How-To Diskless AoE – 01 Overview of the Solution

This How-To enable a Windows based solution that uses AoE technology to bring an entirely new range of solutions, flexibility and cost reductions to businesses. The feature of AoE is a server based network where software applications and programs are held on the server, and runs on Client PCs (Diskless Node). Therefore, Client PCs do not require a hard disk anymore. Centralizing operating system data by deploying AoE enables storage virtualization at the level of the local hard drive, and allows extremely fast server and desktop deployment. This makes AoE Diskless an ideal network management software which is suitable for all kinds of networked environment industries such as Education Institutions, Training Centers, Offices, Cybercafé, Karaoke, and can also be used in cluster computing.

Until today, administrators or technical support staffs are still having frustrations when it comes to troubleshooting and maintaining a group of networked PCs. The majority of problems faced by administrator or technical support staff in a networking environment are:-

• Programs/Applications/Games/Windows Updates to all PCs
• Maintain different PC specification
• Efficiency and Troubleshooting of PCs
• Identifying faulty hardware and replacements
• Hard disk limitation and upgrades
• Virus attacks and Virus removal
• Operating System Backup / Restoration
• Windows / Files Protection
• Freeze/Unfreeze PCs when doing updates (Recovery system)

Listed below are some quick facts if you use this How-To:

COST SAVING IN:

• Investment for hard disk and future hard disk upgrade
• Monthly electricity bill, go Green
• Recovery software / hardware
• Backup / cloning software and other update software
• Antivirus / Anti Trojan software
• Faulty hard disks replacements

TIME SAVING IN:

• Programs/Applications/Games/Windows Update to all PCs
• PC maintenance enabling easy manage on multiple branches remotely
• Virus attacks and Virus removal
• Windows / Files Protection
• Maintaining different specification PCs
• Operating System Backup / Restoration
• Freeze/Unfreeze (Recovery system)

SUPPORT:

• Different Client PC specification with different drivers (Motherboard / Display / Sound / etc)
• Multi Restore Points
• Multi Sync between Servers
• Multiple Images – Multiple Window. (Example: 10PC using English Windows + 10PC Malay Windows + 10PC Chinese Windows)

What is AoE ?

ATA over Ethernet (AoE) is an open standards based protocol that allows direct network access to disk drives by client hosts. Using disk storage arrays that support AoE shared storage networks (SAN) can be built that leverage the power of “Raw” Layer 2 Ethernet.

• AoE has been native in the Linux kernel since 2005
• AoE delivers a simple, high performance, low cost alternative to iSCSI and FibreChannel for networked block storage by eliminating the processing overhead of TCP/IP.
• Layer 2 Protocol which encapsulates ATA (the command set used by most commodity disk) in Ethernet Frames – An Ethernet request which has in it, give me block ‘00’ from disk ‘01’ on shelf ‘1’.

Protocol

AoE is a stateless protocol which consists of request messages sent to the AoE server and reply messages returned to the client host.

Messages have two formats:

• ATA Message
• Config/Query Messages

AoE utilizes the standard Ethernet MAC header for IEEE 802.3 Ethernet frames and has a registered Ethernet type of 0x88A2.

Legacy Fibre Channel and iSCSI protocols consist of several complex software layers see the diagram below. These layers force users through mandatory SAN point-to-point connection configuration procedures for each network path for all storage LUNs. Ethernet SAN is a connectionless protocol that connects servers and storage directly across layer 2 Ethernet. It does not require TCP/IP or user configured multi-path IO (MPIO) software. The use of layer 2 Ethernet represents a simpler approach for SAN.

Read More

FreeNAS : How-To Setup Home File Server For Free

I download a lot of music. My wife takes a lot of digital photos. My kids also like to save music and photos. Between all of us, we have a lot of media that quickly accumulates on our home PCs. The task of sharing this media between us is a challenge. My wife didn't know how to burn data CDs and my kids didn't have a CD burner. What we needed was a home file server: A dedicated computer used storage and sharing of our files. My research found a ton of products available that would do the job. There are several dedicated Network Attached Storage (NAS) devices that I could purchase, but even the cheapest ones are still several hundred US dollars. Then there is the server software to consider. Microsoft has its Windows Storage Server software that is also several hundred US dollars. There is also many different Linux solutions that require a working knowledge of the linux file system and command line.

In the end I settled on a free product called FreeNAS. As the title suggests, FreeNAS is free network attached storage software, but that is not all. It also has numerous features that make it extremely easy to set up, manage and expand. Plus it has features that allow you to use it as a media server for various devices. Since its hardware requirement is very minimal, this seemed like an ideal product for me to use. With FreeNAS, I was able to use my old desktop PC (a Pentium 4 with 256 MB RAM), as my file server.

Installation and setup:

To set up FreeNAS as a home file server, you must make sure you have all the proper hardware first. This means you need a multiple port router, or switch to connect your file server to as well as a network cable for the server. For the actual server, you will need a PC with at least one hard drive (I started with 2) and a CD-ROM drive.

The setup process was very easy. I downloaded the FreeNAS ISO file and created a Live CD which I inserted into my old PC. If I wanted to, I could have started using it as a file server right there (by simply changing the IP address of the server), but I wanted something that I could use in the long term... something that could auto restart with no user intervention in the event of a power failure. This meant installing it to the hard drive. FreeNAS setup made this easy to do. I simply selected which hard drive to install to, and that was it. After a reboot, I had to set up the network interface. FreeNAS auto-detects which network adapter you have, so selecting it was simple. Next I had to assign an IP address. FreeNAS setup has a default address you can use if you want, but it may not work on your home network. Its best to find out your workstation's IP address (typically assigned by your ISP through DHCP) and set up your FreeNAS server on a similar address. Once this is done, you are pretty much done with working directly with that machine and can now access all your other options through the web interface, which I found very easy to use.

Setting up file shares:

This is probably the most challenging part of the entire setup, but it was still relatively easy to do. Setting up the server to share files is done in 4 steps: Adding a drive, formatting the drive, adding a mount point, then setting up the share. At first the task was a bit daunting, but after grasping the basic concept, it was really quite straight forward. When I added 2 more hard drives to my server, it was simple to configure them for file sharing and within 15 minutes, I had easily tripled my file server storage capacity.

Additional Features:

Even though storage is its primary feature, there is much more that really makes this product shine. It has the ability to support multiple network protocols, including AppleTalk, NFS, FTP, Unison, and iSCSI. It also comes bundled with many extra services like the Transmission Bittorent client, a UPnP server, iTunes server and a basic web server. This means that it is capable of more than just storage. It can be used as part of your home entertainment setup, serving your media to your Home Theater PC, PSP, iPod, or other network devices.

Conclusion:

I'm happy to say that FreeNAS does a great job storing and sharing my files. Since my initial installation of the product, I added and updated 3 hard drives on my server and the process was very easy and straight forward. FreeNAS easily recognized my new hard drives and allowed me to add and share them for storage with no problems. I use the Transmission Bittorrent client to download my media, so I am not tying up my workstation with a separate bit torrent client. If I decide later to add a Linux PC to my home network, I can simply enable the appropriate protocol on my server and have instant access to all my files. Ultimately my goal is to build a home theater PC, so when that is ready, I will already have the media server ready to serve up my media.

I heartily recommend FreeNAS if you are looking for a free (or very inexpensive) solution for a file server. You will need to know some basic technical information about your home network, like your IP address setup, and you will need to have a multiple port router or switch on your home network, but beyond that, it is relatively easy to manage and expand.

Resources:

Website: http://www.freenas.org/
Download: http://sourceforge.net/projects/freenas/files/
Installation instructions: http://www.installationwiki.org/Installing_FreeNAS
FreeNAS Blog: http://blog.freenas.org/
FreeNAS Knowledgebase: http://www.freenaskb.info/kb/
FreeNAS Support Forum: http://sourceforge.net/apps/phpbb/freenas/index.php

Read More

Ethernet bonding with Linux and 802.3ad

Nowadays, most desktop mainboards provide more than one gigabit ethernet port. Connecting them both to the same switch causes most Linux distros by default to get a individual IP on each device and route traffic only on the primary device (based on device metric) or round-robin. A single connection always starts at one IP and so all traffic goes through one device, limiting maximum bandwidth to 1 GBit.

Here comes bonding (sometimes called (port) trunking or link aggregation) to play. It connects two ore more ethernet ports to one virtual port with only one MAC and so mostly one IP address. Wheres earlier only two hosts (with the same OS running) or two switches (from the same vendor) could be connected, nowadays there's a standard protocol which makes it easy: LACP which is part of IEEE 802.3ad. Linux supports difference bonding mechanisms including 802.3ad. To enable bonding at all there are some kernel settings needed:

Device Drivers  --->
[*] Network device support  --->
<*>   Bonding driver support

After compiling and rebooting, we need a userspace tool for configuring the virtual interface. It's called ifenslave and provided with the Linux kernel. You can either compile it by hand

/usr/src/linux/Documentation/networking
gcc -Wall -O -I/usr/src/linux/include ifenslave.c -o ifenslave
cp ifenslave /sbin/ifenslave

or install it by emerge if you run Gentoo Linux:

emerge -va ifenslave

Now we can configure the bonding device, called bond0. Firstofall we need to set the 802.3ad mode and the MII link monitoring frequency by

echo "802.3ad" > /sys/class/net/bond0/bonding/mode
echo 100 >/sys/class/net/bond0/bonding/miimon

Now we can up the device and add some ethernet ports:

ifconfig bond0 up
ifenslave bond0 eth0
ifenslave bond0 eth1

Now bond0 is ready to be used. Run a dhcp client or set an IP by

ifconfig bond0 192.168.1.2 netmask 255.255.255.0

These steps are needed on each reboot. If you're running gentoo, you can use baselayout for this. Add

config_eth0=( "none" )
config_eth1=( "none" )
preup() {
 # Adjusting the bonding mode / MII monitor
 # Possible modes are : 0, 1, 2, 3, 4, 5, 6,
 #     OR
 #   balance-rr, active-backup, balance-xor, broadcast,
 #   802.3ad, balance-tlb, balance-alb
 # MII monitor time interval typically: 100 milliseconds
 if [[ ${IFACE} == "bond0" ]] ; then
  BOND_MODE="802.3ad"
  BOND_MIIMON="100"
  echo ${BOND_MODE} >/sys/class/net/bond0/bonding/mode
  echo ${BOND_MIIMON}  >/sys/class/net/bond0/bonding/miimon
  einfo "Bonding mode is set to ${BOND_MODE} on ${IFACE}"
  einfo "MII monitor interval is set to ${BOND_MIIMON} ms on ${IFACE}"
 else
  einfo "Doing nothing on ${IFACE}"
 fi
 return 0
}
slaves_bond0="eth0 eth1"
config_bond0=( "dhcp" )

to your /etc/conf.d/net. I found this nice preup part in the Gentoo Wiki Archive.

Now you have to configure the other side of the link. You can either use a Linux box and configure it the same way or a 802.3ad-capable switch. I used an HP Procurve 1800-24G switch. You have to enable LACP on the ports you're connected:

Now everything should work and you can enjoy a 2 GBits (or more) link. Further details can be found in the kernel documentation.

Read More

Linux Lite Is Heavy on Features and Usability

In a computing world distracted by distro overload, Linux Lite is a lightweight Linux OS that has no trouble handling a heavy workload.

Long gone are the days when it took hours to install and set up Linux on a computer, but most Linux distros still need a bit of configuration to adjust the massive desktop options to your liking.

Not so with Linux Lite. It is one of the few out-of-the-box experiences I have had in testing Linux distros that let me actually be up and working in under five minutes.

That is not to say I haven't spent time installing various preferred packages. That's the great beauty of using Linux. It gives users so much freedom to individualize the look and feel and choice of applications.

To its credit, Linux Lite does not install excessive numbers of programs to clutter up menus and home directories. Instead, it installs a collection of work and play packages to get you working and surfing. Rather than spend time removing or tolerating unwanted programs, users can simply add their preferred tools.

Testing That Testimony

My routine in checking out any unfamiliar Linux distro is to see how quickly the live session boots on my standard equipment. Usually, the first sign of duress is the lack of a wireless connection. The next stumbling block is usually one or more snags while installing the new distro to the test computers.

Linux Lite impressed me from the start. It loaded a live session in under 30 seconds with a prompt to enter my wireless connection credentials. I liked its speedy responsiveness when loading files from the DVD. I liked its fresh look and uncluttered design.

Linux Lite won me over when it installed on even my balkiest test computers without a single sign of trouble. That satisfaction continued as I performed my next critical step. Using nothing more than the installed set of packages, I attempt to use the distro to do actual work tasks for as long into my work day as I can tolerate.

I was pleasantly pleased not to have to make any settings changes or packages additions except one minor matter. Linux Lite defaults to two virtual workspaces. It only took a right click to change that setting to my standard four. The new setting was immediately activated in the workplace switcher app on the dock.

Look and Feel

Linux Lite uses the Xfce desktop environment. Not having any other choices is sometimes a good thing: It removes any quandaries about which optional offering would be better. Of course, if you prefer more memory-intensive flash-bang desktop effects, Xfce may not suit your comfort zone.

Xfce is fast and lightweight, but it is also very simple to use without compromising on performance. The Linux Lite developers did not make the mistake so many others make by embellishing or altering the integration of the desktop environment to make it more distro-unique.

I was able to easily change the default two-tone gray background with a right click on the desktop to select the Desktop Properties menu. Linux Lite offers a nice collection of colorful background images as part of the live session functionality. Often this personalizing option is not available with other Linux distros until you make a hard drive installation.

Working Desktop

The desktop screen is neat and simple, with easy navigation to the menu, system settings and configuration options. As I already mentioned, though, Linux Lite really needs no finessing to be truly usable from the start.

The menu is fairly standard yet simple and intuitive. For example, the folders are organized according to their categories. The slide-out menus are also well-categorized.

You can use the Run Program search box at the top of the menu to run a program rather than scroll through the standard menu -- but that only works if you actually know the name of what you want.

Another option is to use the Application Finder in the Accessory menu. Just select a category in the left column and click on the desired installed application in the right column.

Everything Just Works

Linux Lite has a lot going for it to make a very good first impression. With Linux Lite the basics work out-of-the-box.

For example, the only included browser is Firefox. I would have preferred the Chromium Browser, but Firefox was a reliable browser for me to start my work day rather than take time to install Chromium. Even Firefox's preinstalled state allowed me to play my online music collections and view YouTube videos without having to track down missing players and plug-ins.

When I needed to take that extra step to use some added third-party programs, relief was just a menu item away. The restricted extras package in the main system menu includes proprietary libraries and applications that enable the use of TrueType Fonts, Java, Flash and the ability to playback MP3s.

Strong System Support

Especially useful for configuring Linux Lite your way is the menu item to easily install special packages. The list includes a file and folder search tool and instant messaging. It also lets you add remote desktop, restricted extras, torrent software, video editing, VirtualBox, a weather monitor and/or Wine.

Linux Lite lacks its own community repository. The full range of package installation and software removal is done with the Synaptic Package Manager. A separate application in the main menu lets you install system updates.

The latest version of Linux Lite is "Amethyst," or version 1.0.6, released in June. The distro is based on Ubuntu 12.04 LTS, which includes five years of system updates without worrying about having to upgrade.

If you are not a fan of Ubuntu Linux, do not let the family lineage deter you from trying Linux Lite. Other than the system underpinnings, you will not see any trappings from the Ubuntu desktop.

Bottom Line

Linux Lite is an ideal starter distro for those looking for an upgrade when Windows XP dies early next year. Yet this distro is not just an easy Linux intro for newcomers -- it is a suitable workhorse distro for seasoned Linux users as well.

Even without installing it to a hard drive, you can reliably use Linux Lite in a live session from the DVD or USB drive installation. The USB option does not let you save your settings and software changes, however -- it is not intended for true portable use with persistent memory. However, if you use it only in live session mode, you can save your personal files externally.

Linux Lite is fully featured with the preinstalled software to be usable right out of the box.

Want to Suggest a Linux Application for Review?

Is there a Linux software application you'd like to suggest for review? Something you love or would like to get to know? - source

Read More

SteamOS could really help desktop Linux adoption, says Torvalds

The Linux desktop revolution is just around the corner!

This is a familiar refrain that has received new life in recent months thanks to Valve and its efforts to turn Linux into a gaming platform with the Steam client for Linux (shown above) and the Linux-based SteamOS.

Even Lars Gustavsson, the chief game maker for DICE, which is the EA-owned studio responsible for the Battlefield series, has a strong interest in Linux for games.

There’s so much Linux love in the air that it prompted Linus Torvalds, overlord of the Linux Kernel, to tentatively suggest that Valve’s announcements could encourage Linux adoption on desktop PCs. Screech! Not again, I hear you say?

Yes, we’ve heard the claim for years that the Linux (or GNU/Linux depending on your persuasion) desktop revolution is just around the corner. And yes, this could be just another high hope in a long history of high hopes, but Torvalds reinforced some important arguments about a Steam-powered rise for Linux.

“I think [the Steam announcements are] an opportunity to maybe really help the desktop,” Torvalds said recently during LinuxCon + CloudOpen Europe in Edinburgh, Scotland. That’s not exactly a ringing endorsement for a Linux revolution but, if anyone is familiar with endless promises of Linux-based desktops becoming popular, it’s Torvalds.

For Torvalds, Valve’s Steam efforts could be a big opportunity to drive desktop Linux because it could force the various desktop Linux distributions to standardize their technology. Torvalds said earlier in the 44-minute talk (shown below) that the Linux desktop was a “morass of infighting.” (The Steam talk starts around 29:50 minutes for those who want to fast foward.)

Critics’ reasoning

A criticism often leveled at Linux OS distributions—and contributing projects such as the Gnome desktop—is that each component insists on doing things its way, or going in a different direction, or breaking compatibility. This can result in fights over everything from the best bootloader to which desktop UI is superior (ridiculous since everybody knows Unity rocks).

Some critics, such as Gnome project founder Miguel de Icaza, put at least some of the blame at the feet of Torvalds. Regardless of who’s at fault, most critics agree that the Linux desktop is a house divided right now, which is why a company like Valve and the success of Steam is so sorely needed.

“[Valve] is this one company who has this vision for how to do things,” Torvalds said. “I think it also forces the different distributions to realize ‘hey, if this is the way Steam is going, we need to the same thing. Because we want people to be able to play games on our platform too.’”

Having everyone toe the line for popular products such as Steam for Linux is an excellent way to set technology standards, Torvalds argues. “Good standards are people doing things,” Torvalds said. “And saying ‘this is how we do it’ and being successful enough to drive the market.”

Change in the air?

Already, Valve’s appears to be influencing how major hardware vendors approach Linux. Shortly after SteamOS was announced, both AMD and Nvidia announced improved driver support for Linux. And AMD’s low-level Mantle support could result in more top-tier games landing on Linux.

But technology is only half the battle. As DICE’s Gustavsson said, it will also take that one killer app to really push Linux as a PC platform. That one game that everyone must play, but the only way to play it will be on a Linux distribution.

Will that game come from Valve in the coming months? An early look at Half-Life 3 perhaps? Only time will tell. But hey, if you’re waiting for the Linux desktop revolution to happen you’ve got nothing but time.

[via PCPro]

Read More

Top 7 Best Linux Distributions 2013

Back in 2010 Linux.com published a list of the year's top Linux distributions, and the popularity of the topic made it an instant annual tradition.

There have been several shifts and shakeups on the lists presented since then, of course, and – as you'll soon see – this year's offering holds true to that pattern. In fact, I think it's safe to say that the past year has seen so much upheaval in the desktop world – particularly where desktop environments are concerned – that 2013's list could come as a surprise to some.

Let me hasten to note that the evaluations made here are nothing if not subjective. There also is no such thing as the “one best” Linux distro for anything; in fact, much of the beauty of Linux is its diversity and the fact that it can be tweaked and customized for virtually any taste or purpose. The one best Linux for you, in other words, is the flavor you choose for your purpose and preference and then tweak until it feels just right.

Still, I think some Linux flavors stand out these days as leaders for particular use cases. I'm going to diverge a bit from past lists here when it comes to those categories, however. Specifically, where past lists have included the category “Best Linux LiveCD,” I think that's become almost obsolete given not just the general shift to USBs -- some PCs don't even come with CD drives anymore, in fact -- but also the fact that most any Linux distro can be formatted into bootable form.

On the other hand, with the arrival of Steam for Linux, I think this year has brought the need for a new category: Best Linux for Gaming.

Read on, then, for a rundown of some of the best of what the Linux world has to offer.

Best Desktop Distribution

There are so many excellent contenders for desktop Linux this year that it's become a more difficult choice than ever – and that's really saying something.

Canonical's Ubuntu has made great strides in advancing Linux's visibility in the public eye, of course, while Linux Mint and Fedora are both also very strong choices. Regarding Ubuntu, however, a number of issues have come up over the past year or so, including the inclusion of online shopping results in searches – an addition Richard Stallman and the EFF have called “spyware.”

At the same time, the upheaval caused by the introduction of mobile-inspired desktops such as Unity and GNOME 3 continues unabated, spurring the launch of more classically minded new desktops such as MATE and Cinnamon along with brand-new distros.

For best desktop Linux distro, I have to go with Fuduntu, one of this new breed of up-and-comers. Originally based on Fedora but later forked, Fuduntu offers a classic GNOME 2 interface – developed for the desktop, not for mobile devices -- and generally seems to get everything right.

Besides delivering the classic desktop so many Linux users have made clear that they prefer, Fuduntu enjoys all the advantages of being a rolling release distribution, and its repository includes key packages such as Netflix and Steam. I've been using it for months now and haven't seen a single reason to switch.

Best Laptop Distribution

At the risk of sounding repetitive, I have to go with Fuduntu for best Linux distro as well. In fact, the distro is optimized for mobile computing on laptops and netbooks, including tools to help achieve maximum battery life when untethered. Users can see battery life improvements of 30 percent or more over other Linux distributions, the distro's developers say.

Such optimizations combined with this solid and classic distro make for a winner on portable devices as well.

Best Enterprise Desktop Linux

The enterprise is one context in which I have to agree with recent years' evaluations, and that includes the enterprise desktop.

While SUSE Linux Enterprise Desktop is surely RHEL's primary competitor, I think Red Hat Enterprise Linux is the clear leader in this area, with just the right combination of security, interoperability, productivity applications and management features.

Best Enterprise Server Linux

It's a similar situation on the server. While there's no denying SUSE Linux Enterprise Server has its advantages, Red Hat is pushing ahead in exciting new ways. Particularly notable about Red Hat this year, for example, is its new focus on Big Data and the hybrid cloud, bringing a fresh new world of possibilities to its customers.

Best Security-Enhanced Distribution

Security, of course, is one of the areas in which Linux really stands out from its proprietary competitors, due not just to the nature of Linux itself but also to the availability of several security-focused Linux distributions.

Lightweight Portable Security is one relatively new contender that emerged back in 2011, and BackBox is another popular Ubuntu-based contender, but I still have to give my vote to BackTrack Linux, the heavyweight in this area whose penetration testing framework is used by the security community all over the world. Others surely have their advantages, but BackTrack is still the one to beat.

Best Multimedia Distribution

Ubuntu Studio has often been named the best distro for multimedia purposes in Linux.com's lists, but it's by no means the only contender. ZevenOS, for instance, is an interesting BeOS-flavored contender that came out with a major update last year.

For sheer power and nimble performance, though, this year's nod goes to Arch Linux. With an active community and thousands of software packages available in its repositories, Arch stays out of the way so your PC can focus on the CPU-intensive tasks at hand.

Best Gaming Distribution

Last but certainly not least is the gaming category, which surely represents one of the biggest developments in the Linux world over this past year. While it may not be relevant for enterprise audiences, gaming has long been held up as a key reason many users have stayed with Windows, so Valve's decision to bring its Steam gaming platform to Linux is nothing if not significant.

The Linux distro choice here? That would have to be Ubuntu, which is specifically promoted by the Valve team itself. “Best experienced on Ubuntu” reads the tag line that accompanied the Steam for Linux release last month, in fact. Bottom line: If you're into gaming, Ubuntu Linux is the way to go.

Read More

NeoRouter for Android

1. Overview

NeoRouter for Android enables users to remotely access and manage Windows, Mac and Linux computers right from your Android devices. NeoRouter is a cross-platform zero-configuration VPN solution that securely connects your computers and devices at any locations into a virtual LAN and provides a networking platform for various applications like remote desktop, VNC, SSH, etc. On devices with Android 4.x and above, NeoRouter for Android operates in VPN mode. User can seamlessly access remote computers by their virtual IP addresses using any app. On devices with Android 3.x and below, NeoRouter for Android operates in Tunnel mode. User needs to configure dynamic or static port forward tunnels. It only works with apps that use outgoing TCP connections.

2. VPN mode for Android 4.x and above

This guide assumes that user had previously setup a NeoRouter Domain and added remote computers. Please read User's Manual for complete setup instructions. Launch NeoRouter for Android and Sign In. The sign-in experience on Android is similar to that on Windows and Mac. When you see the VPN connection warning dialog, please check "I trust this application" and then click Ok.

Once you have signed in, you will see the list of remote computers in your network. If online, a computer is shown in bold with a color icon. It is also assigned a virtual IP address as shown inside the parenthesis. You can long-click on an online computer to copy its virtual IP Address. You can also long-click an offline computer to wake-on-LAN.

Launch ConnectBot, enter "user@{virtual ip address}", and you will connect to the remote computer via SSH.

To exit NeoRouter VPN, you can click Menu - Exit. Alternatively you can open the key icon in the notification area and then click the disconnect button in the VPN status dialog.

3. Tunnel Mode for Android 3.x and below

3.1 Quick start using dynamic port forward

Using ConnectBot as example, I will show you how to setup NeoRouter for Android within minutes. This guide assumes that user had previously setup a NeoRouter Domain and added remote computers. Please read our User's Manual for complete setup instructions. Download and install NeoRouter from Android market. Launch NeoRouter for Android and Sign In. The sign-in experience on Android is similar to that on Windows and Mac. Once you have signed in, you will see the list of remote computers in your network. If online, a computer is shown in bold with a color icon. It is also assigned a virtual IP address as shown inside the parenthesis.

Long-click on an online computer and you will see the launch pad dialog with a list of applications/ports. Choose SSH (22) from the list and NeoRouter will setup port forward from localhost:32973 to the SSH port of the remote computer.

Launch ConnectBot, enter "user@localhost:32973", and you will connect to the remote computer via SSH. Tip: if you need multiple SSH connections concurrently, you can add multiple entries to localhost:32973 in ConnectBot by changing the Nick Name property. See ConnectBot's FAQ for more information.

If you need to connect to a different computer or to use a different application, you can simply repeat the above steps to setup a different Dynamic Port Forward in NeoRouter. Then new connections to localhost:32973 will be forwarded to this new remote address. The change does not interrupt existing connections.

3.2 Configure Dynamic Port Forward

Port Forward in NeoRouter shares the same basic concept as port tunneling using SSH. The NeoRouter Android application will listen at ports on localhost and forward connections to these ports to the remote computer over the virtual private network. NeoRouter supports both Static Port Forward and Dynamic Port Forward. Static Port Forward With Static Port Forward, user assigns a local port for every remote [server:port]. For example, if a user needs access to two remote computers for SSH and VNC, he/she will need to create four static port forward mappings as shown in the screenshot below. NeoRouter will listen at all these local ports and forward the incoming connections according to the mappings. To edit static port forward, user needs to sign in, then click "menu" - "Settings" - "Configure Static Port Forward".

Dynamic Port Forward With Dynamic Port Forward, NeoRouter always listens at port 32973 of localhost, and user can specify remote computer and port dynamically by long-click a computer then choose a port. After setting remote computer and port, new connections to localhost:32973 will be forwarded to this remote address. User can change the remote address at any time without interrupting existing connections. By default, NeoRouter supports three remote ports: SSH (22), VNC (5900) and RDP (3389). To change the default settings, user can sign in, click "menu" - "Settings" - "Configure Dynamic Port Forward". Note that "$NRIPAddress" will be replaced with the IP address of the remote computer.

Read More

BackTrack 5 on Android Smartphones

For those of you not familiar with BackTrack, it’s a GNU/Linux distribution that is used for security testing providing users with a wide range of tools from port scanners to password crackers.

XDA forum member msullivan is so keen on BackTrack that he has posted an Android build from XDA member anantshri who built the base image.

The OS is fully Ubuntu-based so it is possible to run it like a desktop, including running Firefox and other Linux applications. Other features of BackTrack 5 include being able to do advanced network scans right from your Android device via WiFi, no laptop required.

In theory the build posted, should be universal, so to try it out, head on over to the forum thread and download the zip.

BackTrack 5 for Android requires root access.

Please note that this is not a native client and is based on the chroot and VNC method that has been used to get Ubuntu running with Android and is very unstable. The project is not supported, and requires some technical skills including Linux knowledge.

Read More

Demystifying UEFI, the long-overdue BIOS replacement

After more than 30 years of unerring and yet surprising supremacy, BIOS — the IBM PC’s Basic Input Output System — is taking its final bows and shuffling into the theater’s wings. Taking its place in the limelight is UEFI, a specification that begun its life as the Intel Boot Initiative way back in 1998 when BIOS’s antiquated limitations were hampering systems built with Intel’s Itanium processors. Later, the Initiative became EFI, and in 2005 Intel donated EFI to the newly-formed UEFI Forum, a consortium made up of the usual suspects: AMD, Apple, IBM, Intel, Microsoft, and so on.

UEFI, or Unified Extensible Firmware Interface, is a complete re-imagining of a computer boot environment, and as such it has almost no similarities to the PC BIOS that it replaces. While BIOS is fundamentally a solid piece of firmware, UEFI is a programmable software interface that sits on top a computer’s hardware and firmware (and indeed UEFI can and does sit on top of BIOS). Rather than all of the boot code being stored in the motherboard’s BIOS, UEFI sits in the/EFI/ directory in some non-volatile memory; either in NAND on the motherboard, on your hard drive, or on a network share (more on that later).

UEFI stackAs a result, UEFI almost resembles a light-weight operating system. A computer boots into UEFI, an arbitrary set of actions are carried out, and then it triggers the loading of an operating system. Further reinforcing its OSness, the UEFI spec defines boot and runtime services, protocols for communication between services, device drivers (UEFI is designed to work across all platforms), extensions, and even an EFI shell, where you can run EFI applications. On top of all this is the boot loader, which executes an operating system’s boot loader.

UEFI, being a pseudo-operating system, can access all of the hardware on the computer — you can surf the internet from the UEFI interface, or backup your hard drives — and it even has a full, mouse-driven GUI (below right). The fact that all of this boot data is stored on NAND flash or on a hard drive means that there’s a lot more space for things like language localization, boot-time diagnostics (begone meaningless POST beeps!), utilities (backup, restore, malware scanners), and so on.

As a corollary, the fact that UEFI is entirely software-based is what makes it unified. So far UEFI has been used by almost every combination of 32- and 64-bit ARM, Intel, and AMD chips, and in each case the boot code just had to be compiled for the target platform. Every major desktop (OS X, Windows) and server OS (Linux) supports UEFI boot today — and Windows 8, when it rolls out, will have features that only work with UEFI (though it will still run on conventional, BIOS-booted computers).

Asus EFI BIOSUnderneath this crazy, extensible, software-driven interface, UEFI also specifies a few standard features that must be implemented. Windows 8′s ability to detect rootkit and malware infections (and rogue Linux installations), for example, relies on UEFI’s secure boot functionality. Low-level cryptography, network authentication, universal graphics drivers, and more, are all provided as standard. Update: Microsoft now has an excellent article about UEFI, Windows 8, and secure boot (Linux will be able to run just fine!)

Finally, it’s worth noting that UEFI is still incredibly young, and very few operating systems actually take advantage of any of the features listed above. Linux certainly supports UEFI, but no Linux distro really utilizes it. Mac OS X makes slightly better use of UEFI with the Bootcamp boot manager. Windows 8, when it launches in 2012, will probably be the first major OS to take extensive advantage of UEFI, with Restore, Refresh, secure boot, and possibly more.

Read more about UEFI on Wikipedia, UEFI Forum website, or How-To Geek

If you know how to pronounce UEFI, do let us know in the comments. We want to pronounce it “you-eff-eye,” but it could also be “you-fee,” or even “oo-fee”…

Read More

Giada A51 AMD-Powered Mini PC

Though Intel probably isn't too happy about it, Advanced Micro Devices has been scoring quite a few design wins lately.

What we have here is a nettop, or mini personal computer, that Giada put together.

Called A51, it relies on an AMD T56N processor and the 850N FCH chipset, complete with Integrated GPU.

For those who don't know about it, AMD T56N is part of the embedded G-Series APU platform. It has two Zacate cores at 1.6 GHz, plus the Radeon HD 6320 GPU at 500 MHz.

The system should have a very easy time of running an Windows 7 or playing 1080p video with 5.1 surround sound, all on a power consumption of just 35W.

The rest of the specs are quite straightforward: 4 GB of RAM, a 320 GB HDD, Gigabit LAN, Wi-Fi, USB 3.0 (one port), four USB 2.0 connectors, a memory card reader, S/PDIF optical audio out and a couple of video outputs (HDMI, VGA).

So this little pumpkin features the latest AMD Fusion processor (E-450 Platform), supports Full HD 1080P, has 1 USB 3.0 port, delivers DirectX 11 grade graphics and keeps the merry-go-round spinning on a mere 30W of power. These are impressive specifications for a device smaller and lighter than the average netbook.

The model we got hands on was the AMD E-450 Edition (they make a similar one with Intel chippery inside). Under its little bonnet they shoved 4GB of DDRIII 1333Mhz memory, a 320GB Western Digital Scorpio Blue (5400 RPM) and both a Wi-Fi 802.11b/g/n & Bluetooth chip.

This model comes with a remote control and HDMI cable included.

Stock system test

By default the Giada Mini PC A51 doesn’t come with the OS preinstalled. You can install any Linux distro or Windows edition you like, it will chum with anything up to Windows 8. We decided to install Windows 7 Ultimate here.

This device scores E538 in 3DMark 2011, which, considering how small and limited in cooling it is, is a very fair result. Read/Write speeds tested with ATTO revealed maximum speeds 72.8Mb/sec and 73Mb/sec respectively.

There were some quirky moments when installing the Giada driver CD. It has a peculiar feature called ‘Auto Install’. One would imagine this installs all drivers at the push of a button, right? Well unfortunately it didn’t, the only driver installed after it claimed to finish was the AMD Platform driver (while all the other drivers were checked). So Windows’ device manager didn’t recognize the WIFI, Bluetooth, USB3, etc..

Manual driver reinstall to the rescue! Funny thing is, when you manually install the drivers again, the Giada driver manager tells you “this driver is already installed”. Ignore this warning, reinstall, and finally Windows’ device manager initializes the component as recognized by the system. Perhaps the issue was related to our version of Windows 7 Ultimate, because installing the same edition with SP1 integrated made the driver CD install every driver right from the gecko.

A cold boot on this standard model might take up a small minute once all your desktop and all the windows background processes are loaded. All in all this Mini PC makes an excellent kitchen PC or could serve as a midrange HTPC replacement. If you leave it in sleep mode it serves great purpose to occasionally check a web page, mails, Google a recipe or play Sudoku, just don’t expect to play any graphic demanding games on it.

Modified test

It only requires an OCZ Vertex 4 SSD, a toolbox and the glint in the eye of the hardware geek to spark the fundamental male question applying to electronics, motorized vehicles and women: “Now what if I took a peek under the bonnet?”.

And so we did… Discovering the Giada Mini PC A51’s hard drive model + the possibility to remove/replace both hard disk and DDRIII ram module. The 1333Mhz module appeared to be from Crucial, but that was not our key interest. First off, the Giada A51 has a SATA II connector soldered on the mainboard, so telling you in advace: fitting OCZ Vertex 4 in this device is like fitting a Ferrari engine to a go-kart. Do not proceed.

So… We fitted the OCZ Vertex 4 (SATA-III/6G) here because it was the first SSD we stumbled upon, the SATA-II/3G controller was made to get the maximum out of a Vertex II or similar previous generation SSD. So what we discovered is that by simply swapping the default 5400RPM disk to flash storage gives you over 4 times the speed of the base system.

Before (stock system):

Max. Read: 72.8Mb/sec
Max. Write: 73Mb/sec

After (SSD fitted):

Max. Read: 283.1Mb/sec
Max. Write: 256.1Mb/sec

Conclusion: The SSD will consume less energy, doesn’t have any moving parts (so no noise) and increases the system’s performance 4x.

Re-testing the system with 3DMark11 resulted in a slight increase of score: E546. Which is fairly normal as this test pattern is oriented towards GPU/CPU/RAM benchmarking for gamers, thus the SSD doesn’t get regarded as a big score changer in gaming performance.

Final thoughts

Everything in this All-in-one PC turned out to function properly, nothing broke down, nothing got particularly hot and nothing failed to work even after 24h rendering/stress tests. So we have a winner? Not quite…

The Giada Mini PC A51 was based on the design principle of netbooks, meaning that they could shave off another 6-7mm in height if their used a flash memory board instead of the stock hard drive.

The cooling system is equally very “netbooky”, which means: A particularly small fan giving you the distinctive notebook whizz sound. When used as a HTPC this particular pitch might not be to everyone’s liking, but if you turn the music up it doesn’t become a nuisance.

Overall, Giada’s motto “Tech, Fashion, Art” is well in place. The pattern on the enclosure and transparent plastic horizontal stand and chrome finish on the front give this book-sized PC a very distinctive and luxury finish. Although this is a Mini PC with netbook-sized components; the general performance level is very decent. It won’t replace your gaming rig or power laptop, but for conventional office, surfing or email usage it is a great thing to have. Small size, big aspiration.

MSRP: 275 USD, 350 EUR (inc. Tax). - source

Read More

The world's first Tegra 3 Mini-ITX motherboard

Kontron is about to launch the world's first Tegra 3 Mini-ITX motherboard (17 cm x 17 cm). Compact size, rich I/O interfaces, and amazing power efficiency (total consumption under 7W!) the KTT30/mITX is the start of a new breed of desktop computer. The beginning of the end for Intel's Atoms?

• ARM Cortex-A9 Quad Core 900MHz Processor
• Up to 2 GB DDR3L memory down
• Ultra low power NVIDIA GeForce GPU with enhanced 3D capabilities
• 1080p H264 MPEG-4 encoding/decoding Video Processor
• HDMI 1.4a (up to 1920x1080 pixel)
• 24 bit LVDS (up to 2048x1536 pixel @ 18bpp)
• support for 3 independent displays
• 3 x port USB 2.0 (2x Type A and 1x Micro)
• 2 x SD card slots
• 1 x HDMI
• Bootable eMMC
• 1 x mPCIe
• 1 x mPCIe/mSATA
• 1 x mPCIe for 3G (oboard SIM socket)
• 2 x RS232
• 1 x 10/100/1000 Ethernet Controller
• S/PDIF audio

As part of Kontron's strategic entry into ARM processor technology, Kontron has unveiled its first embedded ARM based motherboard in the Mini-ITX form factor (170mm x 170 mm). The Kontron KTT30/mITX is equipped with NVIDIA's Tegra 3 super processor and combines outstanding media performance with particularly low power consumption. With its integrated, ultra low-power GeForce GPU, the ARM Cortex-A9 900MHz Quad-Core processor board offers impressive 3D graphic performance and delivers a total energy consumption of just under 7 watts. These performance features make the board ideal for a wide spectrum of graphics- and video-oriented embedded applications like thin clients, Panel PCs and Mini-Box PCs, which are to be found in nearly all embedded computing vertical markets. The board which has a long-term availability of at least seven years is also predestined for markets such as medical, rail traffic and public safety.

Thanks to its standardized Mini-ITX form factor, the Kontron KTT30/mITX paves an efficient path for OEMs to integrate innovative ARM technology straight off-the-shelf and into their embedded applications. Not only are a wide range of Mini-ITX peripherals already available, but OEMs also benefit from Kontron's comprehensive customization services and extensive software support for Android and Linux which serve to minimize development time and costs. Besides the numerous USB and RS232 interfaces, several audio and video interfaces as well as miniPCIe extension slots, the Kontron KTT30/mITX offers a selection of interfaces to suit nearly every possible application. The extremely low-power consumption facilitates small passive cooling solutions which additionally reduce the bill of materials and development effort while simplifying implementation. Due to the board's low height of just 15.2 millimeters, extremely flat systems can be built and mounted directly onto the back of monitor and video panels, i.e. for HMIs or cost-efficient digital signage players. In addition, the board supports Full-HD (1080 p) video for both playback and recording purposes - making it an ideal platform for video conferencing systems or security applications. As with all Kontron embedded motherboards, the new Kontron KTT30/mITX comes with a long-term availability of at least seven years as well as its outstanding and durable stability and reliability due to its high-quality board layout and selected top-grade components.

The Kontron KTT30/mITX is based on the NVIDIA® Tegra 3 processor with four ARM Cortex-A9 CPU cores each with up to 900 MHz. An additional core with up to 500 MHz clock speed reduces power consumption to less than 1 watt in phases, when just media playback or background services are running. With its integrated 12-core NVIDIA® GeForce® GPU for low-power applications, life-like 3D graphics with dynamic lighting are possible at screen resolutions of up to 2048 x 1536 pixels. It also offers HDMI 1.4a and 24 bit LVDS video interfaces. Thanks to the integrated video encoder and decoder, as well as high resolution video playback it offers real time video compression, which can, for example, be supplied via the CSI/DSI camera port. Peripheral devices can be connected via three USB 2.0 ports and two RS232 ports. Operating system and application data can be hosted on the bootable eMMC. Two PCIe slots, one of which can also be used as an mSATA port, are available for application-specific extensions. An RJ45 Gigabit Ethernet port and analog audio-I/Os add the final touches to the feature set.

Read More

Z3RO Pro Computer, a PC the Size of a Paperback?

Small form factor personal computers were well represented at CES 2013, so the fact that Xi3 Company has one in the pipeline isn't as hard to believe as it would otherwise have been.

The name of the IT player's system is Z3RO Pro Computer, and the reason it qualifies as a mini PC is the size of 1.875 x 4.875 x 3.625 inches. That's about the same as 47 x 124 x 92 millimeters.

Obviously, that small case, as small as a normal paperback book, won't allow for very powerful hardware.

Still, Xi3 promises that, when the Z3RO Pro Computer goes up for sale in the second quarter (April-June 2013), it will have a dual-core, 64-bit dual-core x86 central processing unit, running at 1.65 GHz and featuring 2 MB of L2 cache, plus an integrated graphics chip with 80 shaders.

The hardware that will accompany said CPU will consist of 4 GB of DDR3 random access memory (RAM) and a solid state drive of 16 GB to 1 TB.

Obviously, the storage drive will determine how much higher than $399 / 299-399 Euro the price climbs.

Other specs mentioned in the Xi3 press release include four eSATA ports, a Gigabit Ethernet connector, and two display ports: HDMI/DisplayPort v1.2 and a mini-Displayport 1.2 output.

"The Z3RO Pro Computer is the ideal size for the ultimate in small form factor x86-based general computing," said Jason A. Sullivan , founder, President and CEO.

"In this post-PC era, it's clear that there's no reason to buy a tower or mini-tower computer ever again. Not only does the Z3RO Pro Computer help round out the Xi3 product line, it also marks the end of desktop computing as we've known it."

Z3RO Pro Computer is intended for general use in homes and offices, but it can become a good home theater and digital signage solution as well.

Its total power draw is of 14 watts and the default operating system is openSUSE Linux v11.2, but. Windows (up to Windows 8) and other UNIX and Linux OS'es are supported too, though.

Read More

ZTE ZXDSL 931WII Firmware TFTP Upload

Recently, I decided to upgrade my ADSL subscription to VDSL, and the deal included a ZTE ZXDSL 931WII CPE box (VDSL2 modem + NAT + WLAN AP). Attached with the box were instructions stating that configuration settings could be managed from a private web page provided by the ISP. And was one able to do so? Of course not. Much to my annoyance, it also turned out that all ‘outside the box’ local configuration had been disabled in the firmware (no response to LAN http, ssh or telnet). So, a quick call to the ISP helpdesk:

“Hi! I upgraded to blablabla and would like to configure it but there’s nothing else on the remote admin panel than a save -button”

“Ok let me check”

“It doesn’t accept any http or telnet connections to the local admin interface either..”

“What would you like to configure?”

“Well you know, the usual stuff people configure on their home router; static IPs, port forwarding, admin password etc..”

“Hmm well I can see that implementing the feature is pending, but I can check details about this with someone. Is it ok if I text you shortly? Kthxbye!” *CLICK*

Some minutes later, there’s a text on my mobile saying “There is no known schedule for adding remote configurability for the current firmware at this time”. W-T-F and thanks a fucking bunch! :D

Seriously: Do they think that I’m going to run this box in my home without having any access to feature configuration?

Sure I can understand that, given the increasingly technical times we live in, the need might arise for the ISP to be able to remotely check the CPE configuration of some less-technically-inclined subscriber using their ACS server. But why-oh-why disable all local configuration options? Surely, the option of configuring the hardware could be kept available to those who wish to do so?

Not happy with the situation at all, I decided it was time to take a look whether local configuration could be performed from inside the box.. I’d rather have a bit of my own fun with the box instead of paying xx€ for queuing +15 minutes on the phone just to be walked through a “Did you check cable connections” check list (or whatever). Should my “playtime” result with a bricked box, no problem. The ISP can then have the box back accompanied with a “the lights just went out” fault description and I’ll go buy something more decent :)

After opening the enclosure, board gets the usual ‘scanning glance’.. and what do you know?! On the front edge close to the status LEDs there’s a standard 4-pole pin header. Easy guess; one pin for GND, one for +VDC, one for RS232TxD and one for RS232RxD. Sort of screaming “hello, I’m a serial port” all over. Not that it turned out to be exactly plug’n’.. err.. hack.

As +3.3V logic levels are used, a RS232 line level driver is needed in-between to interface with a standard serial port. I have plenty of Intersil HIN202 transceivers available, so that’s what I used and will discuss here. Any other RS232 transceiver (f.e.x something by Maxim) should work as well. If you have some other chip, just pay attention to its datasheet / app notes how to connect it.

Basic application of HIN202. Image courtesy of Intersil.

What I put together was rather directly lifted from the HIN202 datasheet (picture above). HIN202 actually uses +5V logic levels, but as the specced low/high signal transition thresholds are 0.8V / 2.0V (respectively), the chip works just fine with 3.3V signal levels too. What of course needs to be accounted for is the RxD output connecting to the CPU. Remember, that the transceiver outputs +5VDC high signal state whereas the CPU prefers 3.3V! Thus, a series resistor is needed to lower the signal level. My choice here was 10k.

As you can see from the datasheet schematic above, electrolythic capacitors are used for the 10V on-chip voltage charge pumps. So why does my circuit use regular ceramic (1206 SMD) capacitors? Well, being the lazy me with certain things (like doing a quick hack such as this) is really about what suitable is ‘on the desk’.. and here, it was the ceramic capacitors. I have no idea if the electrolytics allow the pumps to work better in some specific conditions, but at least on my desktop/living room setup the RS232 connection works just fine like this. So, leave it at that and move on.

Lower side connections of the RS232 transceiver

Upper side connections of the RS232 transceiver

The completed adapter

The transceiver needs +5VDC operating voltage. Luckily there’s a +5V switch mode regulator stage on-board, so there’s no need to build a separate one just for the transceiver alone. I chose to tap into the supply by connecting parallel to D3, but there are plenty of other places on-board too.

Connected to the +5VDC supply..

Ok, adapter all wired up.. Hook it up with the PC, open a port connection in HyperTerm using 115k 8-n-1 and yay, bootup texts scrolling on the screen \o/.

In case you’re wondering about the enclosure looking different on the picture above than what it is at the ZTE website (and the beginning of this post) .. It’s because it is! :) Apparently, ZTE offers at least these two types of enclosure, allowing for a little bit of ISP “branding flair” or whatever. The manuals shipped with the unit have pictures of both enclosures and with a ZTE logo on it, whereas the box itself carries the ISP logo. How classy.

Hardware-wise, the box has a BCM6368 400Mhz processor, 4Mb flash and 64Mb DRAM. For WiFi, there’s a BCM4138 chip. I didn’t really want to bother with removing the RF shielding around the processor to see what else there might be underneath. The ground layer on the bottom of the board is pretty big, so the board and the shielding plate would have to be heated to extremes for removal.

Considering embedded systems as a whole.. Whereas hardware I can manage, Linux I however don’t. I do have some experience with distro installations (Debian, Ubuntu etc.) and basic command line usage, but this doesn’t really get you anywhere on a embedded system that’s optimized for a specific use. So, as you can probably imagine, ending up on the command prompt of the 931WII was somewhat a baffling moment. Steep learning curve right up ahead and all that.. :)

Luckily, hints given by friends combined with a plethora of internet searches pointed me the way. After fiddling around a while, I had a tftp server (TFTPD32) running on my laptop and was able to transfer the flash config to and from the box. The kernel is configured to automatically reboot the system after a valid config file has been uploaded, so no additional command line trickery is required for applying the new settings.

The settings themselves use some Broadcom xml markup (tags starting with X_BROADCOM_COM). I’m sure some kind of developer documentation must exist, not that I was unable to find anything from Broadcom’s online resource library. But once again, searching the net with some of the markup tags gave ideas how to go about configuring some of the settings. First tweak (of course), remove everything between the ManagementServer -tags ;).

After having my share of fun playing “the master of the system”, the first problem surfaced. No matter what parameter switches I passed to tftp, transferring the entire firmware didn’t seem to be possible. The system just kept persistently dumping/fetching the flash config! So there I was, trying to figure out what’s wrong with my tftp setup.. right about until a friend suggested that I could try starting the shell! Being used to desktop systems, I assumed shell would be running (BusyBox is mentioned on the startup texts, and all) but it actually wasn’t. No wonder the basic file system commands (like ‘cd’) were missing :D

If only someone had mentioned earlier that I'm supposed to do this.. ;)

So, after launching the BusyBox shell suddenly tftp has no problems transferring the firmware binary. No idea why it is like this (or did I do/type sth wrong?) but “yeah whatever”, as long as tftp is fully functional. The ZTE firmware binary I uploaded is of version 1.5.0c and it contains CFE bootloader and some vmlinux (2.6.21.5 kernel). The binary is available at the ZTE Finland website along with 1.5.0b. Both of these are for ISP other than mine, but they seem to work. There is 1.5.3something available here, but my box doesn’t accept this. ZTE doesn’t (at least currently) share firmware binaries with end-users, so I have no idea how much newer versions there might be.

Despite now having both the telnet and http admin interfaces accessible, what remains to be figured out is why certain ethernet connections timeout too quickly with the current firmware. This doesn’t seem to happen when using WLAN, so the problem is definitely somewhere with the LAN router settings. I tried modifying some of the nf_conntrack TCP values found under /proc/sys/net/ip4v/netfilter/, up to no avail. Not that it looks like the IP table is getting full either (as in, packets dropped). More learning curve for yours truly, so to say..

Big thanks to everyone who had enough patience to help me with Linux, it’s networking features and other related stuff! If you happen to read this and have a pdf on the Broadcom XML, I wouldn’t mind a download link in the mail. Most of the stuff in the config file seems to be accessible through the http admin interface anyway, so it’s not like my need for the documentation is critical. Call it more of a “nice-to-have” bonus ;)

The factual content ends here, but just to continue a bit on bonuses this is the “real one” of the topic..:

Only after I had the box running on the downgraded firmware, I came across some forum posts stating that the stock firmware is accessible by using the public WAN IP.. Grrrrrr, motherfuckers! If it is so, why the fuck DIDN’T HELPDESK OR THE MANUAL MENTION ABOUT THIS?

More importantly, if it is so, this also sounds like a security risk of sorts. Basically, all you’d have to know is the public IP of some subscriber using this particular CPE (f.ex. take a look at the ISP forum where they conveniently log user IPs), and you’d gain access to their router configuration in no time thanks to the very “default” admin password. Classy *2, if so.

Then again, a friend in-the-know tells me that some ISPs have certain modems that’ll give you access to admin interface from the WAN side if you simply change “login.html?success=0″ to “login.html?success=1″ on the browser address line! So yeah, maybe things could also be worse.. ;)

Read More

How-To Install pfSense on ALIX2 Series

So, what is pfSense, and more importantly what the heck is an alix2c1? pfSense is a complete purpose-built firewall software that can be installed on a PC, as well as embedded platforms such as PC Engines ALIX boards. The focus of this recipe is to build an embedded firewall appliance.

Why would I do this when a cheap firewall can be purchased off of the shelf? Simple, the cheaper firewalls don’t come with very many features (VPN built in, RRD network graphs, 3rd LAN port for “orange” DMZ setups, etc.). To get these features in a commercial firewall appliance means spending in the neighborhood of $300 as well as being locked into a certain vendor for VPN, etc. Making my own costs about $150 and give me a lot of flexibility.

So, this is a story of how I spent the past two nights sitting cross-legged on the floor with a laptop connected to a tiny motherboard that would become a firewall/router.

The instructions that I found on both the pfSense website and the m0n0wall website were for installing on the End-of-life WRAP product, but I figured it had to be similar, right? Well, sort of :-) After following the instructions on the pfSense website and then the m0n0wall website, things started to go downhill. The device would boot, pfsense would go through its loading process, but then just die on the loading of the DHCP server.

Never got an IP address on any of the NICs – but each NIC module got its link light when I plugged in the LAN cable so that was a sign that at least the NIC modules were working on some level. So I figured this is a BETA version of pfSense, so maybe I need to install m0n0wall. m0n0wall would boot up just fine and even made it to its menu, but I could never get the NICs to come up. None of them. Could I have a bit o’ bad hardware? So I hit the web again and soon found out from the forums over at pfsense that a BIOS upgrade might be in order.

The following steps are how I finally got this project off of the ground. I used Linux to do my bidding, but you can certainly do this from a Windows box (some of the steps are different, though…)

Hardware you will need (I purchased from Netgate and it came fast and furious, but there is a list of vendors on PC Engines’ website):

• ALIX2c1 or another embedded platform from PC Engines.
• Aluminum enclosure (optional if you’re going to install your ALIX in another enclosure).
• Power supply to power the ALIX (optional if you’re going to use Power over Ethernet, or PoE).
• A Compact Flash (CF) card (has to be at least 128MB according to the pfSense website).
• A Compact Flash reader connected to your PC. You’ll need this to write the image to the CF card.
• A computer with a serial port, preferably one with a true serial port and not a USB-to-serial adapter. It might work just fine with the USB/serial but if it doesn’t then you’ll have one more thing to troubleshoot.
• A DB9 null-modem cable with a DB9 female on both ends (or some gender changers to get you there)

When you get the hardware – DO NOT mount the ALIX board into the enclosure until you get it working. You might be removing/inserting the CF card a lot and the enclosure doesn’t give you any room to remove the CF card. OK, now that you’ve got all of the necessary hardware, here is the recipe for cooking up your own firewall:

1.] Download pfSense for embedded platform. The most current version at the time of this writing was 1.2-RC4, which I found to be stable for my needs as I had been using the PC based version for several weeks.

2.] Unzip the downloaded file (the version I downloaded isn’t a tar archive so we only need to use gunzip):

gunzip pfSense-1.2-RC4-Embedded.img.gz

This will expand the file, leaving a file called pfSense-1.2-RC4-Embedded.img.

3.] Now insert the CF card into the card reader on your PC. To find out the resource Linux is using to access the drive, type the following at the command line:

dmesg

and look at the last several lines which might look something like:

[ 7377.984000] sd 2:0:0:0: [sdb] 700560 512-byte hardware sectors (359 MB)

[ 7377.984000] sd 2:0:0:0: [sdb] Write Protect is off

[ 7377.984000] sd 2:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA

[ 7377.984000] sd 2:0:0:0: [sdb] 700560 512-byte hardware sectors (359 MB)

[ 7377.984000] sd 2:0:0:0: [sdb] Write Protect is off

[ 7377.984000] sd 2:0:0:0: [sdb] Mode Sense: 00 3a 00 00

[ 7377.984000] sd 2:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA

[ 7377.984000] sdb: sdb1

[ 7377.984000] sd 2:0:0:0: [sdb] Mode Sense: 00 3a 00 00

[ 7378.020000] sd 2:0:0:0: [sdb] Attached SCSI removable dis

[ 7378.020000] sd 2:0:0:0: Attached scsi generic sg2 type 0

From this output we can see that Linux is accessing the CF card as /dev/sdb.

4.] Next we will use the Linux utility “dd” to write the image to the CF card

dd if=pfSense-1.2-RC4-Embedded.img of=/dev/sdb

where “if=” is the input file (the pfSense image) and “of=” is for the output file. In our case we are writing the output to the file that is the CF card (remember, in Linux almost everything is a file). While the process is running, unfortunately you won’t get any output or indication of what it is doing. However, when it is finished you should get some output such as:

239144+0 records in

239144+0 records out

122441728 bytes (122 MB) copied, 187.177 seconds, 654 kB/s

5.] Unmount the CF card from your computer. If you’ve got a nifty neato X session going, and a handy dandy automounter, then chances are good that you can just right-click on the respective desktop icon for your CF card and select “Unmount Volume”. If not, hit the command line and do a:

mount

which should show where the drive is mounted:

/dev/sdb1 on /media/disk type vfat (rw,nosuid,nodev,shortname=mixed,uid=1000,utf8,umask=077,usefree)

6.] Now that we know where the drive is mounted, let’s unmount it:

sudo umount /media/disk

7.] Remove the CF card from your computer and insert it into the CF adapter on the ALIX board.

8.] Connect one end of the null-modem cable to your computer’s serial port and the other end to the serial port on the ALIX.

9.] Fire up your favorite terminal emulation software such as minicom (or Hyperterminal on Windows) and use the following settings:

• Baud rate: 38,400
• Data: 8 bit
• Parity: None
• Stop: 1 bit
• Flow control: None
• Terminal: ANSI

10.] Now apply power to the ALIX. If you are connected correctly, you should start to see the ALIX BIOS text.
11.] While the BIOS is going through the memory test press the “s” key to enter the BIOS setup.
12.] If have successfully entered the BIOS setup, you should see the text with some different options. Do the following:

• Press “9″ to set the baud rate at 9600
• Press “q” to quit the BIOS setup
• Press “y” to save the settings to flash

13.] If you start seeing gibberish ASCI characters instead of text, then you need to set your terminal emulation software to 9600 baud instead of the 38,400 we set it at earlier.

14.] Now reboot the ALIX by power cycling the unit (unplug the power, plug it back in).

15.] With the terminal set to 9600 baud, we should see the boot-up process and if all is well it should look akin to a Free-BSD boot.

16.] If all goes well and pfSense discovers your hardware, then you are good to go. To get started, you need to:

• Assign the interfaces
• Give the LAN interface an IP address that works for your internal network (i.e. 192.168.1.1)

17.] Once you plugged the LAN interface into your network, then fire up your web browser and surf on over to the IP address you gave for the LAN interface (http://192.168.1.1)

Unfortunately for me pfSense did not properly detect the NIC modules. After some digging around on the ‘net it looked like a BIOS upgrade would do the trick as the version on my ALIX board was 0.98b. The latest and greatest was 0.99. So here is how to flash upgrade the BIOS:

1.] Download the FreeDOS bootable image from PC Engine’s website.
2.] Insert another CF card into your computer. If you only have the one CF card, then you’ll have to re-do the previous  instructions to get the pfSense image back on the card after you’re done updating the BIOS.
3.] Unzip the image from the download if necessary (it was a Zip file when I downloaded it)

unzip freedos3.zip Archive: freedos3.zip
inflating: freedos_alixupdate_0.99.img

4.] Now write this image to the CF card:

dd if=freedos_alixupdate_0.99.img of=/dev/sdb

5.] Unmount your CF card from the computer, and insert it into the ALIX.
6.] Power on the ALIX and press “s” to enter the BIOS setup.
7.] Change the drive configuration to LBA by pressing “L”.
8.] Now press “q” to exit, and “y” to save your changes to flash.

9.] The system should boot the FreeDOS image and automatically run the BIOS flash utility (sb.com) to reprogram the flash.

10.] Once it is done, power off the ALIX and reinsert your pfSense imaged CF card. If you only had one card you’ll now have to go back and rewrite the pfSense image to the card.

Read More