Fred Cirera

The cool thing about mini Zonbu machines is that they have a good CPU, a lot of memory and low power consumption. OpenBSD makes them a very good candidate to become a nice little secure network appliance. For the past few weeks, I have been using mine as home router / firewall / DNS server with anti ad / NTP server.

Here is the latest version of the bootable image zonbu.ing.gz I am using on my home router to do all these tasks.

How to install

The first thing you need to do is to find an another flash card. You don’t want to use the flash card you are using to boot your Zonbu. The flash contains the Zonbu OS (linux) and if you erase this flash card you will not be able to boot your device with linux.

After downloading the image from http://fred.velvnet.com/zonbu.img.gz you need to unzip it. In Unix based systems, such as MacOS, you can use dd to copy the image on your new flash. On windows systems you can use the program RAWRITE.EXE to create a copy of the image on the flash drive. The flash card must be at least 64Mb.

# dd bs=32k if=zonbu.ing of=/dev/sd0a

You can now boot your Zonbu with your new flash card, as shown on the picture below.

First things first

After booting you can login as root using the default password zonbu. The first thing you need to do is to change the password.

Last login: Thu Aug 14 23:21:30 2008 on console
# rw
# passwd root
Changing local password for root.
New password:
Retype new password:
# ro

The command rw puts your device in read/write mode so your changes can be written on the flash drive. passwd root is the command you use to change the admin password. The command ro puts your device back in read only mode.

Using nsh

There is one command called nsh you can use to configure your appliance. If you are used to Cisco routers, you should feel right at home using nsh. After login as root using your new password you just start nsh.

After starting, nsh gives you a prompt with the host name followed by the mode you are in, and by the character /

zonbu/_

nsh is running and the host name is zonbu

zonbu(p)/_

You are in privileged mode

zonbu/(interface-rl0)/_

You are configuring the network interface rl0

At any time you can type help or ? to show the help for the mode you are in, or for a command.

To actually change the configuration, you need to be in privileged mode. The command enable will put you in that mode.

login: root
passwd: 
Last login: Thu Aug 14 23:24:50 2008
# nsh
% NSH v20080426
zonbu/help
% Commands may be abbreviated.
% Commands are:
  show        Show system information
  enable      Enable privileged mode
  ping        Send ICMP echo request
  traceroute  Print the route to host
  ssh         SSH connection to remote host
  telnet      Telnet connection to remote host
  verbose     Set verbose diagnostics
  editing     Set command line editing
  who         Display system users
  ?           Print help information
  quit        Close current connection
zonbu/enable
zonbu(p)/

Configure your Zonbu

To use the device, you need to set its IP address and the default route. Once you are in privileged mode, type the commands interface rl0 to configure the network interface of your zonbu device. The command ip followed by the IP address will set the IP address of this network interface. You can enter the IP address in the form of CDIR or the IP address followed by the net mask.

Then type ctrl-D to leave the interface configuration mode and return to privileged mode. You can now configure your route, and save this configuration using the command write-config

zonbu/enable
zonbu(p)/interface rl0
zonbu(interface-rl0)/ip 172.16.2.50/24
zonbu(interface-rl0)/^D
zonbu(p)/route 172.16.2.0/24 172.16.2.1
zonbu(p)/write-config
% Saving configuration
zonbu(p)

That’s all you need to do! You can reboot your new zonbu device with the command reload. After a couple of minutes the zonbu will be up and running, ready to serve DNS and NTP requests.

# ntpq -nc peers 
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+64.242.84.204   192.83.249.28    3 u    8   64  377   28.809  -19.008   5.203
+217.160.254.116 192.5.41.40      2 u    4   64  377  100.362  -27.057   7.013
-216.184.20.83   192.43.244.18    2 u    8   64  377   74.939   -3.026   4.805
*208.75.88.4     164.67.62.194    2 u    6   64  377   24.404  -11.039   5.276

Ad Blocker

By default, your new Zonbu DNS cache will also act as an ad blocker. The DNS will not resolve the IP addresses for advertising services or for companies that gather information about your surfing habits, such as doubleclick, or realmedia.com. Every night the list of the domain names to block is automatically updated from http://pgl.yoyo.org/adservers/

# ping -c 2 www.yahoo.com
PING www.yahoo-ht3.akadns.net (209.131.36.158): 56 data bytes
64 bytes from 209.131.36.158: icmp_seq=0 ttl=55 time=16.201 ms
64 bytes from 209.131.36.158: icmp_seq=1 ttl=55 time=14.230 ms
--- www.yahoo-ht3.akadns.net ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 14.230/15.215/16.201/0.993 ms
#
# ping -c 2 www.doubleclick.com
PING www.doubleclick.com (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=255 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=255 time=0.039 ms
--- www.doubleclick.com ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.039/0.046/0.053/0.007 ms
# 

Zonbu flash image on regular PC

This image is specifically tailored to run on a Zonbu machine, but it can also run on a regular PC.

You just need to replace your boot disk C: by a flash to IDE adapter. This adapter costs around $15.