James' Tech Blog

So why would anyone choose debian over OpenWRT on their Seagate Dockstar? Why go with OpenWRT? Let me clutter the internet with my opinions:

Why Debian:

You can make an actual “computer”. All you need is either some kind of USB LCD or USB VGA adapter and you have a display pretty easy. Well, LCD would not be that practical, you might as well have OpenWRT then. Some guy got on engadget for doing this. Big deal, I hacked an Xbox powersupply to power my dockstar and 2 harddrives! Come on engadet!!!

You want to use programs that aren’t compiled for OpenWRT. In my case, there is no mythtv package for OpenWRT let alone all it’s dependencies.

You feel more comfortable with a “real” distro. OpenWRT is real, but debian is meant to be played around with so it’s geared toward the “middle-of-the-road” end-user.

You have some special USB gadgets that require kernel modules that OpenWRT doesn’t have.

Why OpenWRT:

It will fit many times over in the NAND! Even with a lot of packages it will only take 8MB. This leaves more USB ports open for drives. Also, you don’t need to worry about the bootloader cause it’ll just boot the NAND.

You’re making a headless server, like how it’s supposed to be. Even using a USB drive, you can make a pretty robust server out of these things. I think I saw someone use it as an asterisk backend. If all you want is file and print sharing debian is total overkill (so is OpenWRT).

With the right wireless adapter you could turn this into a wireless router with a gigE port.

You want a proxy on your network. You could easily set this up using squid. If all you needed was a proxy, again, debian would be overkill.

You know what you’re doing and know that OpenWRT is really flexible, especially if you have the build system setup.

Otherwise, it’s not really going to matter. Debian isn’t built with all the gcc flags that could speed up programs or reduce their memory requirements, I’m not sure if OpenWRT build with a lot either probably just -Os for smaller binaries. The only way you’re going to see a lot of improvements is if you use NAND instead of some slow USB harddrive. Well, add your opinions in the comments!

You might have seen my Seagate Dockstar post that explained getting Gentoo and Debian running on my Seagate Dockstar. Sorry, I just finished it now cause I have some follow-up stuff going right now. Well, Gentoo and Debian is not enough! I wanted OpenWRT as well. They have been working on sheeva support for awhile now. I was a little weary because their sheeva install seemed like it would write to the flash. This made me nervous because I’m using the secondary u-boot from plugapps which lives in mtd3 right where OpenWRT would like to install! So I hadn’t done it yet, just poke around a bit.

Like every good idea (or bad idea), you can find someone who’s tried it on the internet.Installing OpenWrt on Seagate DockStar HOWTO Now we’re getting somewhere. Kinda like Jeff’s Debian install, it’s mostly about stuff that I either already did or don’t want to do. Specifically skip everything until Building cause that’s where the magic is. Yeah, prebuilt images are nice, but I didn’t want to boot from flash. I wanted to boot from USB. I have been working on getting my WRT54g-L to boot off GPIO-SD so I had configured and built OpenWRT before. Follow the steps, but make sure to make root tar and build in ext2 and USB. I tried to use the patches, but it wouldn’t compile with them so I took them out.

With the OpenWRT built. I untarred it onto a USB thumbdrive that was ext2 (and only 128MB). Plugged it in and rebooted. Oh yeah, I got a FTDI usb-serial cable. I made a little header board to adapt a cable coming off the serial port to the 6-pin FTDI. I watched the boot through the serial port. It went perfect, except there were these weird messages about cowardly not committing jffs. Whatever! My flash is intact and OpenWRT is happy from the USB. I built some “usefull” stuff into my image like openssh instead of dropbear. Changed the default IP address, cause otherwise it would clash with my router.

Then pretty much do normal OpenWRT stuff. It would be cool to get a USB-wireless and USB-wired to run a dockstar as a router. Then you could have and 802.11n wireless and gigabit on the LAN! Awesome.

This is the second post in the series “Remote admin your mama’s gentoo boxen” This post I will be going over how I am going to handle the “dynamic” IP address on the WAN of my router. I say “dynamic” because I’m not really sure how dynamic it is. It’s likely only dynamic in the way that Comcast could give it to someone else (like if they wanted to pay for it) and there’s nothing I could do about it (unless I told them I would pay more for it!).

You probably just said to yourself, “DyDNS! Don’t they have services for that already?” The answer is yeah, they do, if you want your router to have a URL and probably be poked at more. Oh and dydns has sent me emails before about my IP not being “dynamic enough” and that I should “use static registration!” Besides, this way I can encrypt my IP not only when I update it, but when the client retrieves it. Not to mention client authentication.

Here is the scheme:

Router runs ash script reporting IP to remote server

Server does it’s thing and records IP

Client runs bash script getting IP from remote server

From there the client knows the router IP and can connect with reverse SSH.

Here comes some code. I would have prefered to write this in PERL but my router doesn’t have PERL! Also, less dependencies on client. Everyone has a shell. I decided to send the IP as hexadecimal without separators. As I’m not really proficient at shell scripts I looked up how to convert IP’s to hex: http://blog.mecworks.com/articles/2007/07/05/bash-scripting-tip-convert-ip-address-to-hex/ I did some fun stuff for the client. It probably looks horrible, but it should work.

First up is the router script:

#!/bin/sh
SUCCESS=1
while [ $SUCCESS -eq "1" ]
do
RTR_IP=`ifconfig eth0.1 | awk -F "[: ]+" 'NR==2 {print $4}'`
UPDATE_IP=`printf '%02X' ${RTR_IP//./ }; echo`
SUCCESS=`wget -q -O - "http://www.ultravstudios.com/myphpscript.php?update=$UPDATE_IP"`
sleep 5
done

I’ll break it down for y’all. It loops until it works. We use ifconfig to get the IP of WAN (eth0.1), use printf to turn it into 8 character hexadecimal, send it to the special secret PHP page. The PHP page will return a value 0 on success 1 on error. Next is client side

#!/bin/bash
GET_IP=`wget -q -O - "http://www.ultravstudios.com/myphpscript.php?get=0"`
K=`printf "%d". "0x"${GET_IP:0:2} "0x"${GET_IP:2:2} "0x"${GET_IP:4:2} "0x"${GET_IP:6:2}`
RTR_IP=$(echo ${K%\.})

So this one’s really easy.  Get the value from the special secret PHP page. Turn it back to decimal with period separators. Chop the last period off. Okay, so that’s just the part to retrieve the IP. Next is my PHP code for the remote server. It seems like WordPress doesn’t like me adding php tags?!

$filename = "supersecretfilename";
//open file and get old ip
$file = fopen($filename, 'r');
$old_ip = fgets($file);
if ($_REQUEST['get'] == "0") {//the client does want the ip
print $old_ip;
fclose($file);
return;
}
//so the rest means that the client does not want ip
if (is_null($_REQUEST['update']) || $_REQUEST['update'] == "") {//there is not data
fclose($file);
print "1"; //tell client there was error
}
elseif ($_REQUEST['update'] == $old_ip) {
//there was no update close file and return
fclose($file);
print "0";
return;
}
else {//ip is new
fclose($file);
$file2 = fopen($filename, 'w');
fwrite($file2, $_REQUEST['update']);
fclose($file2);
print "0";
}

Apparently I comment my php code more than my bash! So it’s pretty dumb right now. There is no authentication, no encryption, very few fail-safes. If my router is somehow having problems updating the IP, like the script doesn’t work, it will try forever until it works. I assure you, this is just the beginning, a quick hack to get things rolling.

So a couple years ago before I moved to NorCal I setup a computer for my mother. I did it with the intention that she would be able to use the webcam to communicate with my sister/nephew/niece in NorCal. I tried Ubuntu and got nowhere cause it just didn’t work. So I said screw it, I’ll throw Gentoo on it. It works great, but it’s hard to admin 2000 miles away. A year ago I did the big ’emerge -avu world’ took a couple days.

Long story short my brother said the other day he’s going to setup a WinXP boxen for her! WinXP are you kidding? So she can use Skype? You know Linux Skype does video right? Well I can fix that! And my mama’s Gentoo box! I have a pretty good scheme for how to do it with _minimal_ help from anyone actually in front of the machine.

Here’s the scheme:

Mama boxen gets IP addy for my router

Mama boxen reverse ssh into my router

I ssh into Mama boxen through router. Point-to-point encryption! Secure tunnel through 2 NATs and at least 4 firewalls!

I start fixing stuff (I’m going to setup a change-root on my machine so that I can build packages for her and just send binaries instead of having Mama boxen compile everything, well maybe the kernel)

Get VPN to my router, Skype, TightVNC, etc running so that I can kick more ass with remote admin.

Tell my brother’s not to worry about Mama boxen!

First I setup my router, an important aside my WRT54GS is running Openwrt Kamikaze 8.09,  to accept keys for ssh connection that way shell script can run without password input. I added a user to /etc/passwd and /etc/groups and put my new key into it’s .ssh/authorized_keys. Next I need to open up the firewall to allow connection to dropbear over WAN. I’m going to wait till I actually need that though.

Moving forward: I am going to have a script to update a special PHP script (on this website) with my public IP every so often. Then make a script to get the public IP from special PHP script and open reverse ssh tunnel with router using new user.

Once that’s done I will be able to ssh into Mama boxen through router and it should be pretty straight forward from there. Kernel updates are worrying me, but GRUB can have if/then, file exists kinda stuff so I should be able to work something out for that. Stay tuned for more and alot more specifics.