From owner-freebsd-small Sun Feb 16 1:20: 3 2003 Delivered-To: freebsd-small@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D29FD37B401 for ; Sun, 16 Feb 2003 01:20:01 -0800 (PST) Received: from bss.neon1.net (gw.adsl.ddn-ddn-131-209.netstream.ch [80.238.131.209]) by mx1.FreeBSD.org (Postfix) with SMTP id BEEFE43FCB for ; Sun, 16 Feb 2003 01:19:59 -0800 (PST) (envelope-from mk@neon1.net) Received: (qmail 1591 invoked by uid 80); 16 Feb 2003 09:20:06 -0000 Received: from 192.168.0.196 (SquirrelMail authenticated user mk) by bss with HTTP; Sun, 16 Feb 2003 10:20:06 +0100 (CET) Message-ID: <49162.192.168.0.196.1045387206.squirrel@bss> Date: Sun, 16 Feb 2003 10:20:06 +0100 (CET) Subject: m0n0wall released (embedded FreeBSD-based firewall) From: "Manuel Kasper" To: X-Priority: 3 Importance: Normal X-Mailer: SquirrelMail (version 1.2.10) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi folks, I thought that since my project involves FreeBSD on embedded systems, I'd let you know that I have finally released the first public beta version of m0n0wall, my all-in-one firewall package with web interface. At the moment, it's only available for the net4501 communication computers from Soekris Engineering, but it shouldn't be hard to port to other platforms, so I'll release something like a "platform builder kit" soon. In the meantime, you can have a look at http://neon1.net/m0n0wall for details, screenshots and the download. The goal is that once it is installed, it should resemble a commercial firewall box as much as possible (ease of use, speed, etc.) - minus the price. :) It's based on FreeBSD 4.7, thttpd, PHP, MPD, ipfilter, isc-dhcp and ez-ipupdate. Features include: * web interface * serial console interface for recovery * stateful packet filtering * NAT/PAT * DHCP client and PPPoE support on the WAN interface * DHCP server * DynDNS client * traffic shaper * firmware upgrade over FTP I think that the traffic shaper is an especially nice gimmick - most commercial firewalls I know don't offer anything like that (or QoS that works on the upstream only). The next version will most likely have VPN support (IPsec and PPTP) as well. At the moment, m0n0wall seems to be stable enough for "production" use at home (I had development versions running for weeks, transferring gigabytes of data without any problems), but as always: YMMV. Also, I won't make any promises concerning security (who can, anyway?). I'm grateful for feedback, bug reports (especially with fixes ;), suggestions etc. (please check the wishlist first before submitting feature requests). Also, please bear in mind that since this is a spare-time project, it may take awhile for new versions to be released. And yes, of course, m0n0wall is free software and open source (as if I had a choice with PHP ;) under the BSD license. Greets, Manuel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Feb 18 16:48:11 2003 Delivered-To: freebsd-small@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 45D3A37B401 for ; Tue, 18 Feb 2003 16:48:09 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC30743F93 for ; Tue, 18 Feb 2003 16:48:08 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.3/8.12.3) with ESMTP id h1J0m395008000; Tue, 18 Feb 2003 16:48:03 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.3/8.12.3/Submit) id h1J0m3vE007999; Tue, 18 Feb 2003 16:48:03 -0800 (PST) (envelope-from rizzo) Date: Tue, 18 Feb 2003 16:48:02 -0800 From: Luigi Rizzo To: soekris-tech@lists.soekris.com Cc: small@freebsd.org Subject: summary and patch for CF problems in booting the 4501 Message-ID: <20030218164802.A484@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, recently I encountered problems in booting the Soekris4501 (bios 1.00a and 1.10) with some new CF cards (64MB and 256MB, respectively, made by Samsung). The same CF cards work fine when mounted on IDE-CF adapters to boot a desktop PC. After some investigation which consumed the best part of the day, it turned out that the 4501 seems to have problems reading multiple sectors at once on those particular CF cards (which is curious, because I have booted successfully the soekris box with other 64M cards). I am unclear on where the problem is -- maybe the BIOS and the CF disagree on the geometry, though the problem still occurs on a 29-sector file (the natsemi.lzrom etherboot code) which seems to fit in the first track. A quick and dirty patch to fix the problem in the FreeBSD loader (boot1) and the Etherboot loader (boot1a.bin) consists in forcing the loader to load one sector at a time. Fortunately the code is already structured to support something similar on crossing track boundaries, so it suffices to replace the sequence: jb read.2 # this movb %ah,%al # track with the sequence movb $1, %al nop nop right before the 'read.2' label. The string to be replaced is \0162\02\0210\0340 and the replacement is \0260\01\0220\0220 A binary patch is the following (the location of the code changes in /boot/boot1 and /boot/boot1a.bin): ofs=328 # for boot1 ofs=335 # for boot1a.bin file="/boot/boot1a.bin" sh -c "echo -e '\0260\01\0220\0220'" | \ dd of=${file} bs=1 count=4 oseek=${ofs} conv=notrunc I am not sure if this is a complete fix, i.e. there might be other parts of the kernel which use the BIOS to access the CF loading multiple sectors at once. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message From owner-freebsd-small Tue Feb 18 19: 2:29 2003 Delivered-To: freebsd-small@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4FDE437B401 for ; Tue, 18 Feb 2003 19:02:28 -0800 (PST) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id B83AE43F85 for ; Tue, 18 Feb 2003 19:02:27 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 88199 invoked from network); 19 Feb 2003 03:02:26 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by 0 with SMTP; 19 Feb 2003 03:02:26 -0000 Message-ID: <3E52F3C2.3000509@tenebras.com> Date: Tue, 18 Feb 2003 19:02:26 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.3a) Gecko/20021212 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Luigi Rizzo Cc: soekris-tech@lists.soekris.com, small@freebsd.org Subject: Re: [Soekris] summary and patch for CF problems in booting the 4501 References: <20030218164802.A484@xorpc.icir.org> In-Reply-To: <20030218164802.A484@xorpc.icir.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-small@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi Rizzo wrote: > After some investigation which consumed the best part of the day, > it turned out that the 4501 seems to have problems reading multiple > sectors at once ... Reading multiple sectors at once violates the INT13 Boot std. But you knew that. > ...on those particular CF cards (which is curious, > because I have booted successfully the soekris box with other 64M > cards). > I am unclear on where the problem is -- maybe the BIOS and the CF > disagree on the geometry, though the problem still occurs on > a 29-sector file (the natsemi.lzrom etherboot code) which > seems to fit in the first track. > > A quick and dirty patch to fix the problem in the FreeBSD loader > (boot1) and the Etherboot loader (boot1a.bin) consists in forcing > the loader to load one sector at a time. Thanks, Luigi, we've been waiting for this. I now have twice as many useful CFs as I did before. ;-) Can you get this committed, and when's the MFC? ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-small" in the body of the message