Random Information ...others might find it interesting too.

OpenWRT on the Iomega iConnect

Introduction

I found these at sale about 3 years back and did a quick search about these boxes and it turns out that they are pretty decent hardware. Unfortunately these didn't get too useful as routers shortly after became more powerful and my intention quickly lost focus in favour to the routers. The iConnect was released back in 2000 and recieved updates the following 2 years so the firmware isn't exactly "fresh". I did however setup one as a NAS about 2 years back and it's been doing fine but the software is getting really dated. I did however make short (and cryptic) notes about how to flash this thing using OpenWRT.

Prerequisites

  • USB flash drive (128Mbyte minimum) - FAT16 or FAT32
  • OpenWRT U-Boot and image (openwrt-kirkwood-iconnect-u-boot.kwb , openwrt-kirkwood-iconnect-rootfs.ubifs) - Copied on the flash drive
  • Serial to USB (TTL) adapter, or a native serial port
  • Philips-head screwdriver
  • Terminal app such as PuTTY

Preparations

  • Open the case (one screw under each rubber pad)
  • Gently pry the case open (no tools needed)
  • Connect your serial cable/adapter (115200 baud)
    Pinout: 1 (near the end): VCC, 2 TX (connect RX), 3 GND, 4 RX (connect TX)
  • Copy u-boot and image to the USB flash drive

Installation

  • Enter U-Boot
  • Save the MAC address (ethaddr)
    printenv
U-Boot 2010.09 (Feb 16 2012 - 03:17:03)
Iomega iConnect Wireless

SoC:   Kirkwood 88F6281_A0
DRAM:  256 MiB
NAND:  512 MiB
In:    serial
Out:   serial
Err:   serial
Net:   egiga0
88E1116 Initialized on egiga0
Hit any key to stop autoboot:  0
Marvell>> printenv
bootcmd=${x_bootcmd_kernel}; setenv bootargs ${x_bootargs} ${x_bootargs_root}; ${x_bootcmd_usb}; bootm 0x6400000;bootdelay=3 baudrate=115200 x_bootargs=console=ttyS0,115200 mtdparts=orion_nand:1M(u-boot),3M@1M(kernel),32M@4M(rootfs),475M@36M(data)x_bootcmd_kernel=nand read 0x6400000 0x100000 0x300000
x_bootcmd_kernel=nand read 0x6400000 0x100000 0x300000
x_bootcmd_usb=usb start
x_bootargs_root=root=/dev/mtdblock2 rw rootfstype=jffs2
ethact=egiga0
ethaddr=00:D0:B8:0D:FF:FF
filesize=9E0800
stdin=serial
stdout=serial
stderr=serial

Environment size: 481/131068 bytes
  • Start the USB subsystem
    usb start
(Re)start USB...
USB:   Register 10011 NbrPorts 1   
USB EHCI 1.00   
scanning bus for devices... 3 USB Device(s) found   
       scanning bus for storage devices... 1 Storage Device(s) found
  • Load U-Boot into memory
    mw 0x0800000 0xffff 0x100000 ; fatload usb 0 0x0800000 openwrt-kirkwood-iconnect-u-boot.kwb
reading openwrt-kirkwood-iconnect-u-boot.kwb
456776 bytes read
  • Delete currently installed U-Boot
    nand erase 0x0 0x100000
NAND erase: device 0 offset 0x0, size 0x100000
Erasing at 0xe0000 -- 100% complete.
OK
  • Write loaded U-Boot
    nand write 0x0800000 0x0 0x100000
NAND write: device 0 offset 0x0, size 0x100000
 1048576 bytes written: OK
  • Restart
    reset

  • Boot into U-Boot again

  • Reset settings to default
    env default -a

## Resetting to default environment
  • Set MAC-address (your own)
    setenv ethaddr 00:D0:B8:0D:FF:FF

  • Save
    saveenv

Saving Environment to NAND...
Erasing NAND...
Erasing at 0xe0000 -- 100% complete.
Writing to NAND... OK
  • Wipe firmware arena
    nand erase 0x200000 0x1fe00000
NAND erase: device 0 offset 0x200000, size 0x1fe00000
Erasing at 0x1ffe0000 -- 100% complete.
OK
  • Create flash UBIFS
    ubi part root ; ubi remove rootfs ; ubi create rootfs
UBI: attaching mtd1 to ubi0
UBI: scanning is finished
UBI: empty MTD device detected
UBI: attached mtd1 (name "mtd=3", size 510 MiB) to ubi0
UBI: PEB size: 131072 bytes (128 KiB), LEB size: 129024 bytes
UBI: min./max. I/O unit sizes: 2048/2048, sub-page size 512
UBI: VID header offset: 512 (aligned 512), data offset: 2048
UBI: good PEBs: 4080, bad PEBs: 0, corrupted PEBs: 0
UBI: user volume: 0, internal volumes: 1, max. volumes count: 128
UBI: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 0
UBI: available PEBs: 3996, total reserved PEBs: 84, PEBs reserved for bad PEB handling: 80
Volume rootfs not found!
No size specified -> Using max size (515579904)
Creating dynamic volume rootfs of size 515579904
  • Start the USB subsystem
    usb start
(Re)start USB...
USB:   Register 10011 NbrPorts 1   
USB EHCI 1.00   
scanning bus for devices... 3 USB Device(s) found   
       scanning bus for storage devices... 1 Storage Device(s) found
  • Load firmware and write to NAND (one line)
    fatload usb 0 0x800000 openwrt-kirkwood-iconnect-rootfs.ubifs ; ubi write 0x800000 rootfs ${filesize}
reading openwrt-kirkwood-iconnect-rootfs.ubifs
22579200 bytes read in 1179 ms (18.3 MiB/s)
22579200 bytes written to volume rootfs
  • Lastly reboot
    reset

All set! Happy hacking

How to block outgoing connections by default in OpenWRT using LuCI

Introduction

For some reason this common operation is undocumented and I'm quite sure I'm not the only one who wants to do this. I did try using the Zones section although that resulted in no traffic going anywhere.
Keep in mind that you still need to have firewall rules in place above this line if you want any outgoing traffic to be passed out such as http etc.

Instructions

  • Login and navigate using the Menu: Network --> Firewall and after that Traffic Rules
  • Go to "New forward rule:", name it WAN Block or whetever you prefer.
  • Enter the rest as below:
Restrict to address family: IPv4 and IPv6
Protocol: TCP + UDP
Match ICMP type: any
Source zone: lan
Source MAC address: any
Source address: any
Source port: any (empty)
Desination zone: wan
Destination address: any
Distination port any (empty)
Action: reject
  • Done

Remember that it should always be placed last.

OpenWRT on the Ubiquiti Networks EdgeRouter Lite

Introduction

As the EdgeRouter doesn't seem to get any love (QoS) on the FreeBSD project I decided to have a look at other software solutions and as I've previously have good experience with OpenWRT I decided go with it a try. Information is pretty sparse at the moment but I decided to write a few lines on how you write a bootable USB flash stick on FreeBSD. This actually fits within 128M but as I have no USB flash drives that small I ended up grabbing the smallest one I could find which was a 8Gb thumb drive. Do note that this does not need any modification of u-boot.

Prerequisites

  • USB Flash drive (128Mbyte minimum)
  • OpenWRT image (openwrt-octeon-erlite-sysupgrade.tar)

Instructions

  • Plug in the drive and run dmesg, at the end you'll see something like this
ugen3.2: <Verbatim> at usbus3
umass0: <Verbatim STORE N GO, class 0/0, rev 2.00/1.00, addr 2> on usbus3
umass0:  SCSI over Bulk-Only; quirks = 0xc100
umass0:10:0: Attached to scbus10
da8 at umass-sim0 bus 0 scbus10 target 0 lun 0
da8: <Verbatim STORE N GO 1.00> Removable Direct Access SCSI-2 device
da8: Serial Number 1226000000009999
da8: 40.000MB/s transfers
da8: 7645MB (15656960 512 byte sectors: 255H 63S/T 974C)
da8: quirks=0x2<NO_6_BYTE>
  • Let's have a look at the partition layout on da8
    gpart show /dev/da8
=>       1  15656959  da8  MBR  (7.5G)
         1        31       - free -  (16K)
        32  15656928    1  fat32  (7.5G)
  • Delete the FAT32 partition which has ID 1 (hence 1 before the filesystem)
    gpart delete -i 1 /dev/da8
  • Verify that it's deleted
    gpart show /dev/da8
=>       1  15656959  da8  MBR  (7.5G)
         1  15656959       - free -  (7.5G)
  • Delete the partition table
    gpart destroy /dev/da8
  • Create a new MBR partition table
    gpart create -s MBR /dev/da8
    da8 created
  • Create a 32Mbyte large partition for the kernel and align it to 1M
    Note: I don't think it matters in this case in terms of performance but why not since we have the space.
    gpart add -a 1M -t fat32 -s 32M /dev/da8
    da8s1 added
  • Just to be sure, make it active (bootable)
    gpart set -a active -i 1 /dev/da8
    active set on da8s1
  • Create a partition for the root filesystem, in this case 256Mbyte but you'll be fine with 64Mbyte if you have space constraints.
    gpart add -a 1M -t linux-data -s 256M /dev/da8
    da8s2 added
  • Generate (format) the FAT partition
    newfs_msdos /dev/da8s1
newfs_msdos: trim 16 sectors to adjust to a multiple of 63
/dev/da8s1: 65416 sectors in 8177 FAT16 clusters (4096 bytes/cluster)
BytesPerSec=512 SecPerClust=8 ResSectors=1 FATs=2 RootDirEnts=512 Sectors=65520 Media=0xf0 FATsecs=32 SecPerTrack=63 Heads=255 HiddenSecs=0
  • Extract firmware
    tar xf openwrt-octeon-erlite-sysupgrade.tar
  • Mount the FAT partiton
    mount -t msdosfs /dev/da8s1 /mnt
  • Copy kernel to the FAT partition, you also need to rename it to vmlinux.64
    cp ./sysupgrade-erlite/kernel /mnt/vmlinux.64
  • Unmount the FAT partition
    umount /mnt
  • Write the root filesystem the second partition
    dd if=./sysupgrade-erlite/root of=/dev/da8s2 bs=1M
48+0 records in
48+0 records out
50331648 bytes transferred in 7.267285 secs (6925784 bytes/sec)

All set, just plug it in the EdgeRouter

Running Debian on FreeBSD using bhyve

As I do run OpenWRT on a few devices that FreeBSD doesn't run on I always had to keep a Linux based operating system around as OpenWRT doesn't really work well on FreeBSD even though "it should" and ongoing work is being done in that department. You can get the bare distribution to compile but as soon as you try to build third party applications you're in for a not so nice treat. So far I've used VirtualBox and VMware Player on my work laptop as VirtualBox on FreeBSD is clunky compared to Windows and requires quite a bit of work to make it somewhat usable. While bhyve was announced in FreeBSD 10 as stable I felt that it never really was and all machines that was capable still ran 9.X so I decided to wait until FreeBSD 10.1 was released to give it a go. While it isn't the most user-friendly solution around it works surprisingly well for being still in very active development. Documentation is still a bit light but I managed to get it all working thanks to a few tutorials and the virtualization mailling list.

Notes: You are adviced to create a separate directory to put everything in, also running this as root user is required. Following this will create a virtual machine with 40Gbyte disk space, 2 CPUs and 768Mbyte of RAM.

  • First you need to install grub2-bhyve as bhyve can't boot Linux on its own
    cd /usr/ports/sysutils/grub2-bhyve && make install clean
  • Download the distribution you want to run, in my case Debian
    fetch http://ftp.no.debian.org/pub/Linux/debian-iso/7.7.0/amd64/iso-cd/debian-7.7.0-amd64-netinst.iso
  • Create a file which will act as your VMs hard drive (40G in my case)
    You can use truncate but it'll cause more fragmentation
    dd if=/dev/zero of=./debian-buildbox.img bs=1M count=40960
  • Load modules for networking and virtualization
    Note: If you're using GENERIC kernel this are all included by default
kldload if_tap  
kldload if_bridge
kldload vmm
kldload nmdm
  • Enable networking
sysctl net.link.tap.up_on_open=1
sysctl net.inet.ip.forwarding=1
  • Create a network interface for the VM (em1 being my network card)
ifconfig tap1 create
ifconfig bridge0 create
ifconfig bridge0 addm tap1 addm em1 up
  • Create a file called device.map containing the paths to HDD image file and ISO file
echo "(hd0) ./debian-buildbox.img" > device.map
echo "(cd0) ./debian-7.7.0-amd64-netinst.iso.iso" >> device.map
  • Run the bootloader
    Here you'll see a menu, select install and you'll be back at the prompt after a few secs
    grub-bhyve -m device.map -r cd0 -M 768M debian-buildbox
  • Launch the virtual machine
bhyve -A -c 2 -m 768M -H \
-s 0:0,hostbridge \
-s 1:0,lpc \
-s 2:0,virtio-net,tap1 \
-s 3,ahci-hd,debian-buildbox.img \
-s 4,ahci-cd,debian-7.7.0-amd64-netinst.iso \
-l com1,/dev/nmdm0A debian-buildbox
  • Run the installer and when it's going to reboot you'll be back at the prompt shortly after
  • Close the VM
    bhyvectl --vm=debian-buildbox --destroy
  • Tell bhyve to boot from the HDD
    grub-bhyve -m device.map -r hd0,msdos1 -M 768M debian-buildbox
  • Launch the virtual machine
bhyve -A -c 2 -m 768M -H \
-s 0:0,hostbridge \
-s 1:0,lpc \
-s 2:0,virtio-net,tap1 \
-s 3,ahci-hd,debian-buildbox.img \
-l com1,/dev/nmdm0A debian-buildbox

Unless something went wrong you can access your Linux OS using serial device /dev/nmdm0B
cu -l /dev/nmdm0B -s 9600

Enjoy!

Home