{"id":184,"date":"2018-04-28T22:23:13","date_gmt":"2018-04-28T21:23:13","guid":{"rendered":"https:\/\/www.fukr.org.uk\/?p=184"},"modified":"2018-06-20T15:31:35","modified_gmt":"2018-06-20T14:31:35","slug":"using-a-raspberry-pi-2-as-a-router-on-a-stick-starring-netbsd","status":"publish","type":"post","link":"https:\/\/www.fukr.org.uk\/?p=184","title":{"rendered":"Using a Raspberry Pi 2 as a Router on a Stick Starring NetBSD"},"content":{"rendered":"

A few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do?<\/p>\n

Why not make use of the Raspberry Pi 2 that I’ve never used and put it to some good use as a ‘router on a stick’.<\/p>\n

I could install a Linux based OS as I am quite familiar with it but where’s the fun in that? In my home lab I use SmartOS which by the way is a shit hot hypervisor but as far as I know there aren’t any Illumos distributions for the Raspberry Pi. On the desktop I use Solus OS which is by far the slickest Linux based OS that I’ve had the pleasure to use but Solus’ focus is purely desktop. It’s looking like BSD then!<\/p>\n

I believe FreeBSD is renowned for it’s top notch networking stack and so I wrote to the BSDNow show on Jupiter Broadcasting for some help but it seems that the FreeBSD chaps from the show are off on a jolly to some BSD conference or another(love the show by the way).<\/p>\n

It looks like me and the luvverly NetBSD are on a date this Saturday. I’ve always had a secret love for NetBSD. She’s a beautiful, charming and promiscuous lover(looking at the supported architectures) and I just can’t stop going back to her despite her misgivings(ahem, zfs). Just my type of grrrl!<\/p>\n

Let’s crack on.<\/p>\n

Download the image and install NetBSD on Micro SD card<\/h2>\n

On the OS of your choosing do something similar to the following<\/p>\n

wget http:\/\/cdn.netbsd.org\/pub\/NetBSD\/NetBSD-7.1.2\/evbarm-earmv7hf\/binary\/gzimg\/armv7.img.gz
\ngunzip armv7.img.gz
\ndd if=armv7.img of=\/dev\/<yourSDcard>
\nsync<\/code><\/p>\n

Boot up<\/h2>\n

Put the micro SD card in your RPI2 and power on, set a root password.
\nMake \/etc\/ssh\/sshd_config editable by issuing:<\/p>\n

armv7# chmod +w \/etc\/ssh\/sshd_config<\/code><\/p>\n

Open \/etc\/ssh\/sshd_config<\/code> for editing, uncomment and set
\nPermitRootLogin yes<\/code><\/p>\n

Lets try to create a VLAN interface<\/p>\n

armv7# ifconfig vlan101 create
\nifconfig: clone_command: Invalid argument
\nifconfig: exec_matches: Invalid argument<\/code><\/p>\n

Hmmm, I suspect VLANs are not enabled in the kernel, so we need to build a kernel with VLANs enabled<\/p>\n

Not Using RPI to build,\u00a0 too slow<\/h2>\n

Spin up a NetBSD VM in Virtualbox<\/p>\n

Download Kernel Source<\/h2>\n

Follow instructions from the NetBSD Guide:
\n30.3.1. Downloading sources for a NetBSD release<\/a><\/p>\n

I Dont think we needed xsrc.tgz but the others seem necessary for build.sh to work<\/p>\n

On with the build prep<\/h2>\n

build# mkdir \/usr\/obj<\/code><\/p>\n

The file \/usr\/src\/sys\/arch\/evbarm\/conf\/RPI2 includes code from RPI so we only need to edit that.<\/p>\n

build# vi \/usr\/src\/sys\/arch\/evbarm\/conf\/RPI<\/code><\/p>\n

Uncomment:<\/p>\n

#pseudo-device vlan<\/code><\/p>\n

Optionally uncomment:<\/p>\n

#pseudo-device pf
\n#pseudo-device pflog<\/code><\/p>\n

Lets build<\/h2>\n

build# cd \/usr\/src
\nbuild# .\/build.sh -m evbarm -a earmv7hf tools
\nbuild# .\/build.sh -m evbarm -a earmv7hf kernel=RPI2<\/code><\/p>\n

Upon a successful build you should see something like<\/h2>\n

===> Kernels built from RPI2:
\n\/usr\/src\/sys\/arch\/evbarm\/compile\/obj\/RPI2\/netbsd
\n===> build.sh ended: Sat Apr 28 19:21:38 BST 2018
\n===> Summary of results:
\nbuild.sh command: .\/build.sh -m evbarm -a earmv7hf kernel=RPI2
\nbuild.sh started: Sat Apr 28 19:14:29 BST 2018
\nNetBSD version: 7.1.2
\nMACHINE: evbarm
\nMACHINE_ARCH: earmv7hf
\nBuild platform: NetBSD 7.1.2 amd64
\nHOST_SH: \/bin\/sh
\nMAKECONF file: \/etc\/mk.conf (File not found)
\nTOOLDIR path: \/usr\/src\/obj\/tooldir.NetBSD-7.1.2-amd64
\nDESTDIR path: \/usr\/src\/obj\/destdir.evbarm
\nRELEASEDIR path: \/usr\/src\/obj\/releasedir
\nUpdated makewrapper: \/usr\/src\/obj\/tooldir.NetBSD-7.1.2-amd64\/bin\/nbmake-evbarm
\nBuilding kernel without building new tools
\nBuilding kernel: RPI2
\nBuild directory: \/usr\/src\/sys\/arch\/evbarm\/compile\/obj\/RPI2
\nKernels built from RPI2:
\n\/usr\/src\/sys\/arch\/evbarm\/compile\/obj\/RPI2\/netbsd
\nbuild.sh ended: Sat Apr 28 19:21:38 BST 2018
\n===> .<\/code><\/p>\n

Woohooo,we have a kernel<\/h2>\n

Now on our RPI2, we just rename the old kernel (kernel7.img) to something else and scp \/usr\/src\/sys\/arch\/evbarm\/compile\/obj\/RPI2\/netbsd.bin<\/code> from our build system to kernel7.img<\/code> in \/boot<\/code> on the RPI2.
\nReboot<\/p>\n

Test for vlan-ability<\/h2>\n

Try to create a VLAN Interface<\/p>\n

armv7# ifconfig vlan101 create # no errors? looking good!
\narmv7# ifconfig vlan101 vlan 101 vlanif usmsc0 # no errors? looking even better! lets check ifconfig
\narmv7# ifconfig vlan101
\nvlan101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
\nvlan: 101 parent: usmsc0
\naddress: b8:27:eb:43:4e:3f
\ninet6 fe80::ba27:ebff:fe43:4e3f%vlan101 prefixlen 64 scopeid 0x3<\/code><\/p>\n

Lets create another VLAN interface<\/p>\n

armv7# ifconfig vlan102 create
\narmv7# ifconfig vlan102 vlan 102 vlanif usmsc0
\narmv7# ifconfig vlan102
\nvlan102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
\nvlan: 102 parent: usmsc0
\naddress: b8:27:eb:43:4e:3f
\ninet6 fe80::ba27:ebff:fe43:4e3f%vlan102 prefixlen 64 scopeid 0x4<\/code><\/p>\n

Lets give the new interfaces IP addresses<\/h2>\n

armv7# ifconfig vlan101 inet 192.168.101.1\/24 up
\narmv7# ifconfig vlan102 inet 192.168.102.1\/24 up
\narmv7# ifconfig vlan101
\nvlan101: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
\nvlan: 101 parent: usmsc0
\naddress: b8:27:eb:43:4e:3f
\ninet6 fe80::ba27:ebff:fe43:4e3f%vlan101 prefixlen 64 scopeid 0x3
\ninet 192.168.101.1 netmask 0xffffff00 broadcast 192.168.101.255
\narmv7# ifconfig vlan102
\nvlan102: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
\nvlan: 102 parent: usmsc0
\naddress: b8:27:eb:43:4e:3f
\ninet6 fe80::ba27:ebff:fe43:4e3f%vlan102 prefixlen 64 scopeid 0x4
\ninet 192.168.102.1 netmask 0xffffff00 broadcast 192.168.102.255<\/code><\/p>\n

Of course this wont persist a reboot<\/p>\n

Create \/etc\/ifconfig.vlan101<\/code> with the contents<\/p>\n

create
\nvlan 101 vlanif usmsc0
\ninet 192.168.101.1\/24 up<\/code><\/p>\n

Create \/etc\/ifconfig.vlan102<\/code> with the contents<\/p>\n

create
\nvlan 102 vlanif usmsc0
\ninet 192.168.102.1\/24 up<\/code><\/p>\n

Set up packet forwarding<\/h2>\n

Check whether packet forwarding is enabled by issuing:<\/p>\n

armv7# sysctl net.inet.ip.forwarding
\nnet.inet.ip.forwarding = 0<\/code><\/p>\n

Hmmm, it isn’t<\/p>\n

armv7# sysctl -w net.inet.ip.forwarding=1
\nnet.inet.ip.forwarding: 0 -> 1<\/code><\/p>\n

Now it is but that’s fine for testing, lets make it permanent by adding the line:<\/p>\n

net.inet.ip.forwarding=1<\/code><\/p>\n

to \/etc\/sysctl.conf<\/code><\/p>\n

Reboot and you should have vlan101, vlan 102 created with IP addresses and packet forwarding enabled. This is probably a good time to remove the remote access for root.<\/p>\n

And thanks to Andy Ruhl on the netbsd-users mailing list for the proof reading.<\/p>\n","protected":false},"excerpt":{"rendered":"

A few weeks ago I set about upgrading my feeble networking skills by playing around with a Cisco 2970 switch. I set up a couple of VLANs and found the urge to set up a router to route between them. The 2970 isn’t a modern layer 3 switch so what am I to do? Why […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[6],"class_list":["post-184","post","type-post","status-publish","format-standard","hentry","category-netbsd","tag-networking"],"_links":{"self":[{"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/posts\/184","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=184"}],"version-history":[{"count":31,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions"}],"predecessor-version":[{"id":215,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=\/wp\/v2\/posts\/184\/revisions\/215"}],"wp:attachment":[{"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=184"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=184"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fukr.org.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=184"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}