2.3. Working with a running file system with pxe boot

This is the oldest section of the hacking guide. It is also the only way to fully access the filesystem of a running firewall. This is because the filesystem is on another computer that the firewall pxe boots from. Setting up a firewall for pxe boot, and setting up the tftp server is outside the scope of this document, and let to the reader.

Note

This section is woefully out of date, and need a lot of correction. It was compiled before the buildscripts automated much of the SmallWall image building. It will continue to refer to "m0n0wall" until it is updated.

2.3.1. The Kernel

In order to get m0n0wall to build we have to compile the kernel for m0n0wall using the kernel config file as found on http://m0n0.ch/wall/downloads. Place this config file (M0N0WALL_NET45XX) in /usr/src/sys/i386/conf. Now build the kernel:

cd /usr/src/sys/i386/conf; config M0N0WALL_NET45XX
cd /usr/src/sys/compile/M0N0WALL_NET45XX; make depend all          
strip kernel         
strip --remove-section=.note --remove-section=.comment kernel
gzip -9v kernel

Copy the kernel to /tftpboot:

cp kernel.gz  /tftpboot

2.3.2. The Modules

cd /usr/src/sys/compile/M0N0WALL_NET45XX; make modules

Then, move the needed modules to the modules directory in the m0n0wall root filesystem. In the pb8 version of m0n0wall the following modules are needed:

dummynet.ko
ipfw.ko

These newly-built modules can be found in /usr/src/sys/compile/M0N0WALL_NET45XX/modules/usr/src/sys/modules. modules directory).

2.3.3. The root filesystem

Fetch the root filesystem tar file from the m0n0wall web site to a directory, uncompress and untar. The contents of this directory will be in the root of the target system later on. In this just created directory you will be making the changes you like. As we will not not have mounted compact flash card on-line (under /cf), (you could, just put it in, but make sure it boots from the net instead of the flash) we will have to relocate the (default) config file in the root directory:

mkdir cf/conf ; cp conf.default/config.xml cf/conf

Now make a tarfile again to be put onto the to imagefile:

tar cfz ./rootfs.tgz <path to your rootfs-dir>

Now, you can create an imagefile (mfsroot) from this rootfilesystem. This imagefile has to be put into /tftpboot to be downloaded during boot.

dd if=/dev/zero of=./mfsroot.bin bs=1k count=10240
vnconfig -s labels -c vn0 ./mfsroot.bin
disklabel -rw vn0 auto
newfs -b 8192 -f 1024 /dev/vn0c

Now mount this file as device and copy the m0n0wall root filesystem in:

mount /dev/vn0c /mnt
cd /mnt
tar xfzP rootfs.tgz
cd /
umount /mnt
vnconfig -u vn0

Now your file mfsroot.bin file is the rootfilesystem image. When this image is put into /tftpboot it will be loaded and unpacked in memory once the kernel boots.

mv mfsroot.bin /tftpboot

2.3.4. For the impatient

Another way to get the kernel.gz file without compiling is extracting it from the net45xx-pbxrxxx.bin.gz image. To do just that, uncompress the image file and mount it as device under /mnt.

The net45xx-pbxrxxx.img files have also to be uncompressed first (check with file < filename >) . Just append a .gz at the filename and gzip -d the resulting file.

gzip -d net45xx-pbxrxxx.bin.gz
vnconfig -s labels -c vn0 ./net45xx-pbxrxxx.bin
mount /dev/vn0a /mnt
cp /mnt/kernel.gz /tftpboot
umount /mnt
vnconfig -u vn0

The root file system is also in the abovementioned image as the file mfsroot.gz. You can use this file to reconstruct the root file system by uncompressing and mounting it as device /dev/vx0c under /mnt.

gzip -d mvfsroot.gz
vnconfig -s labels -c vn0 ./mfsroot
mount /dev/vn0c /mnt
cd /mnt
tar cvf /tmp/mfs.tgz .
umount /mnt
vnconfig -u vn0
cd 
tar xvfzP /tmp/mfs.tgz

2.3.5. The loader and pxe config

The bootloader has to be available in the /tftpboot directory and has to be configured to load kernel.gz and the mfsroot.bin file. To do that make the following changes to the loader and configure pxeboot: create the following files: loader.conf:

rootfs_load="YES"
rootfs_name="mfsroot.bin"
rootfs_type="mfs_root"
autoboot_delay=1

loader.rc:

include /boot/loader.4th
start

and populate the /tftpboot directory:

mkdir -m 0755 -p /tftpboot/boot/defaults
cp -p /boot/loader /tftpboot/boot/
cp -p /boot/*.4th /tftpboot/boot/      
cp -p /boot/defaults/loader.conf /tftpboot/boot/defaults/
cp -p loader.conf loader.rc /tftpboot/boot/
chown -R root:wheel /tftpboot

2.3.6. GO

Now boot the stuff....

Remember to turn on dhcp (if needed):

/usr/local/sbin/dhcpd

Now you can test you m0n0wall system. If you edit / cange something in the root filesystem, or build a new kernel, do not forget to update your mfsroot.bin or kernel.gz file in the /tftpboot directory. Also remember that you have a virtual read-only memory filesystem, (nothing will be written back to the mfsroot.bin file on the host) and no flash, so changes in configuration will not be stored.