WHITE BOX v1.1

Hardware required

  • Buspirate (for serial console)
  • Fonera FON2100A/B/C

Setting up TFTP

Download the OpenWRT Backfire installation files:

Setup atftpd or dnsmasq TFTP and put the above files on there.

Serial console via transparent UART bridge on Buspirate

Pinout of the Fonera Serial Port:

,-----------,-------------------------------------//---
| power     |    +3.3V  o o  -> Buspirate GND
| connector |      n/a  o o  n/a
|-----------'      n/a  o o  -> Buspirate MISO
|                  n/a  o o  -> Buspirate MOSI
|                  n/a  o o  n/a
|

Setup Buspirate in transparent UART bridge mode 9600 8N1 HiZ and connect to it via gtkterm or similar.

Flashing OpenWRT Firmware

Boot Fonera and hit ^C to enter RedBoot console.

Connect Fonera via Ethernet to host computer and configure the hosts IP to be 192.168.1.2. Then execute the following commands on the serial console (note: flashing takes a long time… several minutes):

RedBoot> ip_address -l 192.168.1.1/24 -h 192.168.1.2
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-vmlinux.lzma
RedBoot> fis init
RedBoot> fis create -e 0x80041000 -r 0x80041000 vmlinux.bin.l7
RedBoot> load -r -b %{FREEMEMLO} openwrt-atheros-root.squashfs
RedBoot> fis create rootfs
RedBoot> reset

Setup Password and ssh access

Wait until Fonera rebooted, once that's done hit ENTER to get a shell. Now set a password which should also start dropbear sshd to allow you to login via ssh.

OpenWRT#> passwd

Configure Network

  • Enable DHCP on br-lan interface so you can simply plug it into your network.
  • Enable WiFi

Edit /etc/config/dhcp and set the ignore option on the following block to disable DHCP entirely (this is done because there's already a DHCP server in the shackspace network).

config dhcp lan
	option interface	lan
	option ignore	1

Now make sure that you are connected to something that has internet access and DHCP running. Reboot the Fonera and verify you can ping outside hosts.

Install Support for SD Card over GPIO

# opkg update
# opkg install kmod-mmc-over-gpio
# opkg install luci-app-mmc-over-gpio

http://wiki.openwrt.org/doc/howto/mmc_over_gpio

GPIO Pin Mapping (via LuCI web-interface or „uci set“):

Parameter Setting
Name default
DI_pin 1
DO_pin 3
CLK_pin 4
CS_pin 7
Mode 0

Pinout of the SW1 connector on the Fonera:

.-----------,-------,-----------,---//---
| power     |       | serial    |
| connector |       | connector |
|-----------'       '-----------'
|
| o  SW1.1, GPIO3 -> SD/MMC MISO
| o  SW1.2, GPIO4 -> SD/MMC SCK
| o  SW1.3, n/a
| o  SW1.4, +3.3V -> SD/MMC VCC
| o  SW1.5, GPIO1 -> SD/MMC MOSI
| o  SW1.6, GPIO7 -> SD/MMC /CS
| 
| o   o     GND   -> SD/MMC GND (either of the 5 pins is okay)
|   o
| o   o
'------------//----

Note: GPIO3 and GPIO1 could be switched but the connection to the SD card is labeled correctly.

Software & Configuration

Serial Port Configuration: stty

# opkg update
# opkg install coreutils-stty

init.sh

On systems without persistent storage (like the old dd-wrt version used with portal 1.0) this script can be used to setup the environment at boot time. On the current system which does have a persistent overlay filesystem, the init.sh script can be used to do most of the initial setup.

TODO: check if serial port configuration (stty) is persistent across reboots.

SSH Keyfile Auth for root

Put the root SSH public key into /etc/dropbear/authorized_keys. This is done by init.sh.

Disable Password-Logins

Once SSH keys are setup and deployed, disable PasswordAuth in /etc/config/dropbear.

Network

  • remove wlan0 from the 'lan' bridge
  • create new zone 'portalwlan'
    • enable DHCP server
    • iface static 192.168.1.1/24
  • leave 'lan' zone as-is
    • no DHCP server
    • iface static 192.168.0.1/24

Services

Disable LuCI web-interface

# /etc/init.d/uhttpd disable
# /etc/init.d/uhttpd stop   

Disable password-based logins in /etc/config/dropbear

option PasswordAuth 'off'

Notable Tidbits

  • open/close users must have UID != 0
    Make sure the UID of the open/close users is different from '0'. Otherwise dropbear will expect your keyfile to be /etc/dropbear/authorized_keys. For UIDs other than '0' you can use ~/.ssh/authorized_keys.
    This is taken care of by by init.sh.
project/white_box/1.1.txt · Zuletzt geändert: 2011/11/05 03:04 von 94.216.248.197