How to make a portable repair server
A portable repair server is a home router for booting computers over a network for the purpose of repairing, restoring, checking and treating. Before a bootable USB flash drive, this server has the following advantages:
Among the shortcomings, it is possible to note a lower transmission rate and some difficulty in changing (supplementing) the load points, which is reflected in the features of the network load. As a bonus, you can retrofit the repair server with your own access to the Internet via a USB modem, this will be required to isolate a computer infected with viruses from other computers on the local network. Thus, we need a router:
The last item allows you to easily transfer the repair server to where it is more convenient for us to work with it, and not where there is a network, etc. As we have said, as a bonus, you need a USB hub, USB flash drive and USB modem with a working sim card. The choice of a modem, oddly enough, is a difficult task, so there is no one hundred percent certainty in accordance with paragraph 1, so not for advertising, I would recommend TP-Link TL-MR3020 (just don’t take very similar TP-Link models TL-WR700N and TP-Link TL-WR702N) or more expensive TP-Link TL-MR3040 model with built-in battery. Before buying, pay attention to the version of the device, the supported versions can be found here .
I will not replace the official OpenWrt documentation, so go to the page you purchased the device and read the order of installing OpenWrt, as a rule, just download the firmware of your model, and update (install) the downloaded file via the web interface. Perhaps after a flashing and a subsequent reboot of the router, there will be no web interface, you should not panic, download Putty and work through the console. One very important note - before further work, configure Internet access. First, we will transfer the system to a USB flash drive (extroot), and then we will install all the packages we need to work.
The transfer process is well described in the documentation and there is an article on this topic on Habré. I can recommend the following:
If you are unable to pre-partition the flash drive into partitions (swap no more than 128 MB, the rest is under the root partition), then you will need to install the following packages: fdisk, e2fsprogs and swap-utils, the article describes how to do this. And we will go further - now you can install all the packages that you wish. If you need a web interface, then you are here , and we will be setting up a Samba server so that it is convenient to upload files to the server using the standard Microsoft file and printer access service. First, we open the necessary ports in the firewall, if the default rule for network access is set to “Drop”. To do this, the following section should be in the / etc / config / firewall file:
For more information on configuring the firewall, see here . Next, let's look at what available version of samba is in the repository:
Install the package whose name you just received. More detailed information on working with packages - here . If you want to control the Samba server through a web interface, install the appropriate module:
Some clarification should be given. First, instead of access at the user level, it is better to switch to the resource level, which roughly corresponds to simple general file access in Windows XP. Secondly, the configuration file is created every time the router loads, so it is better to edit the
In order to comply with security measures, guest access occurs on behalf of the nobody user, so we need to make the nobody user of the pxeboot folder:
Now we are writing the sambashare section in the
We enable and start the service with the commands:
Samba configuration is described in more detail in the documentation . Now we can upload files and directories from another computer, so in the network share we will create a folder tftpd, and in it a subdirectory: pxelinux.cfg (menu settings), img (disk images), boot and source (for WinPE download, see previous article ) . Fill in the tftpd directory with the necessary files for pxelinux, the list and description of which is given in the previous article .
And so we got to the settings of the boot menu, but before setting up, you need to decide on the composition of this boot menu, and there will be as many opinions as the person will participate in the dispute. Yes, and the dispute will be pointless, since one person needs one set of tools, another - another. Take an abstract example in which will be:
In fact, there are two files: default and hdd.cfg, and in the latter we only list two items and the return item to the main menu. And one practical note: do not cram everything into a WinPE image, one file manager is enough, all other tools can be obtained via the network. If the size of the flash drive allows, then in the / mnt / pxeboot directory we create subfolders:
The default file will look like this:
Once again I remind you that this is only an example, respectively, the hdd.cfg file:
Make sure all files are downloaded and in place. Now you can configure dnsmasq - a convenient dns-dhcp-tftpd-server configuration file, which / etc / config / dhcp:
That is, only three parameters are set. Now we can check all the settings. It's great if everything will work for you the first time. And what if something does not work? Of course, watch the system log. Most Windows users are unaware that register does matter in Linux, so boot and Boot are different folders. For example, to boot WinPE, you just need two folders: boot and Boot. The Boot will contain the Fonts directory and the BCD file (exactly as indicated here), and the boot.sdi file will be in the boot directory. Pay attention to the extension register, for example, if the fdd3.52.img file is specified in the configuration file, and you upload the fdd3.52.IMG file, then most likely you will get an error.
')
Antiviruses are a special case, since they also need to download a huge anti-virus database. Usually they use two ways here: they either load and mount the bases via a web server, or they cram them into an initrd file, as described, for example, here . But this is a topic for another article.
- stuck in the network and it is not necessary to look for an unblocked USB-connector on every system unit;
- Do not risk to burn the flash drive on the shorted contacts;
- the only way to boot on computers where the USB controller is burned (boot from CD-ROM is not taken into account), as well as on computers where the BIOS does not allow booting from USB devices;
- The desired method for flashing firmware.
Among the shortcomings, it is possible to note a lower transmission rate and some difficulty in changing (supplementing) the load points, which is reflected in the features of the network load. As a bonus, you can retrofit the repair server with your own access to the Internet via a USB modem, this will be required to isolate a computer infected with viruses from other computers on the local network. Thus, we need a router:
- with the possibility of flashing OpenWrt ;
- with USB connector;
- compact size.
The last item allows you to easily transfer the repair server to where it is more convenient for us to work with it, and not where there is a network, etc. As we have said, as a bonus, you need a USB hub, USB flash drive and USB modem with a working sim card. The choice of a modem, oddly enough, is a difficult task, so there is no one hundred percent certainty in accordance with paragraph 1, so not for advertising, I would recommend TP-Link TL-MR3020 (just don’t take very similar TP-Link models TL-WR700N and TP-Link TL-WR702N) or more expensive TP-Link TL-MR3040 model with built-in battery. Before buying, pay attention to the version of the device, the supported versions can be found here .
I will not replace the official OpenWrt documentation, so go to the page you purchased the device and read the order of installing OpenWrt, as a rule, just download the firmware of your model, and update (install) the downloaded file via the web interface. Perhaps after a flashing and a subsequent reboot of the router, there will be no web interface, you should not panic, download Putty and work through the console. One very important note - before further work, configure Internet access. First, we will transfer the system to a USB flash drive (extroot), and then we will install all the packages we need to work.
The transfer process is well described in the documentation and there is an article on this topic on Habré. I can recommend the following:
- use the / overlay option;
- use ext2 file system (opkg install kmod-fs-ext4);
- keep in mind that the article implies the use of an already marked flash drive.
If you are unable to pre-partition the flash drive into partitions (swap no more than 128 MB, the rest is under the root partition), then you will need to install the following packages: fdisk, e2fsprogs and swap-utils, the article describes how to do this. And we will go further - now you can install all the packages that you wish. If you need a web interface, then you are here , and we will be setting up a Samba server so that it is convenient to upload files to the server using the standard Microsoft file and printer access service. First, we open the necessary ports in the firewall, if the default rule for network access is set to “Drop”. To do this, the following section should be in the / etc / config / firewall file:
config 'rule'
option 'src' 'lan'
option 'proto' 'udp'
option 'dest_port' '137-138'
option 'target' 'ACCEPT'
config 'rule'
option 'src' 'lan'
option 'proto' 'tcp'
option 'dest_port' '139'
option 'target' 'ACCEPT'
config 'rule'
option 'src' 'lan'
option 'proto' 'tcp'
option 'dest_port' '445'
option 'target' 'ACCEPT'
For more information on configuring the firewall, see here . Next, let's look at what available version of samba is in the repository:
opkg list | grep sambaInstall the package whose name you just received. More detailed information on working with packages - here . If you want to control the Samba server through a web interface, install the appropriate module:
opkg install luci-app-sambaSome clarification should be given. First, instead of access at the user level, it is better to switch to the resource level, which roughly corresponds to simple general file access in Windows XP. Secondly, the configuration file is created every time the router loads, so it is better to edit the
/etc/samba/smb.conf.template template. In our case, we need to replace the user value of the security parameter with the value share. Consider an example in which the /mnt/pxeboot directory exists (yes, I agree, the / mnt folder is used to mount devices, partitions, etc., but in openwrt is the best directory for a network resource), if there is no such directory, then create his team:mkdir -p /mnt/pxebootIn order to comply with security measures, guest access occurs on behalf of the nobody user, so we need to make the nobody user of the pxeboot folder:
chown nobody /mnt/pxebootNow we are writing the sambashare section in the
etc/config/samba file:... config 'sambashare' option 'read_only' 'no' option 'name' 'share' option 'path' '/ mnt / pxeboot' option 'guest_ok' 'yes'
We enable and start the service with the commands:
/etc/init.d/samba enable /etc/init.d/samba start
Samba configuration is described in more detail in the documentation . Now we can upload files and directories from another computer, so in the network share we will create a folder tftpd, and in it a subdirectory: pxelinux.cfg (menu settings), img (disk images), boot and source (for WinPE download, see previous article ) . Fill in the tftpd directory with the necessary files for pxelinux, the list and description of which is given in the previous article .
And so we got to the settings of the boot menu, but before setting up, you need to decide on the composition of this boot menu, and there will be as many opinions as the person will participate in the dispute. Yes, and the dispute will be pointless, since one person needs one set of tools, another - another. Take an abstract example in which will be:
- local boot;
- WinPE boot;
- submenu utilities for the hard disk;
- Memtest86.
In fact, there are two files: default and hdd.cfg, and in the latter we only list two items and the return item to the main menu. And one practical note: do not cram everything into a WinPE image, one file manager is enough, all other tools can be obtained via the network. If the size of the flash drive allows, then in the / mnt / pxeboot directory we create subfolders:
- tools (windows-utilities);
- install (distributions);
- wim (wim images for deploying different versions of Windows).
The default file will look like this:
UI vesamenu.c32
MENU TITLE Portable PXE-boot server
LABEL bootlocal
MENU LABEL ^ Boot local disk
MENU DEFAULT
LOCALBOOT 0
TIMEOUT 80
TOTALTIMEOUT 9000
LABEL winpe
MENU LABEL ^ WinPE
KERNEL pxeboot.0
LABEL hddtools
MENU LABEL hdd-tools
KERNEL vesamenu.c32
APPEND pxelinux.cfg / hdd.cfg
LABEL memtest
MENU LABEL Memtest86 6.0
KERNEL memdisk
APPEND iso initrd = img / memtest.iso
Once again I remind you that this is only an example, respectively, the hdd.cfg file:
UI vesamenu.c32 MENU TITLE Hard Drive Disk Tools LABEL vcr350 MENU LABEL Victoria 3.5 KERNEL memdisk APPEND img initrd = img / fdd3.52.img LABEL Seagate7200.12 MENU LABEL Firmware Seagate Barracuda 7200.12 KERNEL memdisk APPEND iso initrd = img / barracuda12.iso LABEL return MENU LABEL Return Main Menu KERNEL vesamenu.c32 APPEND pxelinux.cfg / default
Make sure all files are downloaded and in place. Now you can configure dnsmasq - a convenient dns-dhcp-tftpd-server configuration file, which / etc / config / dhcp:
config dnsmasq
...
option enable_tftp '1'
option tftp_root '/ mnt / pxeboot / tftpd'
...
config boot linux
option filename 'pxelinux.0'
... That is, only three parameters are set. Now we can check all the settings. It's great if everything will work for you the first time. And what if something does not work? Of course, watch the system log. Most Windows users are unaware that register does matter in Linux, so boot and Boot are different folders. For example, to boot WinPE, you just need two folders: boot and Boot. The Boot will contain the Fonts directory and the BCD file (exactly as indicated here), and the boot.sdi file will be in the boot directory. Pay attention to the extension register, for example, if the fdd3.52.img file is specified in the configuration file, and you upload the fdd3.52.IMG file, then most likely you will get an error.
')
Antiviruses are a special case, since they also need to download a huge anti-virus database. Usually they use two ways here: they either load and mount the bases via a web server, or they cram them into an initrd file, as described, for example, here . But this is a topic for another article.
Source: https://habr.com/ru/post/259161/
All Articles