> On Sunday 17 March 2002 09:26, Mike Noyes wrote: > > Everyone, > > I'm seeking a volunteer. :-) > > > > Would someone like to create an "Oxygen Installation Guide"? >
Lynn Avants wrote: > What kind of scope do you want with it? > > Just for future reference, on the top of my todo list, I plan on > doing a IPSec Quick-Start FAQ, a PacketFilter Quick-Start Guide, > and later on a Zebra FAQ (that would likely be used with Oxygen). > I won't say that I am the best person to do a well-rounded Oxygen > Guide, I think Matt and several others has much better experience > than I do with Oxygen. Sigh...I was on one death march at work and needed a firewall. So I decided to use Oxygen. Oh no! They say quick switch to this project and I said thank you may I have ten more. The last time I updated document was 6/28/2001. I was going to do double duty and use Oxygen and create an install document for LEAF at the same time. I thought my newbie Oxygen eyes might reveal something that I could provide as feed back to Dave Douthitt. Anyhow I present this as a possible starting place for "Oxygen Installation Guide". Sometimes its better to have a few scriblings to hack at than a blank page. Greg Morgan Firewall This captain�s log presents the steps to configure the firewall server for the hub. FireWall Hardware The firewall�s hardware is a Pentium II slot I PC running at 266MHZ on an Intel AL440LX main board; two Intel Network Interface Cards, NICs; one CDROM drive; two floppy drives; and 64MB of RAM. (Hey it was hardware going to surplus.) This is adequate (ok over kill) for Oxygen. A lessor machine could be used for Egerstien Beta II firewall. The main difference is the amount of RAM each LEAF firewall requires, IMHO. Here is what I did to configure the hardware. I placed the two floppies in with the primary drive at the top of the stack of two floppies. The twist in the floppy cable is connected to the primary drive. Floppy drives are referred to as /dev/fd0 = A:, /dev/fd1 = B:. I yanked the sound card out of the machine, and disconnected the sound cable from the CDROM drive. I made sure that the CDROM drive was configured as a master IDE device. Finally, I moved the CDROM from the secondary IDE header to the primary IDE header connector on the main board. Note the CDROM will now be /dev/hda = C: Here are some changes I made in the BIOS. First I made sure that both the floppy drives were enabled in the BIOS. /dev/fd1, B: had to be enabled. Moreover, I also made sure that the floppy drives were not write protected in the BIOS. The serial ports were checked. The secondary IDE controller was disabled since I had moved the CDROM to the primary IDE controller. This Intel main board had an ATX power supply configuration options. So I changed �Restore on AX/Power loss� to �Power on�. The �Power on� feature simulates the mechanical switch associated AT power supply. Once power is restored in an AT system, the system will reboot--that is when the power button is pushed in. For security purposes I set the power features of �On Modem Ring�, �On LAN�, and �On PME, Power Management Enable� to �Stay off�. The most critical of all these was �On LAN�. One of the NICs will be connected to the Internet after all. I disabled USB support. Even if a LEAF kernel had USB support compile in, the kernel would not detect USB because the main board would not make USB available to the kernel with this setting. Finally, �First Boot Device� was set to �Removable devices� i.e. floppies. �Second Boot Device� was set to �ATAPI CDROM Drive�. �Third Boot Device� was set to �Hard Drive�. Fourth Boot Device� was set to �Network Boot�. The RAM size allows me to tune how much space I will allocate to paritions /tmp, /var, and / (root), along with the RAM available to the operating system. Download Files Download the latest version of Oxygen and documentation from http://leaf.sourgeforge.net/. The documentation is located at http://leaf.sourceforge.net/content.php?menu=90001&page_id=7. The disk images are located at http://leaf.sourceforge.net/content.php?menu=90000&page_id=6. (The URLs could break in the future. If so use the main leaf URL above. ) The release at this writing, 6/18/2001, is oxygen-023901.bin. Files with oxygen as part of their name are known as the boot disk. Download the data disks from the same page as the Oxygen image. Here�s the list of files that that can be downloaded: oxygen-023901.bin = boot disk (required) Extras Disk URL = extra.bin Extras Disk 2 URL = extra2.bin Network Tools Disk 1 URL = network1.bin Network Tools Disk 2 URL = network2.bin Firewall Disk URL = firewall.bin System Rescue Disk URL = rescue.bin Extras Disk Self extracting = extras.exe Extras Disk 2 Self extracting = extras-2.exe Please note this caveat emptor from the web page: Notes About Data Disks If you are configuring a firewall, you should probably have almost nothing from the Network Tools Disks in your operating firewall system; these tools can be very useful to a systems administrator (read: very dangerous in the hands of a malicious cracker). Also, these disks are nothing more than 1.68M floppies with packages on them; you can create your own package set on 1.44M floppies just as easily. There is nothing special about these disks; they are just my concept of a "package set" that I thought would be useful. Select Disk Creation Style There are two sections following the Select Disk Creation Style section. The sections are �Creating Oxygen Disks on Linux�, and �Creating Oxygen Disks on Windows.� Pick one that suits your style. One section shows you how to create the disks from Linux and the other shows you how to create the disks from Windows. Creating Oxygen Disks on Linux Use the diskette formatting tool for Redhat Linux supplied by the Oxygen web page. Here�s the Linux script for reference from the leaf page. Note that the script is preconfigured to create 168M disks by the DISK=$DISK168M statement. The script was debugged by placing DISK in front of all the �M=/dev/fd0�.. statements. This will allow the disk to be verified much like Winimage has Compare disk option. Make sure that the records in and records out numbers match. #!/bin/bash # Ident: oxydisk (The name is mine Greg) # usage: oxydisk myimagefile.bin DISK168M=/dev/fd0u1680 DISK144M=/dev/fd0u1440 DISK172M=/dev/fd0u1720 # use the RIGHT disk device file for the size you want! DISK=$DISK168M # You could probably replace "fdformat" with "superformat" and # suffer no ill effects: fdformat comes with the Oxygen LRP. # fdformat appears to come with Red Hat; superformat appears to # come with the base Debian install. # NOTE: on Redhat 6.2 the following commands had to be issued # to support nonstandard floppy disks. The ls command was # used to verify that the owner and permissions of the new # /dev/fd0u1680 matched the other /dev/fd0* device files. # ls /dev/fd* # mknod /dev/fd0u1680 b 2 44 # ls -l /dev/fd* # chown root.floppy /dev/fd0u1680 # ls -l /dev/fd* # chmod ug+rw,o-rwx /dev/fd0u1680 # ls -l /dev/fd* fdformat $DISK # disk must be in the drive FIRST! # specify disk image file on command line dd if=${1?-no disk image specified!} of=$DISK Save this file to oxydisk on a Redhat machine. If you have another distribution that uses superformat, then change the line fdformat $DISK to superdisk $DISK. Issue commands in the note as root, if you do not have a /dev/fd0u1680 device file. Perform a ls /dev/fd* to see if the file is missing. I placed the oxydisk file in /usr/sbin. Change the file permissions so that the file is both executable and write protected with chmod a+rx, a-w oxydisk at the command prompt. You will need to perform this step as root. Change into the directory where you downloaded the bin files, and format the main Oxygen disk. For example you created an oxygen directory in your home directory to download the files. cd ~/oxygen oxydisk oxygen-xxxx.bin Replace xxxx with the current release that you downloaded. The output of the oxydisk command will look something like this Double-sided, 80 tracks, 21 sec/track. Total capacity 1680 kB. Formatting ... done Verifying ... done 3360+0 records in 3360+0 records out Make sure the both �records in� and �records out� numbers match. If they don�t you have a bad disk. At this point you may want to pop the main Oxygen boot disk into your router and see if the disk works properly. If so you�re ready to move on and format a companion data disk. Based on the needs of the your firewall, you will also want to format a data disk. You may want to create data disks for all the images so that you know what is available. Create each of the following desired disks while using these commands oxydisk extra.bin oxydisk extra2.bin oxydisk network1.bin oxydisk network2.bin oxydisk firewall.bin oxydisk rescue.bin You�re all done. Find the Configuring Oxygen section of this document to continue on with the Oxygen install. Creating Oxygen Disks on Windows Special Note 1: This procedure was tested on a Windows 2000 Professional machine with Service Pack two installed. The LEAF mailing lists have discussed problems with Winimage formatting disks under Windows 2000. If this test was performed on brand new hardware and Winimage 5.00.5000. The Help>About dialog also said the Winimage was running in �Windows NT mode.� If you experience problems under Windows 2000 use Windows 95, 98, or ME to perform these disk creation steps. Special Note 2: I did experience one disk failure under 2000. I interrupted the Winimage write process. The failure persisted even after I retried the Winimage write process. I finally repaired the disk by formatting it to the original 1.44MB size. I then proceeded with the Winimage write/compare process described below. You will need seven diskettes should you decide to prepare all the diskettes for the downloaded .bin files. Download winimage at http://www.winimage.com/download.htm. The release of winimage at this writing, 6/18/2001, is winima50.zip. Download winzip from http://winzip.com/, if you don�t already have a Windows archive utility on your PC, and installed winzip. The current release is winzip80.exe as of this writing, 6/18/2001. Execute winzip80.exe and follow the prompts. Register the product if you are going to use it long term. Create a folder for Winimage, say, winimage, with Windows Explorer. Execute Winzip and browse to where the winima50.zip file is located. Unzip the winimage archive into the folder you just created. Finally close Winzip. Find the Winimage program and execute it. Click File>Open on the main Winimage menu. Browse to the oxygen-xxxx.bin file. Replace xxxx with the current release that you downloaded. You will have to change the �Files of type� text box to look for �All files� to see the .bin files. Double click on the oxygen-xxxx.bin file. Click on the Disk>Use drive A: menu items to make sure that drive A is select. Now Click on Disk>Format Disk menu items. Click on the �Non-standard format� �1.68 MB� radio button followed by a click on the Ok button. Winimage is now merrily working away formatting a 1.68MB disk with the main Oxygen disk for your router. Once the disk has been created, use the Disk>Compare disk menu item to verify the large format of the disk. (You will use this paragraph for the other files below.) At this point you may want to pop the main Oxygen disk into your router and see if the disk works properly. If so you�re ready to move on and format a companion data disk. Based on the needs of the firewall, you will also want to format a data disk. You may want to create data disks for all the images so that you know what is available. Presuming you still have the main Oxygen disk image still open in Winimage, click on the File>Open menu items. Browse and create each of the following desired disks while using the procedure above: extra.bin, extra2.bin, network1.bin, network2.bin, firewall.bin, rescue.bin. You�re all done. Find the Configuring Oxygen section of this document to continue on with the Oxygen install. Configuring Oxygen David Douthitt is the lead developer of Oxygen. You can read his vision for Oxygen at http://www.mail-archive.com/[email protected]/msg02777.html. Moreover, you can read his development direction at http://www.mail-archive.com/[email protected]/msg02681.html. After the boot disk image starts up you will be presented with several options. These options allow great flexibility in tailoring your system. There are several functions keys that view readme oriented files: F1 oxygen.txt F2 oxygen.hlp F3 oxygen.apk F4 whatnot.txt Presently this discussion will focus on information presented on the F1 key screen. Hopefully, the discussion will cover topics on the F4 key screen and the readme.txt file. Selections (require about 26M each unless specified): <none> ......... boot only from boot disk floppy ......... boot from two floppies large .......... like floppy, but with 20M root (load in 32M) tiny ........... with 8M root (load in 16M) and disk in /dev/fd1 net ............ like large, but with network loading First question: �What is all this 26M this and 20M that concerned about? These options tell you how much physical RAM is required to create the Oxygen system. Once the Oxygen system is free of the floppy drive, the system is solid state and executes completely in RAM. Here�s what to select if you select each of these options. <none> floppy large tiny net What now? - A Quick and Dirty Guide Do the following: Boot using the boot disk and at least one other disk Configure system when requested Read the readme CAREFULLY! (located on the boot disk) Log in as root Configure using acfg Back up necessary modules (usually etc.lrp) _______________________________________________ Leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
