My Linksys router now runs Linux and almost provides PXE.

Thursday, 22 July 2010

I've been interesting in running Linux upon my router for a long time, but I never had a really compelling reason to do so. The potential for brickage was always too high to make me want to experiment for the sake of it.

However last night I installed Gargoyle upon my Linksys WRT53GL. Although I have no single compelling reason to do so there were a few things on my mind which made me risk it:

Syslog

I thought it would be nice to log things to my desktop machine.

QoS

I often run rsync to mirror my photographs, videos, and files, to off-site locations. These are then replicated via chironfs.

Being able to use QoS to prioritise SSH traffic, which is the transport I use for rsync, means I don't suffer from laggy connections.

Graphing & Statistics

Having statistics and traffic information is interesting.

Since I've only just installed it I've not had too much opportunity to experiment with it - and my initial forays were not so productive. For example "opkg install tcpdump" failed as the root filesystem wasn't big enough.

However which was to update the router to function as PXE server. I installed the tftpd server:

opkg install tftpd-hpa

Then I added this to /etc/dnsmasq.conf:

dhcp-boot=pxelinux.0,router.my.flat,192.168.1.1

Only after I'd done this did I realise two things:

  • I don't have the space on the router to host the pxelinux.0 file, and the associated Debian netboot installer.
  • Chances are I could just use the built-in TFTP support of dnsmasq. ("enable-tftp" + "tftp-root=/tmp/tftproot".)

Tomorrow, (after visiting the dentist. Uggh) I will experiment with this further. Right now it looks like I have two options:

  • NFS mount the TFTP root, but keep both DHCP+TFTPD running upon the router.
  • Configure the router to load the files from another machine, by updating dnsmasq.conf to read: dhcp-boot=pxelinux.0,random.host.name,192.168.1.xx.

Either way I have to store the files upon another host, due to the constrained space on the router's filsystem. So the question becomes "Which service should I run externally: TFPTD or NFS?".

Running TFTPD, upon my desktop, seems smaller, less of a security risk, and neater. Running TFTPD also avoids issues if I reboot both the router and my desktop at the same time as a stalling NFS mount could prevent a timely router-boot.

ObQuote: Looking for a secret door. Places like this always have a secret door.

- St Trinian's 2: The Legend of Fritton's Gold

| 8 comments.

 

Comments On This Entry

[gravitar] Josh Smith

Submitted at 21:52:04 on 22 july 2010

If you're playing around with network booting you should check out gpxe, it allows loading the kernel and etc over http or https instead of just tftp.

[author] Steve Kemp

Submitted at 23:21:32 on 22 july 2010

Thanks for the pointer. I'd heard of this before but it had slipped my mind. I've now chainloaded from pxelinux.0 -> udionly.kpxe, and made it load the squeeze installer via HTTP.

This is my dnsmasq:

enable-tftp
tftp-root=/tftproot
dhcp-host=00:23:54:18:A0:AC,gPXE-client,net:gPXE-testVM,192.168.1.100,10m
dhcp-boot=net:gPXE-testVM,undionly.kpxe
dhcp-userclass=gPXE-booted,"gPXE"
dhcp-boot=net:gPXE-booted,http://static.steve.org.uk/pxe/menu.cfg

/tftproot looks like this:

root@router:~# ls /tftproot/
pxelinux.0     undionly.kpxe

Which still gives me free space:

root@router:~# df -h
Filesystem                Size      Used Available Use% Mounted on
/dev/root                 2.2M      2.2M         0 100% /rom
tmpfs                     7.0M     60.0K      6.9M   1% /tmp
/dev/mtdblock/4           1.0M    432.0K    592.0K  42% /overlay
mini_fo:/overlay          2.2M      2.2M         0 100% /

Note: This only pxe-boots a single host - with the listed MAC address.

[gravitar] Clifford W. Hansen

Submitted at 07:09:16 on 23 july 2010

I currently setup a PXE server at home, am still in the process of writing the blog post ;)

I too have a WRT54GL and think this is an awesome idea, as for the free space issue, why not mod your router with the MMC mod (adding a memory card reader)
http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G-TM_SD/MMC_mod

I am wanting to do this mod, just haven't made the time yet.

Hope this helps ;)

[gravitar] jimcooncat

Submitted at 14:51:34 on 23 july 2010

A neat thing to do with this kind of setup is to cache your package downloads. I'm using apt-cacher on a separate server, and it's cut my lenny server install time down to 10 minutes!

It would be even better if there was a way to make Gargoyle (or whatever router you're using) to transparently proxy the debian repos. That way, if you install a laptop for a friend, you wouldn't have to monkey with proxy settings afterwards.

[gravitar] Josh Smith

Submitted at 15:07:07 on 23 july 2010

If you download some of the later (not sure which version of syslinux/pxelinux it was introduced in) there should be a gpxelinux.0 you can use for the boot file that is pxelinux and gpxe packaged together. The embedded gpxe isn't the latest but it usually gets the job done and makes things a bit simpler.

[gravitar] Debianero

Submitted at 02:30:26 on 24 july 2010

Hi Steve, what do you think about this announcement?

Researcher will enable hackers to take over millions of home routers.

It is more secure Gargoyle than, say, DD-WRT or OpenWRT?

[author] Steve Kemp

Submitted at 11:59:41 on 24 july 2010

That particular announcement seems to suggest changing the default password is all you need to do to thwart the attack - and certainly the Gargoyle interface made you do that the first time you logged in.

Mostly I guess all the distros are as secure as each other, they're running similar codebases in terms of the HTTPd, and sshd.

[gravitar] MrD

Submitted at 10:08:22 on 25 july 2010

Use "next-server" on dhcpd and skip nfs mount

 

Comments are closed on posts which are more than ten days old.

Recent Posts

Recent Tags