My Network Lunchbox project (originally I was going to name it palantir) aims to provide a ready-to-use image for Soekris net4801 (and possibly 4501) to make them usable as general-purpose network troubleshooting devices. Specifically, the intent is enable administrators of large, complex or geographically dispersed networks to be able to install a Soekris device with one interface on a network reachable from their workstation and use the other two interfaces as entry points into unreachable or problematic networks.
At work, we were having some issues with viruses that run DHCP servers. Without getting into the nitty-gritty details, it was screwing up DHCP on one of the few hundred subnets that we run. But, since the affected subnets are in buildings spead across a few square miles, it isn't always feasible to send someone out with a laptop to do a packet capture (especially if it's a transient problem). Due to the network architecture (specifically, DHCP helper on the routers and VLANs constrained to access routers) we couldn't jump on the affected subnets from the office and dump the traffic. So, Network Lunchbox was born.
The current procedure for us is as follows:
ssh -c
, start a packet capture and
save the output directly on our workstation.To download and use the Lunchbox, there are a few options:
dd
it to a CF card. The 1GB image includes a root filesystem mounted read only
with 446MB free, and a /var filesystem mounted rw with 145MB free.The server-side components for the phoneHome script are in subversion in the phonehome-server/ directory.
Downloads | |||
---|---|---|---|
Description | File | Size | MD5 sum |
1.0GB CF Card image | lunchbox0.1_r2.img.bz2 | 385Mb | e687eebb5f64ea408dd268deee80c9ce |
/ filesystem archive | lunchbox0.1-hda1_r2.tar.bz2 | 94Mb | dfeb906e4e3428bf5c764f9e1ae42ced |
/var filesystem archive | lunchbox0.1-hda2_r2.tar.bz2 | 14Mb | 7130cc8c306d8825c31724a4db2038a9 |
The image and filesystem archive files have the following naming convention:
filesystem archives | lunchbox(ver)-hda{1|2}_r(SVNrev).tar.bz2 |
CF card images | lunchbox(ver)_r(SVNrev).img.bz2 |
Examples for Lunchbox v0.1, SVN revision 2:
Note on the full CF card image: This obviously would have fit on a 512Mb CF card. However, I opted to make the image for a full 1GB card mainly because: 1) CF cards are cheap these days and 2) since I wanted this to be an all-purpose box, I'd rather have lots of empty space than run out.
Source code for Network Lunchbox is now hosted on github, at github.com/jantman/NetworkLunchbox.
The lunchbox/ directory holds everything that's specific to this project -
the phonehome script and stuff like that. The rest of the repository holds the
files that I modified from the debian defaults..
How I Built it:
Unfortunately, I don't have the best notes on the build process. However, I'll write down what I remember, and fill in more in the future. The one important thing to know is that, though we're going to be using Debian on i386, we need not use Debian as our build host, or even use i386 as our build host architecture. Also, the subversion repository mentioned above has copies of most of the Debian files that I modified, if you don't want to download and extract the root filesystem archive.
debootstrap --arch i386 lenny /mnt/debian -->
--http://ftp.debian.org/debian
./etc/fstab
. For now, leave the root partition mounted as
rw. Remember that though we'll see our CF card mounted as
/dev/sdX
on our build host, on the actual Soekris it will be
/dev/hda
.apt-get install
anything you really need./etc/hostname
./etc/network/interfaces
.linux-image-2.6.26-2-486
kernel image. Just make
sure you use linux-image-*-486.apt-get install grub
. Now the REALLY
IMPORTANT part (this could gronk your workstation). You need to
install grub on the CF card, not your hard drive. On my workstation, this
meant grub-install hd3
. Once again, make sure
you put grub on the right disk./boot/grub/device.map
so the only line is: (hd0)
/dev/hda
./boot/grub/menu.lst
to be correct (at a minimum, setup
for serial and noacpi)./etc/inittab
to get a serial
getty.This takes some work. I honestly didn't write down all of the steps, as it took quite some trying to get rid of errors.
/etc/fstab
and add "ro" to the mount options for /.mkdir /var/etc
rm /etc/mtab && ln -s /proc/mounts /etc/mtab
mv /etc/adjtime /var/etc/ && ln -s /var/etc/adjtime /etc/adjtime
mv /etc/motd /var/run/motd && ln -s /var/run/motd
/etc/motd
mv /etc/resolv.conf /var/etc/resolv.conf && ln -s
/var/etc/resolv.conf /etc/resolv.conf
/etc/rsyslog.conf
and remove anything not neededbootmisc.sh
and checkroot.sh
in
/etc/init.d/
/sbin/dhclient-script
mkdir /var/etc/default
mkdir /var/root && mv /root/.ssh/known_hosts /var/root/ && ln -s
/var/root/known_hosts /root/.ssh/known_hosts
/etc/rsyslog.conf
to minimize writes
(possibly remote syslog everything??You can check out my blog or just drop me an E-Mail. Or you can find more contact options here.