[ previous ] [ next ] [ threads ]
 
 From:  Steve Bertrand <iaccounts at ibctech dot ca>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re: Does system run in memory, or on disk...
 Date:  Thu, 21 Aug 2008 13:51:38 -0400
Lee Sharp wrote:
> Steve Bertrand wrote:

>> "Does anyone know whether the above mentionned bsd systems boot to a 
>> ram disk or keep their filesystem on teh flash/disk? "

> However, that disk is only accessed during system load, 
> and config saves.  While the disk device "could" be removed, any config 
> file operations would error out.  

This is what I thought, and exactly what I was looking for.

>> Any feedback would be greatly appreciated. Even if m0n0 doesn't run 
>> from memory at this time, has anyone successfully completed the 
>> objective of having the ability to go against this, and removing the 
>> boot medium and running solely from memory? I do this now with all of 
>> my FreeBSD routers. If this can't be done at this time, what is the 
>> limitation?
> 
> As stated above...  But why would you want to do this?

Well, there are a few instances I've found this handy:

- removal of the boot/config medium to load up multiple units with the
same/very similar functions in sequence without having several boot medium

- if only one interface is available for boot media, the ability to
remove the media and insert a second one to load up a
different/additional config information

- again, if only one interface, the ability to remove the media to
insert a secondary one to load security keys, so in the event the device
is stolen, the security/auth keys are not all on the boot device

- (leaning toward servers a bit now) having /boot and encryption keys on
a flash (USB key etc) to boot a system in which all of the partitions
are encrypted with GELI (or the like), and removal/safe storage of the
boot media will ensure the system will not boot, nor the data accessible
at all if the box is stolen

>> I like m0n0, and from the standpoint of an ISP op, it has promise as a 
>> good ADSL CPE (especially with IPv6). Someone needs to 
>> standardize/invest on a cheap piece of plastic to put it in for 
>> production commercial sales.
> 
> Does that mean you have a FreeBSD supported ADSL interface we can use? 
> There are lots of small box form factors supported allready.

Hmmm...interesting point. I don't believe I do, however, I do have
numerous brands of ADSL modem/gateway devices that if I knew how to
flash would give it a try :)

We generally source our ADSL CPE from two suppliers. One of them is
quite good at implementing firmware hacks/requests for us, but certain
things they haven't touched yet (namely IPv6).

If anyone is actually interested in trying to flash some of said
modem/gateway devices (four Ethernet ports, some also with wifi), I'll
be glad to donate the gear.

> There was a BGP patch a while ago, and there was the m0n0wall router 
> project as well.   Both "died on the vine" from lack of interest. 

Ok, I see. I personally favor CLI interfaces on infrastructure hardware,
and avoid GUIs entirely. For our resi subs, our guys configure the ADSL
gear in-house and provide it to the client pre-programmed and
non-modifiable to save on support calls.

Our larger business clients (bonded HSA, 100Mb Ethernet etc) typically
have a say in how things are configured if it's our gear, and others
manage their own gear. Of these clients, < 1% use anything but a GUI.

These boxes:

http://www.mikrotikrouter.com/

...work fantastically well with my own custom FBSD/Quagga installs for
distribution & access layer devices, but wouldn't ship them to clients
only because then I'd generally be the only one who could maintain it.

If it ran m0n0, the client could manage it themselves. This is why I was
inquiring about BGP capabilities.

> However, you can disable NAT and use it as a full router now, just 
> without BGP, RIP or any other "automatic" routing.

Since I haven't used m0n0 in quite some time, I haven't really been
following progress too closely. Hence, I did not know that NAT could be
disabled.

That is perfect. I'm going to have one of the guys crack open a couple
of modems this afternoon to see if there is any way we can attempt to
flash them with a m0n0wall image.

Thanks for taking the time to explain.

Steve