OpenBSD 4.2 PF with flash-card as a disk?
Jordi Espasa Clofent
I think it would be a good idea to build a FW (OpenBSD 4.2+PF) with a
flash-card as a disk.
I see two related questions:
1) ¿How to make an OpenBSD regular instalation on flash-card?
2) ¿Is it needed a regular [P/S]ATA/SCSI disk if I plan no keep any logs
on local in the FW?
--
Thanks,
Jordi Espasa Clofent
RW
>Hi all,
>
>I think it would be a good idea to build a FW (OpenBSD 4.2+PF) with a
>flash-card as a disk.
>
>I see two related questions:
>
>1) ¿How to make an OpenBSD regular instalation on flash-card?
This really is not a pf question. However you will find that CF looks
like an IDE HDD.
Just go ahead and install as if it was a hard disk.
>2) ¿Is it needed a regular [P/S]ATA/SCSI disk if I plan no keep any logs
>on local in the FW?
No. Don't believe anybody that says you need to do special stuff with
CF. Some of us have tried, without success, to wear out a CF card.
If you want high reliability for many years either buy industrial grade
CF or throw them away after maybe a year. Throw them over here please
and I'll get another few years use out of them. :-))
A tip: In future you need to describe the hardware you have and what
you intend to use it for to get good answers. You have just used up all
of my mind-reading energy for about four weeks.....
Please reply only to the list. I can do without two copies of each
message.
Thanx,
Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device
Shane J Pearson
>>
>> I think it would be a good idea to build a FW (OpenBSD 4.2+PF) with a
>> flash-card as a disk.
>>
>> I see two related questions:
>>
>> 1) ¿How to make an OpenBSD regular instalation on flash-card?
>
> This really is not a pf question. However you will find that CF looks
> like an IDE HDD.
> Just go ahead and install as if it was a hard disk.
>
>> 2) ¿Is it needed a regular [P/S]ATA/SCSI disk if I plan no keep any
>> logs
>> on local in the FW?
>
> No. Don't believe anybody that says you need to do special stuff with
> CF. Some of us have tried, without success, to wear out a CF card.
Yes, I have been using the same two CF cards for my home firewall for
years. Alternating between them as I upgrade to the latest OpenBSD, so
that I can quickly fall back and have another backup if need be. I
can't kill them either.
At the moment I am using real SCSI disk in my firewall, but that is
only because my new Sun Blade 150 firewall is very picky about what
IDE drive it will work with (ie, none of my CF and only some disk
based IDE drives).
David Querbach
> >>flash-card as a disk.
> >>
> >>I see two related questions:
> >>
> >
> >This really is not a pf question. However you will find that CF looks
> >like an IDE HDD.
> >Just go ahead and install as if it was a hard disk.
> >
> >>logs
> >>on local in the FW?
> >
> >No. Don't believe anybody that says you need to do special stuff with
> >CF. Some of us have tried, without success, to wear out a CF card.
I've just recently built an OpenBSD firewall with a CF disk. It works just
fine -- the installation proceeds exactly as for a mechanical disk.
I do, however, use the mfsmount script
(http://stsx.xs4all.nl/www.stsx.org/software/openbsd/README.mfsmount.txt)
which puts /var on a RAM-disk and re-mounts / read-only. As mentioned
before, this precaution is probably unnecessary, but having the CF mounted
read-only ensures that no unwanted writes are occurring at all.
Even if you don't mount / read-only, you may wish to mount it noatime to
avoid access time updates every time a file is accessed. By minimizing
writes, you will also reduce the number of sometimes lengthy erase cycles
required by the underlying flash-ROM devices.
Regards,
David Querbach
Real-Time Systems Inc.
Rod Whitworth
>I've just recently built an OpenBSD firewall with a CF disk. It works just
>fine -- the installation proceeds exactly as for a mechanical disk.
>
>I do, however, use the mfsmount script
>
> (http://stsx.xs4all.nl/www.stsx.org/software/openbsd/README.mfsmount.txt)
>
>which puts /var on a RAM-disk and re-mounts / read-only. As mentioned
>before, this precaution is probably unnecessary, but having the CF mounted
>read-only ensures that no unwanted writes are occurring at all.
>
>Even if you don't mount / read-only, you may wish to mount it noatime to
>avoid access time updates every time a file is accessed. By minimizing
>writes, you will also reduce the number of sometimes lengthy erase cycles
>required by the underlying flash-ROM devices.
>
In many small systems, Soekris for example, RAM is sometimes scarce.
When I see people using MFS in that situation and then creating a swap
partition in MFS too, I fall about laughing.
I don't think you suggested that, but you reminded me of it, so thanks
for brightening up my day by oblique reference.
David Querbach
> In many small systems, Soekris for example, RAM is sometimes scarce.
> When I see people using MFS in that situation and then creating a swap
> partition in MFS too, I fall about laughing.
Yes, that would indeed be silly.
I'm fortunate that my WRAP board has 128M of RAM, so I can set aside 16M or
32M without any problem, of which only about 4M is actually used by /var.
In its current configuration, my system has 69M RAM free, so there's room
for expansion of either executables or MFS.
> I don't think you suggested that, but you reminded me of it, so thanks
> for brightening up my day by oblique reference.
Anytime.