Having tried m0n0wall and pfSense without much success (I basically need a filtering bridge: with m0n0wall bridging WAN to OPT and with LAN disconnected, everything is fine until I enable traffic shaping, at which point the throughput reduces to almost nothing; with pfSense, I gave up on the third attempt at configuration because it had corrupted its own CompactFlash filesystem), I’ve decided to install Linux on my ALIX 2C3.
I’m planning to boot Gentoo from a 4GB DMA-enabled Compact Flash card, with the portage directory remote-mounted via NFS, the root partition mounted read-only (except for upgrades), and /var on a tmpfs in-memory filesystem.
I’m building this system optimised for the 500MHz AMD Geode LX800 processor on an AMD64 host (much faster ;)) by unpackage an initial Gentoo stage3 archive, and then chrooting into the resulting directory to continue the system build. This allows me to configure and test the entire system, right up to the part where I need to install a boot-loader and try to boot the OS on real hardware.
The snag came, though when I tried to configure the kernel-sources for the ALIX – the kernel configuration detected that I was on a 64-bit host, and so proceeded to list 64-bit configuration options.
I tried running “make CHOST=i586-pc-linux-gnu ARCH=i386 i386_defconfig“, but this still resulted in a 64-bit kernel. I was thinking too hard, though – the answer is much simpler! The correct solution is to exit the chroot and re-enter is as follows:
linux32 chroot /usr/src/alix
linux32 is a symlink to setarch, installed as part of the linux-util package. It will by default cause the command it is run against to think it is running under a different ABI (e.g. the output of ‘uname -m‘ will change), which will allow the kernel to be built correctly.
Incidentally, a fully-installed Gentoo system (including compilers, etc.) and all of the tools needed to do traffic filtering and shaping comes to about 1.3GB, leaving plenty of room on a 4GB device for two copies of the root filesystem, swap (for use during package upgrades), and enough space left over to avoid being too restrictive.