Subject: HOWTO install NetBSD 1.6.1 on a Cobalt Qube2 PREVIEW
To: None <port-cobalt@NetBSD.ORG>
From: Andreas Fuchs <fox@tcnet.ch>
List: port-cobalt
Date: 01/12/2004 13:39:20
Hi an updated version of my howto, comments, updates, drinks welcome

********************************************************************
HOWTO install NetBSD 1.6.1 on a Cobalt Qube2

I try to write a guide how to get NetBSD running on a Cobalt Qube2
And how to configure the Qube as a gateway to an ADSL moden
I'm not native english speaker so sorry for the "writing style"

Version 0.5	10.1.2004 Andreas Fuchs, fox@tcnet.ch

	  	portions from Daniel Ouellet and many others on the
		port-cobalt@NetBSD.ORG mailing list

		speciall thank to Dennis Chernoivanov for the great
		recovery cd image

- Get the rescue-cd image from:
	ftp://ftp.netbsd.org/pub/NetBSD/arch/cobalt/restore-cd/1.6.1

- Burn this iso image to a cd
- Boot a machine which has network connection to your Qube2 with this CD
- follow the instructions and whatch the display on the Qube2

	make shure you have only one dhcp server in your network,
	otherwise the Qube might pick up a wrong ip-address or just not install

- the qube will reboot when finnish and display his ip-address
- telnet to your Qube

- set a root password
	passwd

- if you disable dhclient do not forget to configure an ip-address!
	edit /etc/ifconfig.tlp0
		inet 192.168.1.3 netmask 255.255.255.0

	Above, your network card may be different, but look your dmesg to be safe.
	Mine is tlp0 and tlp1

- edit /etc/hosts
	ip-address	hostname	hostname.yourdomain.ch

- add at least one nameserver to /etc/resolv.conf
	search yourdomain.ch
	nameserver a.b.c.d
	nameserver d.e.f.g

- configure /etc/rc.conf to something like
	hostname="qube"
	defaultroute=192.168.1.1
	#
	dhclient=NO
	nfs_client=NO
	paneld=YES
	inetd=NO
	sshd=YES


- either give root access to ssh (change /etc/ssh/sshd_config) or better add
a second user
	useradd -m nerd
	passwd nerd

- start/stop services
	/etc/rc.d/sshd start
	/etc/rc.d/dhclient stop
	/etc/rc.d/inetd stop

- test your ssh connection NOW, to make shure that you have access to the
box after reboot

- reboot and have fun


- to get some more software
	setenv PKG_PATH ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6/cobalt/All
	pkg_add -v the_package

  i do
	pkg_add -v bash; usermod -c "" -s /usr/pkg/bin/bash root; /usr/pkg/bin/bash
	export PKG_PATH=ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6/cobalt/All
	pkg_add -v apache

  look at the above directory to see what else is available


- to get other tools and application install which are not available as pkg,
install pkgsrc
	setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	setenv CVS_RSH ssh
	cd /usr
	cvs checkout -P pkgsrc
  this will take some time, depending on your internet speed...

  then install
	cd /usr/pkgsrc/pkgtools/pkg_install; make install
	cd /usr/pkgsrc/security/audit-packages; make install
	/usr/pkg/sbin/download-vulnerability-list

	and i install:
	cd /usr/pkgsrc/sysutils/adjustkernel; make install
	echo ACCEPTABLE_LICENSES+=fee-based-commercial-use >> /etc/mk.conf
	cd /usr/pkgsrc/security/openssl; make install
	cd /usr/pkgsrc/net/wget; make install

	and some other usefull stuf, for more info
	http://www.netbsd.org/Documentation/software/packages.html#using-pkgsrc


- to later update pkgsrc info run:
	setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	setenv CVS_RSH ssh
	cd /usr/pkgsrc
	cvs -q update -dP
	/usr/pkg/sbin/download-vulnerability-list


- to compile your own kernel get the src tarball from
	cd /
	wget ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-1.6.1/source/sets/syssrc.tgz
	tar -xvzf syssrc.tgz
	cd /sys/arch/cobalt/conf

  if you have some card in the pci slot run
	adjustkernel -file GENERIC -outfile QUBE2IPF
  otherwise you can just copy
	cp GENERIC QUBE2IPF

  edit QUBE2IPF, i set the following options

	lcd0		at mainbus?			if it's not already there

	options         GATEWAY
	options         IPSEC
	options         IPFILTER_LOG
	pseudo-device   ipfilter
	pseudo-device   pppoe

  if you wish you can disable scsi to make the kernel smaller
	#options        SCSIVERBOSE
	#ahc*           at pci? dev ? function ?
	#scsibus*       at ahc?
	#sd*            at scsibus? target ? lun ?
	#st*            at scsibus? target ? lun ?


 then run
	wget http://only.mawhrin.net/~cdi/netbsd/cobalt/hd44780.diff.gz
	gzip -d hd44780.diff.gz
	cd /sys
	patch -p1 < /sys/arch/cobalt/conf/hd44780.diff
	cd -

  and finally
	config QUBE2IPF

	cd ../compile/QUBE2IPF
	make depend
	make

  if you got no error you have a new kernel! (will it boot? let's try)

	mv /netbsd /netbsd.orig
	cp netbsd /

  here are some more details
	http://www.netbsd.org/Documentation/kernel/#how_to_build_a_kernel
	http://www.netbsd.org/guide/en/chap-kernel.html

- if boot fails, you have to a) start at top or b) connect a serial cable to
the Qube
  if you can login run:
	mount -u -o rw /
	cp /netbsd.orig /netbsd
	reboot

   if the system does not boot at all try:
   Press the SPACE bar on system init, you'll get a prompt: Cobalt:
	bfd /boot/boot.gz nbsd=wd0a:netbsd.orig	will boot the original kernel


##STUFF BEYOND THIS LINE IS NOT WELL TESTED, EVERY HELP WELCOME !
#################################################################

- if ipfilter is enabled in kernel you can use
	/etc/rc.d/ipfilter start
	/etc/rc.d/ipnat start
	/etc/rc.d/ipmon start
   to enable them permanently
	add this to /etc/rc.conf
	ipfilter=YES
	ipnat=YES
	ipmon=YES

  here a standart ipnat.conf for nat where ethernet tlp0 (primary) is the
external
  and tlp1 (secondary) is the internal network interface and we do a 1 to
many nat
	map tlp0 10.1.1.0/24 -> 0/32 proxy port ftp ftp/tcp
	map tlp0 10.1.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
	map tlp0 10.1.1.0/24 -> 0/32

  a standart firewall config for /etc/ipf.conf can be installed like this
	echo /usr/share/examples/ipf/BASIC_1.FW > /etc/ipf.conf
  todo it the right way here is a description
	/usr/share/examples/ipf/firewall

- changing prompt for bash
	if you are using bash as shell you can add this to /etc/profile

        set -p
        if test "$UID" = 0 ; then
            PS1="\h:\w # "
        else
            PS1="\u@\h:\w> "
        fi

- to get apache running i had to change in
	/usr/pkg/etc/httpd/httpd.conf

	#Listen 80
	#Listen 0.0.0.0:80
	Listen *:80