Bering-uClibc 6.x - User Guide - Advanced Topics - Setting Up a Raspberry PI as a net to serial gateway
|Setting Up a Raspberry PI as a net to serial gateway|
|Prev||Bering-uClibc 6.x - User Guide|
This setup shows how to use the LEAF tarball distribution for the raspberry PI, to access the serial communication port of a distant PC Engines APU2C2 using a simple SSH session. To access the serial port, we SSH to the Raspberry PI and run a communication program like minicom or picocom. There is of course a USB to RS-232C cable, that connects the raspberry PI to the serial port of the device.
This setup can be generalized to make any "device serial communication port" accessible through an SSH network session. Knowing that RS-232C communication distances are short, why not use a wired network instead that can reach a lot farther.
All of this was initially done with the standard Raspberry PI Raspbian distribution, but using the LEAF distribution OS on the Raspberry PI instead, really transforms it into a very stable and dependable production platform, since everything will then run in rams. No writing to the SD card will occur once in operation... It is a well known fact that, it is only a matter of time for the Raspberry PI to corrupt it's SD card, thus making it fail to boot or run. This is mainly caused by random power fails occurring at the same time the PI is writing to the SD card (further readings: https://hackaday.com/2016/08/03/single-board-revolution-preventing-flash-memory-corruption/).
You will need
- - one raspberry pi 1 and power supply, (or PI2 or PI3 but it will be overkill...)
- - rs232c to USB cable
- - one db9 female to female null modem
- - LEAF tarball distribution for PI1, at https://sourceforge.net/projects/leaf/files/Bering-uClibc/6.1.4/Bering-uClibc_6.1.4_raspberry-rpi.tar.gz/download
- - One SD card, 4 gig. is plenty
- - a pc running a modern Linux distribution GUI...
- - an SD card programmer
Setting up the SD
- - Download the tarball and unpack it in a suitably named directory
- - Put the SD card in the programmer, then make a single Fat32 partition, and format it to Fat32
- - Copy all the files from the unpacked tarball to the SD
- - Looking at the SD contain:
- find the package dropbear.lrp - rename it to dropbear.tgz - doubleclick it - add DB_OPTIONS=" -B " at the end of /etc/default/dropbear this will allow a first root login with no password - save file and update archive dropbear.tgz - rename dropbear.tgz back to dropbear.lrp - again, in the archive, find the file LEAF.CFG, and in "LRP=" list remove "shorewall" and "dnsmasq", and add "local" and "picocom" or "minicom", you should now have: LRP="license root nano local dhcpcd keyboard dropbear lighttpd webconf picocom patch"... It is important to remove "shorewall" here, it's job is to block everything and "dnsmasq" is not needed ! - unmount the SD card...
Starting the Raspberry PI
- - Put the SD card in the Raspberry PI, and power it up
- - After ~ 30 seconds, find out the PI's Ip address, and ssh in it: ssh root@raspberry_pi_IP_address. On Android, the "fing" app does marvels ...
- - Set the new passwords for the OS and webconf, as you will be asked.
- - Open webconf from a browser http://raspberry_pi_IP_address to try it out
- - While you're there, it would be a good idea to comment-out eth1 in /etc/network/interfaces, look in Networking...
- - A good time also to do your "ssh-copy-id" to write ssh keys in /.ssh/authorized_keys (see https://bering-uclibc.zetam.org/wiki/Bering-uClibc_6.x_-_User_Guide_-_Advanced_Topics_-_Setting_Up_SSH_password-less_login_and_Port_Knocking )
Correcting some bugs...
from your already opened ssh session:
- - fix xterm: go to /etc/terminfo/x and "cp xterm xterm-256color" ... # the "lrcfg" menu needs xterm-256color so we make one up in B&W !
- - fix reboot: The busybox reboot command does not work, here is a hardware alternative done by connecting GPIO4 to the PI reset pin on P6 pin 1 (the square one). Solder a 2 pin header on P6 (https://i.imgur.com/jR8hmwG.jpg?1) and place a jumper wire between P6 pin 1 and GPIO4 on P1 pin 7 (https://i.imgur.com/R9dx5TH.jpg?1).
- - create a new "reboot" command: first, make the script /root/GPIO4reboot.sh and second, change the old reboot command in /sbin...
the script /root/GPIO4reboot.sh will set gpio4 to low (0) which will reset the PI, a hard reboot !
cd /root nano GPIOreboot.sh
fill with this contain:
#!/bin/sh # # reset avec gpio4 connecte sur reset du PI, P6 pin 1 square. # echo "4" > /sys/class/gpio/export # we will talk to gpio4 echo "out" > /sys/class/gpio/gpio4/direction # gpio4 on boot is an high-z input, but defaults to low (0) as an output
don't forget to make the script executable with:
chmod 0755 GPIO4reboot.sh
Let's replace the non-working "reboot" command with our own hardware reboot command ...
cd /sbin mv reboot old_reboot # keep old command in case someone repairs/fixes busybox... ln -s /root/GPIO4reboot.sh reboot # the "reboot" command link now points to /root/GPIO4reboot.sh
- - set the local.local: everything we just did which is not part of the LEAF distribution has to be saved in /var/lib/lrpkg/local.local ...
lrcfg > 3) Packages configuration > 3) local > 1) list of files that should be saved >
fill with this contain:
var/lib/lrpkg/local.local etc/terminfo/x/xterm-256color root/.ssh/authorized_keys root/GPIO4reboot.sh sbin/reboot sbin/old_reboot
***and a very important final save:
lrcfg > s) save configuration
Using the gateway
- - now connect the RS-232C to USB cable with the null modem between your PI and your device serial port
- - open an ssh session to the PI
- - start picocom: picocom -b115200 /dev/ttyUSB0
- - hit return:... you should have the prompt to login in your router or whatever !
- - exit picocom with Cntl-a Cntl-x, help is Cntl-a Cntl-h
It would be a good idea to configure eth0 with a static IP address in /etc/network/interface. This would allow a network communication between your workstation and the PI Serial gateway even if your firewall and consequently DHCP server are down.
You can also remove or comment out DB_OPTIONS=" -B " in /etc/default/dropbear, to bring the security level back.
"picocom.lrp" is not part of the tarball yet, use "minicom.lrp" instead... or ask Kapeka !
Using the PI as a full blown firewall has not been tested here, the feeling is that it would be too slow... volunteers are welcome ...
by: jrb with kapeka's idea to use leaf !