Getting Small with Linux, Part 3

Specialization in the world of tiny Linux.

If you think the title of this week's "Corner" sounds like the introduction to a nature program, it's because I am trying to make a point. When we start building micro versions of just about anything, we start asking the question, "What do I really want this thing to do?" This is true even with Linux, although I hope my last two articles have shown you just how much a little can be.

This time around, I want to talk about some of those specialized applications. The real power of Linux is as a network operating system. When dealing with Linux and the impressive group of (occasionally hyperactive) developers out there, anything is possible. Sure, you can play Civilization: Call to Power; and Quake on Linux, but the real reason Linux is so cool is not because it plays well, but because it works well. Better yet, it networks well. Allow me to present today's micro contenders as examples. But first, a question.

How would you like to save a couple thousand dollars on that new firewall/router by making use of that old 486 SX/25 you've got lying around? What? You took out the hard drive? No problem; we don't need it. Yes, those old Ethernet cards will do just fine.

In the blue corner, weighing in at one diskette, is the Linux Router Project. This single-floppy distribution is designed to be used for building inexpensive routers, terminal servers and just about anything else. Not everything will work off the pre-built floppy, but quite a bit will. Before I get into the nitty-gritty, let me point you to their web site at http://www.linuxrouter.org. There, you will find that for the developers of the Linux Router Project, doing what they do is partly a technology thing and partly a cause. As evidence, the subtitle on the main page of the web site: "Embedding the bird for the sake of all humanity."

Preparing a copy of LRP will require some background work if you want to make the diskette yourself and customize the components up front. The easiest thing by far (particularly if you want to test-drive LRP) is to download a complete boot image, and install that on your PC. On the web site, you will also find packages for things like ppp or ssh, the secure shell.

The latest image can be found in the download section by choosing your favorite mirror and clicking your way down the directories to dists/2.9.4, which is the release number I downloaded. Now, ignore the shiny lights all around, promising you bigger (smaller?) and better things, and grab the image named idiot-image_1440KB_2.9.4 (ouch!!) and download it.

Creating your boot diskette from this is simple.

   dd if=idiot-image_1440KB_2.9.4 of=/dev/fd0

When the process is complete, simply take your diskette, put it in an old 486 and reboot. The catch is that this disk may not have what you need in terms of drivers. To get those drivers, you'll have to create your own LRP package with the things you need. For instance, I wanted to set up a router that used a PPP connection and had 3c59x drivers for my Ethernet card. If I did an ls on /lib/modules, I found nothing. There's some strange black magic associated with creating this bundle, but the Project provides help. Here's the scoop.

Go to http://www.linuxrouter.org/modmaker/2.0.36.phtml (did I mention LRP runs a 2.0.36 kernel?) and choose the modules you need by clicking on them in the provided list. Then, click on the "Create modules.lrp file" button. This is pretty cool, and will save you from premature hair loss. The next step is to right-click on the "modules.lrp" link in your browser, and save the file. Here's another good piece of advice: make sure you pick up the accompanying Linux kernel at the same time. I chose the link that gave me a kernel with co-processor support, and saved it to disk as 2.0.36-LRP.FPU-EMU.zImage.

The next trick is getting these files on the diskette so we can use them. To do that, mount the diskette as a file system on your current Linux system in this way. Note that you may have to create the mount point as well. For example:

     mkdir /mnt/floppy
     mount -t msdos /dev/fd0 /mnt/floppy

Now it's just a matter of copying the files to their proper place, overwriting any existing file with the same name. The kernel needs to live on the diskette as "linux".

     cp 2.0.36-LRP.FPU-EMU.zImage /mnt/floppy/linux
     cp modules.lrp /mnt/floppy/modules.lrp

Take the diskette (with all your needed kernels) and boot your router. You get a nice login prompt, where you can type root (without password, initially). The first thing you see is a configuration menu which, among other things, lets you back up your RAM image so that any changes you make can be saved to the diskette. Pressing q will drop you to a command prompt. That menu, by the way, can be called up at any time with the command lrcfg.

You will want to set IP addresses, which you can do under the "Network Settings" menu. I chose "direct configuration from the next menu. You'll notice that you also have the option to create simple firewall rules with hosts.allow and hosts.deny, using the same menu. (For an explanation of these files and their configuration options, check out my "Thwarting the System Cracker" series.) When you've set what needs to be configured, drop back to the shell.

Wait--there's just one more thing to do. In order for the modules to be loaded at boot time, you need to do some configuration to /etc/modules using the edit command provided on the diskette. The format is pretty simple. For the items you want loaded automagically at boot time, simply uncomment the lines by removing the hash-mark/octothorp at the beginning of the appropriate line. Modules are loaded with insmod and not modprobe, in case you are trying to do these manually.

What you can do with LRP is entirely up to you and your imagination. I set LRP up for a PPP connection through a modem, and configured a single Ethernet card talking to my network. You can create a stand-alone firewall by using two Ethernet cards. One really cool use of LRP (mentioned in the web site's documentation) can be found at http://water.gbasin.net. It's the official web site of the Sevier River Basin in Central Utah. What makes this site really interesting is that it runs a "solar powered, spread spectrum, radio connected LRP box". I think this deserves some kind of "coolness" award for inventive use of a micro Linux. The site uses webcams to visually update interested parties (presumably in the Sevier basin) every 10 minutes. Check it out.

Our next contender is Coyote Linux, available at http://www.coyotelinux.com. This mini-distro is also derived from the work of the Linux Router Project, but adds its own twist to the whole LRP idea. First of all, the kernel is more up-to-date at version 2.2.14, whereas LRP is still running 2.0.36 (2.2.14 is under development for LRP, though). The more up-to-date kernel means that Coyote uses ipchains to create firewall rules, rather than ipfwadm as with LRP. Coyote makes the whole modules thing a bit easier, as well. I'll explain shortly.

Coyote Linux provides a freeware version as well as a commercial product. The commercial product and the freeware version are more or less the same when it comes down to the actual booted router. The real difference is that the commercial version is designed for Windows users. It comes on CD-ROM and has a nice Windows-style wizard with a question-and-answer session, which ends up creating the actual Coyote disk. Someone using that other operating system can now create a Linux firewall and router without the need of a Linux server or workstation.

For those of you who already run Linux on PCs or servers, the freeware version will not give you any problems. Just download the latest version from the web site. I picked up the file coyote-1.13.tar.gz and extracted it onto my system.

   tar -xzvf coyote-1.13.tar.gz

To create your coyote disk, you change to the newly created directory and execute the makefloppy.sh file.

   cd coyote
   ./makefloppy.sh

In a relatively friendly (non-graphic, as in the "other OS" version), you will be asked for your network settings, IP address of your Ethernet interfaces, gateway addresses, DNS info, whether you want DHCP and so on. Now comes the easy module part: what modules you need included in order to load your network drivers. I told the script "3c509", and the module was automatically built in to my diskette image. (Like LRP, there are other packages you can specify as well.) After you have answered all the questions, Coyote's install script formats your diskette and creates the images for you. Voilà! That's it. Load it in to your old 486 hardware, and boot.

Once your new Linux router is built, you'll find a few more options in the lrcfg menu and a slightly different way of doing things, but all in all, if you've used LRP, the territory is similar.

Both LRP and Coyote have support discussion groups where you can get your questions answered, and there's a fairly large community of people who will answer your questions (this is Linux, after all). When it comes to price, a router built from old PC hardware and Ethernet cards can't be beat. Heck, you don't even need a hard drive. The fact that you can remove the diskette after the system is up and running means you can be pretty sure your system won't be cracked and later used for evil purposes. LRP and Coyote are definitely worth a look.

Whoa! Is it that time already? Next time around, we'll grow out of the single-diskette world and see just how small we can keep things while offering a full-featured Linux distribution. Until then, remember, even the littlest Linux can measure up.

Author's note: Shortly after this article came out, I was informed by one of the LRP members that the Linux Router Project is running a much more up-to-date version of their web site at http://lrp.c0wz.com/.

Besides being more up to date, you'll find many more links and information documents regarding LRP. It is also recommended that you consider joining the mailing lists for further help.

-- Marcel

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix