Category Archives: Uncategorized

Raspberry Pi Firewall with iptables

I recently ordered a Raspberry Pi kit from Adafruit with the goal of making a motion detector.  However, after receiving it, I started to think about other uses for the board.  Specifically, I’d like to get asterisk with an external ATA to PSTN working (that’s a story for another day) and also get a firewall running on it.  Granted, this will end up being multiple Pis but for now it’s all more proof of concept.

The first challenge, which shouldn’t have been all that challenging, was getting a valid image onto the SDHC card.  From what I can tell (sha1sum/shasum), the images that I downloaded were corrupt, so no amount of me trying different methods of writing to the card were going to save me.

What I learned:

-Run shasum (Mac) or sha1sum (Linux) right away.  Don’t mess around until you know that the downloaded file is valid.

-Macs put some cruft like .DS_Store, etc, on the card even when writing with dd.   I ended up using ImageWriter in Ubuntu Linux to write the image.

-The USB console connector from Adafruit is worth its weight in gold.  It needs special drivers which is a bummer.  Tip:  Always unplug it from the USB end, even if you’ve unplugged it from the Pi.  I hard locked my Mac when I didn’t do that, though who knows if that was the true cause.

Once I got it to boot, the familiar Debian-based Raspbian operating system made life easy.  However, the next challenge was getting the network working correctly for the firewall.  I have what is apparently a complex setup, at least according to the lack of finding anyone else who does it.  My firewall has one ethernet connection to the Internet, one to the internal network and then one to a DMZ.  All three ethernet ports are connected to different networks.

To accomplish this I’m using two Cisco/Linksys USB200M’s that I had laying around and a Cables To Go powered USB hub.  eth0 is connected to the Internet, eth1 to internal network and eth2 to the DMZ.

What I found:

-The interfaces connected through the USB hub need to have static IPs set in /etc/network/interfaces.  allow-hotplug also seems to be helpful here.

-The lack of console access to the Pi in my server room made this more difficult.  I ordered an HDMI to DVI cable to I could get video for the the Pi into the KVM in the server room.

What I haven’t solved:

-On boot, the USB-based interfaces don’t seem to work at first.  I haven’t yet been able to figure this out but it seems like unplugging them, waiting a few seconds, and then plugging them back in wakes them up.  So far (a whopping 5 hours in) the interfaces haven’t died; if you’re reading this it was posted through the Pi-based firewall running iptables.

 

SkyDrive on Mac

Installed Microsoft SkyDrive on OS X but stopped from starting automatically on boot. Then I lost it. Couldn’t find it. Turns out that the Skydrive.app stayed in the Downloads folder after install rather than going to the Applications folder. Moving it to Applications solved the riddle.