[ previous ] [ next ] [ threads ]
 From:  Michael DeMan <michael at staff dot openaccess dot org>
 To:  <list at m0n0wall dot neon1 dot net>
 Subject:  Re: [m0n0wall] MiniBSD binary (was: LAN - DMZ - WAN Firewall rules
 Date:  Tue, 22 Apr 2003 11:08:29 -0700

An imaging building website would be darn cool, but more work.

We use a fat version of miniBSD so we can treat the units as little UNIX
boxes as much as possible.  Having ssh, perl and other stuff makes the image
a lot bigger, but is very handy to have.

From what we can tell, there are two key targets for what we use them for...

A) Customer appliances.  m0n0wall type image is perfect.  Keep it simple,
don't let the customer mess things up.

B) routers/appliances we manage.  Frequently we need to do things like
support 40+ VLANs (and 40+ bpf for DHCP), multiple WiFi interfaces with
complex routing, etc.

For the (B) version above, we include rsync, snmp, ssh, zebra (ospf).  We
even have sendmail and perl so that if the units behave strange (process
dies, WiFi interface signal quality drops), we get an e-mail notification
and the system can recover itself when possible.

At least from my perspective, the ideal would be both a slim and fat

Slim = roughtly what m0n0wall has now, with only what is necessary to
support features configured through the UI.  Root filesystem is in memory.

Fat = loaded up with extras.  Image is larger, but with the price of compact
flash nowadays it doesn't really matter.  Root file system is on compact
flash.  The 'extras' are configured via SSH and default is to not run them.

Fat version is handy for development, testing, and generally playing with.

So you're thinking that m0n0BSD = 'fat' version?

My 2 cents worth...

- mike

On 4/22/03 10:40 AM, "Manuel Kasper" <mk at neon1 dot net> wrote:

>> I would put forth a vote of YEA on the miniBSD binary.  It would allow us
>> to
>> get ahold of the "dough" of monowall, and users could form it into exactly
>> what they wish.
> OK, let the baking begin! ;) Seriously, I'm now convinced that providing a
> readymade image is a Good Idea [tm] - better than stuffing m0n0wall with
> things I don't really like to see in it (like SSH) for fear that users
> would have to work against the system rather than with it when
> customizing. Besides, being able to work with a more or less standard
> FreeBSD system (albeit stripped of unnecessary frills, but not as
> minimalistic as m0n0wall) means even less BSD-experienced people can take
> a stab at it, since there's excellent documentation (like the FreeBSD
> handbook). I'd try to make it fit on a 16 MB CF card. More ideas floating
> through my head... what about an automated image builder web site where
> you can check all the things you want (like MPD, DHCPD, etc.) and get a
> custom image? Wait, that would be too much of a luxury. ;)
> I've already found a name for it, too... "miniBSD" =~ s/i/0/g; -> m0n0BSD!
> That's it - I'll definitely take a look at it soon.
> - Manuel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: list dash unsubscribe at m0n0wall dot neon1 dot net
> For additional commands, e-mail: list dash help at m0n0wall dot neon1 dot net

Michael F. DeMan
Director of Technology
OpenAccess Internet Services
1305 11th St., 3rd Floor
Bellingham, WA 98225
Tel 360-647-0785 x204
Fax 360-738-9785
michael at staff dot openaccess dot org