directory.
|1.0GB CF Card image||lunchbox0.1_r2.img.bz2||385Mb||e687eebb5f64ea408dd268deee80c9ce|
|/ filesystem archive||lunchbox0.1-hda1_r2.tar.bz2||94Mb||dfeb906e4e3428bf5c764f9e1ae42ced|
|/var filesystem archive||lunchbox0.1-hda2_r2.tar.bz2||14Mb||7130cc8c306d8825c31724a4db2038a9|
The image and filesystem archive files have the following naming convention:
|CF card images||lunchbox(ver)_r(SVNrev).img.bz2|
Examples for Lunchbox v0.1, SVN revision 2:
Note on the full CF card image: This obviously would have fit on a 512Mb CF card. However, I opted to make the image for a full 1GB card mainly because: 1) CF cards are cheap these days and 2) since I wanted this to be an all-purpose box, I'd rather have lots of empty space than run out.
Source code for Network Lunchbox is now hosted on github, at github.com/jantman/NetworkLunchbox.
The lunchbox/ directory holds everything that's specific to this project -
the phonehome script and stuff like that. The rest of the repository holds the
files that I modified from the debian defaults..
How I Built it:
Unfortunately, I don't have the best notes on the build process. However, I'll write down what I remember, and fill in more in the future. The one important thing to know is that, though we're going to be using Debian on i386, we need not use Debian as our build host, or even use i386 as our build host architecture. Also, the subversion repository mentioned above has copies of most of the Debian files that I modified, if you don't want to download and extract the root filesystem archive.
debootstrap --arch i386 lenny /mnt/debian --> --http://ftp.debian.org/debian.
/etc/fstab. For now, leave the root partition mounted as rw. Remember that though we'll see our CF card mounted as
/dev/sdXon our build host, on the actual Soekris it will be
apt-get installanything you really need.
linux-image-2.6.26-2-486kernel image. Just make sure you use linux-image-*-486.
apt-get install grub. Now the REALLY IMPORTANT part (this could gronk your workstation). You need to install grub on the CF card, not your hard drive. On my workstation, this meant
grub-install hd3. Once again, make sure you put grub on the right disk.
/boot/grub/device.mapso the only line is:
/boot/grub/menu.lstto be correct (at a minimum, setup for serial and noacpi).
/etc/inittabto get a serial getty.
This takes some work. I honestly didn't write down all of the steps, as it took quite some trying to get rid of errors.
/etc/fstaband add "ro" to the mount options for /.
rm /etc/mtab && ln -s /proc/mounts /etc/mtab
mv /etc/adjtime /var/etc/ && ln -s /var/etc/adjtime /etc/adjtime
mv /etc/motd /var/run/motd && ln -s /var/run/motd /etc/motd
mv /etc/resolv.conf /var/etc/resolv.conf && ln -s /var/etc/resolv.conf /etc/resolv.conf
/etc/rsyslog.confand remove anything not needed
mkdir /var/root && mv /root/.ssh/known_hosts /var/root/ && ln -s /var/root/known_hosts /root/.ssh/known_hosts
/etc/rsyslog.confto minimize writes (possibly remote syslog everything??
You can check out my blog or just drop me an E-Mail. Or you can find more contact options here.