Blog Rss FeedThe cool thing about mini Zonbu machines is that they have a good CPU, a lot of memory and low power consumption. OpenBSD makes them a very good candidate to become a nice little secure network appliance. For the past few weeks, I have been using mine as home router / firewall / DNS server with anti ad / NTP server.
Here is the latest version of the bootable image zonbu.ing.gz I am using on my home router to do all these tasks.
How to install
The first thing you need to do is to find an another flash card. You don’t want to use the flash card you are using to boot your Zonbu. The flash contains the Zonbu OS (linux) and if you erase this flash card you will not be able to boot your device with linux.
After downloading the image from http://fred.velvnet.com/zonbu.img.gz you need to unzip it. In Unix based systems, such as MacOS, you can use dd to copy the image on your new flash. On windows systems you can use the program RAWRITE.EXE to create a copy of the image on the flash drive. The flash card must be at least 64Mb.
# dd bs=32k if=zonbu.ing of=/dev/sd0a
You can now boot your Zonbu with your new flash card, as shown on the picture below.
First things first
After booting you can login as root using the default password zonbu. The first thing you need to do is to change the password.
Last login: Thu Aug 14 23:21:30 2008 on console # rw # passwd root Changing local password for root. New password: Retype new password: # ro
The command rw puts your device in read/write mode so your changes can be written on the flash drive. passwd root is the command you use to change the admin password. The command ro puts your device back in read only mode.
Using nsh
There is one command called nsh you can use to configure your appliance. If you are used to Cisco routers, you should feel right at home using nsh. After login as root using your new password you just start nsh.
After starting, nsh gives you a prompt with the host name followed by the mode you are in, and by the character /
zonbu/_
nsh is running and the host name is zonbu
zonbu(p)/_
You are in privileged mode
zonbu/(interface-rl0)/_
You are configuring the network interface rl0
At any time you can type help or ? to show the help for the mode you are in, or for a command.
To actually change the configuration, you need to be in privileged mode. The command enable will put you in that mode.
login: root passwd: Last login: Thu Aug 14 23:24:50 2008 # nsh % NSH v20080426 zonbu/help % Commands may be abbreviated. % Commands are: show Show system information enable Enable privileged mode ping Send ICMP echo request traceroute Print the route to host ssh SSH connection to remote host telnet Telnet connection to remote host verbose Set verbose diagnostics editing Set command line editing who Display system users ? Print help information quit Close current connection zonbu/enable zonbu(p)/
Configure your Zonbu
To use the device, you need to set its IP address and the default route. Once you are in privileged mode, type the commands interface rl0 to configure the network interface of your zonbu device. The command ip followed by the IP address will set the IP address of this network interface. You can enter the IP address in the form of CDIR or the IP address followed by the net mask.
Then type ctrl-D to leave the interface configuration mode and return to privileged mode. You can now configure your route, and save this configuration using the command write-config
zonbu/enable zonbu(p)/interface rl0 zonbu(interface-rl0)/ip 172.16.2.50/24 zonbu(interface-rl0)/^D zonbu(p)/route 172.16.2.0/24 172.16.2.1 zonbu(p)/write-config % Saving configuration zonbu(p)
That’s all you need to do! You can reboot your new zonbu device with the command reload. After a couple of minutes the zonbu will be up and running, ready to serve DNS and NTP requests.
# ntpq -nc peers
remote refid st t when poll reach delay offset jitter
==============================================================================
+64.242.84.204 192.83.249.28 3 u 8 64 377 28.809 -19.008 5.203
+217.160.254.116 192.5.41.40 2 u 4 64 377 100.362 -27.057 7.013
-216.184.20.83 192.43.244.18 2 u 8 64 377 74.939 -3.026 4.805
*208.75.88.4 164.67.62.194 2 u 6 64 377 24.404 -11.039 5.276
Ad Blocker
By default, your new Zonbu DNS cache will also act as an ad blocker. The DNS will not resolve the IP addresses for advertising services or for companies that gather information about your surfing habits, such as doubleclick, or realmedia.com. Every night the list of the domain names to block is automatically updated from http://pgl.yoyo.org/adservers/
# ping -c 2 www.yahoo.com PING www.yahoo-ht3.akadns.net (209.131.36.158): 56 data bytes 64 bytes from 209.131.36.158: icmp_seq=0 ttl=55 time=16.201 ms 64 bytes from 209.131.36.158: icmp_seq=1 ttl=55 time=14.230 ms --- www.yahoo-ht3.akadns.net ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 14.230/15.215/16.201/0.993 ms # # ping -c 2 www.doubleclick.com PING www.doubleclick.com (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.053 ms 64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.039 ms --- www.doubleclick.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.039/0.046/0.053/0.007 ms #
Zonbu flash image on regular PC
This image is specifically tailored to run on a Zonbu machine, but it can also run on a regular PC.
You just need to replace your boot disk C: by a flash to IDE adapter. This adapter costs around $15.