Running Linux and Netfilter on Nokia IP Series Hardware
Now that we have Linux installed on the original Nokia disk, we can begin the process of customizing the installation to function on the Nokia hardware. The first step is to download and compile a custom kernel (see Resources). Boot into Linux on the desktop PC, login as root, gain network connectivity and download the latest stable kernel (2.4.20 as of this writing) from kernel.org. Extract the kernel tar archive and begin the compilation process with make menuconfig (possible because we installed the ncurses library) to configure the kernel build. It is important to ensure that only necessary portions of the kernel code are compiled into the resulting kernel binary. To this end, only the following features should be compiled in:
Processor type and features:
PCI device name database
System V IPC
Kernel support for ELF binaries
Enhanced IDE disk support
CMD640 chipset bugfix/support
RZ1000 chipset bugfix/support
Include IDE/ATA-2 disk support
Use multi-mode by default
Generic PCI IDE chipset support
Sharing PCI IDE interrupts support
Generic PCI bus-master DMA support
Intel PIIXn chipsets support
PIIXn Tuning support
Network packet filtering (replaces ipchains)
UNIX domain sockets
IP: Netfilter Configuration:
IP tables support
Connection state match support
Connection tracking match support
MASQUERADE target support
LOG target support
Network device support:
EtherExpressPro (eepro100, Becker driver)
Standard/generic serial support
Support for console on serial port
Ext3 journaling filesystem support
Virtual memory filesystem support
/proc filesystem support
Second extended fs support
After compiling the kernel with the standard make dep && make clean && make bzImage, our shiny new kernel should be around 610KB in size. Copy it to the /boot partition, configure LILO to see the new kernel binary and run lilo -t && lilo to reinstall LILO in the MBR.
By default the LILO boot loader does not send any kernel boot messages, init messages or system log messages over the serial port. Initially when we reinstall the IP330 drive back in the IP330, the only method we have available to interact with the machine is through the serial port. To configure LILO to send messages over the serial port, add the following line just before the timeout=50 line:
This instructs LILO to send messages out of /dev/ttyS0, which corresponds to serial port 0, at a speed of 9600 baud with one stop bit and no parity bits (see Resources). Also, there is no need to have LILO display the fancy semi-graphical boot message, so remove the message=/boot/message line. Now that we have finished editing /etc/lilo.conf, it is time to rerun lilo -t && lilo once more.
Configuring LILO to send messages over the serial port would not be of much use if, after the machine boots and init has run, there is no way to login. Therefore, we require init to spawn a getty process on /dev/ttyS0. Getty processes are spawned from the init process based on the /etc/inittab configuration file. The default Red Hat inittab file instructs init to start getty processes on ttys 1 through 6:
# Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6
Because there is no way to attach a keyboard to a Nokia IP330, all of these should be replaced with the following single line:
1:2345:respawn:/sbin/agetty -h ttyS0 9600 vt102
agetty, in contrast to mingetty, does not reference any configuration files and simply takes all configuration input from the command line. mingetty also is not suitable for use on serial lines, according to its man page.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Qt Company's Qt Start-Up
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide