The Linux Router Project

by David Cinege

If you build it, they will come... The following definition can be found at http://www.linuxrouter.org/; however, LRP needs a little more thorough explanation than this:

Linux Router Project (LRP) n. A networking-centric mini-distribution of Linux. LRP is small enough to fit on a single 1.44MB floppy disk, and makes building and maintaining routers, terminal servers, and typically embedded networking systems next to trivial.

LRP began because of my intense desire to learn Linux. After mutilating an installation of Slackware and actually installing Debian 1.0, I finally had a clue as to what was going on. I planned to dive deep into TCP/IP networking and decided I needed a dedicated Internet connection for which I would need a router. Of course, I could have bought a router, but that would have been too easy (beside, I am too cheap). So I said, “Hey, let's build one. That will be a great way to waste countless hours—oops, I mean learn Linux.”

In my travels for information on building a router with Linux, I could not actually find anyone who made what I had in mind. Either they were using a full distribution on a hard drive, or something on a floppy that was so minimal a second complete machine was needed to configure the disk. I decided to try to make this self-contained “mini-system” myself. I started with a minimal base install of Debian 1.1 which totaled around 35MB and began slashing (and fixing what I had broken) until it was down to around 3.2MB. This was small enough to fit on a 1.68MB floppy as a gzipped initrd image. It was not pretty, but it did the job as a router for my 33.6K line, which eventually progressed to ISDN.

After several months, I wanted to take what I had made and create a more generic system for other people to use. I put out the call on Usenet and a few private lists, then began a mailing list with a handful of interested people. The rest, as they say, is history. That mailing list now exceeds 600 names, and at least 25 new downloads of LRP are done each day. This is all with LRP still remaining mostly unadvertised.

My single-disk hack job has evolved into a modular micro-sized operating system. It makes a capable base platform for just about anything you could want to build for “light”, secure, efficient use: routers to terminal servers, mini web servers to DNS cache and even doorbells. (No, I am not kidding.)

LRP Defined

First, Linux Router is quite small. The base root file system is only 2.5MB and compresses down to 830KB. With the addition of a kernel, it easily fits on a 1.44MB floppy with several hundred kilobytes to spare for kernel modules and additional packages. A Zip or LS-120 will provide seemingly limitless space. Flash RAM can also be used and companies like Sandisk and M-Systems make Linux-capable products.

LRP's root file system is contained in a gzipped tar archive. The directories /etc (etc.lrp), /var/log (log.lrp) and /lib/modules (modules.lrp) are broken out into their own archives for easier backup. At boot, the Linux kernel dynamically creates a MINIX file system on /dev/ram0 and mounts it as / (root). It then extracts the root archive (root.lrp), storing it in the / directory, then proceeds to execute linuxrc. linuxrc sets up the base root file system (like creating /dev) and then attempts to mount the boot device and install any remaining packages (such as etc.lrp, log.lrp, and modules.lrp). The remaining bootup is noticeably similar to a typical full-sized Debian Linux install.

The system will be running solid state from the RAM disk. This means all changes you make will have to be backed up to the boot medium. This is not a difficult task, as it is all automated by scripts that can recreate the root and add-on packages from package listing files found in the /var/lib/lrpkg directory. lrcfg is a menuing system that gives you a nice interface to the package backup system as well as configuration files and (minimal) on-line help.

Note that LRP does not have to run from RAM. It is perfectly fine just to dump the root and package archives to a hard drive partition and bypass the “embedded” RAM disk features.

Included in LRP

If you should drop to the command line, you will find ash as your default shell. ash supports full Bourne shell scripting, and nearly the entire LRP base is fully customizable shell scripts. Moving around at shell level, it will be hard to tell you are not using a full distribution.

Some of the finer details include complete SysVInit, cron, libc6 (glibc) and sed. The system and binaries are generally kept up to date with the current Debian release. Over 60 commands are available in minimal or emulated form (using ash and sed): cat, cp, dmesg, dd, grep, cut, passwd, gzip, tar, tail, mnc (mini-netcat), et al. Of course, all standard and many extended networking commands and daemons are also available: route, netstat, ipfwadm, ipautofw, ipportfw, inetd, telnetd, tftpd, routed, et al. Anthony's Editor (ae) serves as your editor.

If this is not enough, you can also load Secure Shell, pppd 2.3.5, Portslave RADIUS client, gated, snmpd and others. Add-on packages such as minicom and bash 2.0 are also available. Add-on packages are installed once and merged with the root archive at back-up time, unlike full packages which are kept autonomous.

Slackware users can stuff in almost anything else by hand. Remember that LRP is real Linux—just smaller. It is capable of running anything a full-size distribution can run, given the libraries and space.

Uses of LRP

By design, LRP is meant for low-level networking applications. To this extent, the stock Linux 2.0 LRP kernel is compiled with almost all networking options and several enhancement patches (for example, ipportfw). Next is a short list of default functionality available in the base. Understand that these features apply to any interface type Linux can use, from modem to wireless T1.

  • Full IP routing with numberless IP and multiple IP interfacing

  • Complete firewalling and IP accounting

  • Traffic shaping (low-speed links)

  • IP and Port (TCP/UDP) redirection with transparent proxy and IP load balancing

  • Extended Common NAT (IP Masquerade) as firewall rules

  • Media insensitive interface load balancing (EQL)

  • RIP, OSPF, BGP and other routing protocols (via gated and other packages)

  • IPX and AppleTalk support

Past these core functions, a Linux Router unit is quite viable for many server applications. One of the most popular is using the Portslave RADIUS client software (pslave.lrp) to host inbound Internet access modem pools, which give you functionality like the popular Livingston Portmaster series. Bind is packaged (bind.lrp) and does a fine job as a secondary or even primary DNS. Boa (boa.lrp) and thttpd (thttpd.lrp) are both small web servers that will fit on a 1.44MB LRP disk. Apache, though not packaged right now, could be hand fit.

On the client side of things, the VNC package will give you a single-disk Windows terminal. XFree86 is not yet packaged, but it certainly will be, allowing easy creation of X terminals. Linux Router also makes a good base for workstations that mount their file system from remote NFS or SMB (Samba) servers.

Understand that Linux Router is not the solution to all your computing needs. You wouldn't want to use it as your primary web server if you are an Internet Service Provider, or as a kernel hacker's development machine. But for backup services or where feature requirements are very specific (and administration skills scarce), it makes an efficient and sound choice.

The Advantages of LRP

While a “minimal” install of Debian Linux may have well over 5000 files, you would be lucky to break 500 with a very feature-rich LRP. The impact of this on administration and security is obvious; the entire system can be backed up and restored in less than a minute.

This minimal footprint coupled with RAM disk operation adds up to a large performance increase in operation and decrease in required hardware. The most mediocre 16MHz 386SX with 8MB of RAM, a 1.44MB floppy and no video card can handle most people's needs for light routing jobs. Few will have a need to climb past a 486 class CPU; however, with low-end Pentium class machines being so inexpensive, it certainly makes sense to do so.

Furthermore, with this default RAM disk approach, it is very difficult to be left with an unusable system. File system get corrupted? Flash the power. Everything just crashed? Flash the power. Cracker break in? Install your backup (in 30 seconds) and flash the power.

The other advantage of running from a RAM disk that people seem to overlook is, generally, it cannot break. Let's say you have 250 workstations with one path to the outside world. Do you want that path to depend on a mechanical device like a hard drive? Probably not. How about if that router sits between you and your game of Quake? Definitely not.

Some of the many reasons to use LRP over other Linux systems: fully administrable via high-strength encryption using secure shell and secure copy (ssh, scp), a huge routing feature super set and open source. These are things most commercial solutions cannot touch.

Locating LRP

By now, I am sure you are probably excited to give Linux Router a try. Since it is now easier than ever to make a disk, you should do it.

All that needs to be done to get started is creating a file system and installing a boot loader on your boot medium. The most common choice for this is MS-DOS (FAT) and Peter Anvin's SysLinux. GRUB also makes a good boot loader. LILO is generally a poor choice, because unlike the former two, it cannot dynamically search for the kernel by name, and LRP does not have LILO available if you change kernels. Default syslinux.cfg and syslinux.dpy files are available at the LRP ftp site.

An LRP-capable kernel can be found in the kernel*.tar.gz archive. Choose an FPU (floating-point unit) or non-FPU kernel as needed and copy it to the disk as “LINUX”.

Copy the base and any additional packages; root.lrp, etc.lrp and log.lrp are required. modules.lrp is also needed if you are using a kernel with modules, as the provided LRP kernels do.

Finally, you must update the options passed to the kernel at boot time, commonly known as the boot loader's “append” line. A sample syslinux.cfg file looks like this:

display syslinux.dpy
append=load_ramdisk=1 initrd=root.lrp \
initrd_archive=minix ramdisk_size=4096 \ root=/dev/ram0
boot=/dev/fd0,msdos \
LRP=etc,log,modules

The options after append= will be common to any boot loader you use. The LRP-specific options are:

  • initrd_archive=minix: initrd_archive is a kernel feature that lets you use tar.gz archives instead of raw images. This kernel patch is required in order to use LRP.

  • boot=/dev/bootdev[,fs]: this is the device name you are booting from. It is the device which linuxrc will try to mount to install any remaining packages. Optionally, you can specify the file system for the mount attempt. The boot line is semi-optional. linuxrc has a back-up list of devices to try to mount. It looks at /proc/filesystems for available file systems. Using boot= speeds up the boot process and ensures a mount if you are using an odd boot device.

  • LRP=etc.lrp,log.lrp[,modules.lrp][,package1] [,package2]...: these are the packages linuxrc should try to load at boot time. Remember that root.lrp is loaded by the initrd facility of the boot loader, so etc and log are the first packages listed here.

If your goal is simply a 1.44MB LRP floppy, the FTP site contains a raw “idiot-image” of such a disk. It is fully prepared with syslinux and a non-FPU kernel; just use dd, cat or a similar utility to write the image to a floppy.

With your base prepared, you must add the needed kernel modules. Normally, one does this by booting the LRP disk, mounting a second floppy, copying the modules from that floppy to /lib/modules, editing /etc/modules and then using lrcfg to back up the modules package. Sound too hard? See http://www.linuxrouter.org/modmaker/ for a modules generation system. Just select the modules for the features and hardware you want; it will create a modules.lrp with the modules, their dependencies and an /etc/modules file configured to load all of them.

After boot and login, lrcfg will be started to help you get around to the files you need to edit. The configuration files for the base and packages are self-documented. You should be only a few minutes away from a working system.

Difficulty and Support

For a person with some UNIX networking experience, LRP is truly as easy as it sounds. However, it may be difficult for people who lack these basic skills. Still, it is not too intimidating and the average Linux, MS-DOS or MS Windows user has been known to tackle the entire task with no help.

The mailing list is capable of getting most people over any walls they encounter. If all else fails, both Paul Wouters ([email protected]) and I currently provide commercial support for those requiring extended help with their setup.

Commercial Products

Linux Router is known to be in use around the world. I know of several consultants who use it exclusively for networking their customers. It is also becoming popular with vertical applications and has been spotted in control systems and power switching stations.

Onyx Systems (http://www.onyxsys.com/) is developing a mid-range modular router and terminal server product based entirely on LRP. Look for it to appear about the time this article is published. This is the most adventurous application using Linux Router I have found (sort of a cross between a Cisco 2524 and Portmaster 3). It is also the first open-source product of its kind—how exciting! Keep it in mind when you need trusted hardware with commercial support.

Rumors are circulating that Corel has been thinking about a port of Linux Router to ARM for a FlashRAM-only NetWinder. This project sounds like it has many possibilities as well.

Development

At the time of this writing, 2.9.4 just went out as an unstable release, getting us a bit closer to a stable 3.0 release. I still handle all of the core LRP development myself and could use more people to help speed development of the base. Making LRP packages is quite easy, and I would like to see more people contributing them. If you have the skills and are interested in helping out, join the mailing list ([email protected]).

Resources

Dave Cinege ([email protected]) is an Electronics and Computers Engineer. He lacks anything even remotely resembling a social life. When not hacking (which is rare), he is generally reading technical books, spook lore or arguing the virtues of anarcho-capitalism. Aside from qualifying as a truly pathetic individual to the uninitiated, he is one of the most rounded jack of all trades you may ever find.

Load Disqus comments