Building a BeagleBone Firewall: Part 3

We have now finished flashing the eMMC (built in smartcard) on the BeagleBone from Debian to Ubuntu. Next we will make a microSD card also boot Ubuntu.

I was asked by a reader, “why did we flash the eMMC if we are going to use the microSD the drive our firewall runs on?”    My previous explanation apparently wasn’t as clear as I intended, so I will try to be more succinct.  So here are my reasons:

  1. I am no longer fond of the official Debian installation
  2. I do not wish to have the distribution on the eMMC be different than the one on the microSD
  3. I don’t want to wear out the eMMC, so I wish to use it as a recovery option, rather than the main OS drive, after all a microSD is very easy to replace.

Back to building the firewall.

Download the image for the microSD card

wget https://rcn-ee.net/deb/microsd/trusty/bone-ubuntu-14.04-console-armhf-2014-08-13-2gb.img.xz

The MD5 sum is 3a5c1d6e85e3b9d7c2f9133fa6197097 should you wish to check it.

Flash the card like before, using dd or other image writer. We can simply write over the top of the card we used for flashing the eMMC, because that was only needed the 1 time.

Once this is done, hook up your keyboard, monitor, mouse, USB network adapter,  place the microSD into the BeagleBone, and power it up.

Now it is time to make sure the software is up-to-date.

 

Building a BeagleBone Firewall: Part 2

Since writing part one, this article was brought to my attention, it compares the Arduino, Raspberry Pi, Intel Galileo, and BeagleBone Black.   It pretty much shows the computing power of the BeagleBone and price are unbeatable.

I am affectionately calling this project “BeagleWall” for lack of a better term.  If you haven’t checked out the shopping list, and want to follow along, I suggest you do so.  BeagleBones are often back-ordered.

So lets get started. First, we don’t really have to install a new OS.  The BeagleBone comes with Debian pre-installed on its 4GB of eMMC (think of this as a permanent jump drive built onto the board).  I have a few reservations about using this as the main OS drive though.

When doing my research about flashing a new OS to the eMMC, I found that one of the errors that could happen was a result of “too many writes”.   Flashing is the term used to refer to re-writing the preloaded memory, such as your phone’s operating system,  computer BIOS, wireless router firmware or similar devices, so that the functionality is somehow changed.  An example of flashing is when you upgrade an iPod/iPad/iPhone to a new version of iOS or your carrier updates your phone to a new version of Android.  As if the “too many writes” error weren’t enough of a reason, when I booted from a microSD, I wasn’t able to mount the eMMC in write mode, which means no recovery without re-flashing the whole OS.

With that in mind, and the fact that I prefer Ubuntu, I decided the best course of action was to put Ubuntu on the eMMC and use a microSD card, that way if things fail to boot, it will still boot from eMMC, and allow me to mount the microSD and recover.

For something like a firewall or other server, I would never suggest anything other than the “Long Term Support” (LTS) releases from Ubuntu.

If you aren’t familiar with Ubuntu you might get confused by the names and version numbers.  Ubuntu names its releases with alliterations and animal names, such as Karmic Koala, Lucid Lynx, Precise Pangolin, and they are doing it alphabetically (or have been since Dapper Drake).  They number the releases by year and month of release.  Thus 12.04 was named Precise Pangolin, and released in April of 2012.

At the time of this writing, Trusty Tahr (14.04) is the most recent release of  release of Ubuntu with Long Term Support, released in April 2014, and specifically sub-release one, so it is numbered 14.04.1, and will be supported until April 2019.

I would prefer to have the same OS on both the eMMC, and the microSD card, for my own sanity.  Because flashing the eMMC is done from the microSD, we will do that first.

First, go download the image you can do it with wget if you are using Linux.   The MD5 sum is 06f12f0168946cf302e2f6b32e07e007, if you wish to validate the integrity of the file.

wget https://rcn-ee.net/deb/flasher/trusty/BBB-eMMC-flasher-ubuntu-14.04-console-armhf-2014-08-13-2gb.img.xz

If you are using Windows, you will have to unzip the file using 7-zip.

Write the image to your microSD card using dd, or something like Win32DiskImager.   To use do this on my Linux machine, it looks like

dd if=BBB-eMMC-flasher-ubuntu-14.04-console-armhf-2014-08-13-2gb.img of=/dev/sdb

For the next part you don’t even need to hook up a monitor.  Just plug in the freshly flashed microSD into your BeagleBone, and add power.  The lights will flash sequentially, and then all come on solid.  Once that happens, disconnect the power, remove the microSD.  That is all there is to flashing the new OS to the eMMC.

At this point, I suggest booting up the new OS.  Simply connect, the monitor, keyboard and mouse, and apply power.

The default username and password are

Username ubuntu
Password temppwd

If you want, you can change the default password, sign-in and change the password.  You can also become root by using the command

sudo -i

It will prompt your for your password, and then you can use the same steps to change the root password.

Now it is time to make the microSD card in to an Ubuntu system, this is where we are going to put our firewall.

 

Building a BeagleBone Firewall: Shopping List

As prices change, and parts change, this will likely be outdated very quickly.

Other items you will NEED but may have lying around, the BeagleBone only has a single USB connection, so if you want to connect the ethernet and a keyboard, you will need the hub, but you may or may not want the mouse.

  • Monitor that accepts HDMI
  • USB Hub, I recommend a POWERED USB 3 Hub, this way you could run a high-power WiFi antenna and, turn this setup into a WiFi access point as well.
  • USB Keyboard
  • USB Mouse
  • microSD card Reader

I will be using Ubuntu Linux to do all the work with the microSD, so dd is all I need. However, if you are running Microsoft Windows®, you will need a raw image writer, such as Win32DiskImager and an SSH client such as Putty.

Building a BeagleBone Firewall: Part 1

First, a firewall and routers are 2 separate entities. Many consumer Wi-Fi devices have both a router, and a firewall built in. The problem with these devices is that they often fail to be patched on a regular basis, so if they are susceptible to something like HeartBleed or ShellShock, you have no recourse but to buy new hardware.

The new craze of credit-card sized computers like the Raspberry Pi, Arduino, and BeagleBone Black gave me the idea of making my own, extremely cheap, dedicated firewall/router device.

Being a fan of Linux, and the fact that iptables is a great firewall, I wanted to go with Linux for the OS. I personally like Debian, and have for many years, and thus am very comfortable with it. However, the IceWeasel fiasco made me abandon Debian, in favor of Ubuntu.

I had originally thought of using Raspberry Pi, because it is a very cheap device, and it has a version of Debian Linux (known as Raspbian). Upon further research though, I found that the Raspberry Pi (Rev B+) uses a Broadcom BCM2835 (reports as an ARM6) processor. This presents a problem, to be fully supported by Debian, it needs to be an ARM7 or better. The lack of support became a major issue, as it appeared that HeartBleed wasn’t patched. In truth, it was indeed patched, but it was enough to make me look at what else wasn’t up to date. Upon looking, I found that many packages were not updated. So, for this purpose, the Raspberry Pi was eliminated. Though it maybe be useful for other projects (a web-service for random numbers, or Roku like media device spring to mind).

So, I started looking at the BeagleBone Black, and immediately saw that I found exactly what I was looking for. A 1GHz AM335x 1GHz ARM® Cortex-A8 (reports as an ARM7) processor, which means full distribution support from Debian, and thus Ubuntu. It also has plenty of RAM, built in non-volatile memory with Debian already installed, and much more. With all this, I didn’t even look into the Arduino.

In the following posts, I will discuss the actual steps to the installation of the OS, setup of iptables and more.

If you are interested, here is the Shopping List.

 

Check back for Part 2