====== NanoBSD Router ====== ===== Notes ===== * The following configs and files should make a diskimage for a 1GB CF card in use with a Soekris 4801 or better. * It was designed to work with a 5 ethernet port variant. * You will need to build this on **FreeBSD 10.1 32bit**. * port speed is set to **115200** * root password is set to "pwd" * When the build process will create a image file **/usr/obj/nanobsd.seokris/nanobsd_seokris.img**. * Write this file to a CF card using **dd** or something simular ==== Misc Nanobsd notes ==== * by default nanobsd.sh rebuilds world and kernel every build to reuse existing world and kernel builds use the **-b** swtich ./nanobsd.sh -c seokris.nano -b * [[http://bsdrp.net/documentation/technical_docs/nanobsd|Super Handy nanobsd reference]] * [[https://www.freebsd.org/doc/en/articles/nanobsd/howto.html|Not a terribly usful nanobsd howto]] * [[https://www.freebsd.org/cgi/man.cgi?query=nanobsd|nanobsd.sh man page]] ===== seokris.nano (nano BSD build definition) ===== NANO_NAME=seokris NANO_SRC=/usr/src NANO_KERNEL=NANO NANO_IMAGES=1 NANO_DRIVE=ada0 NANO_MODULES=default NANO_PACKAGE_DIR="/Pkg" NANO_PACKAGE_LIST="*" NANO_IMGNAME="nanobsd_seokris.img" NANO_RAM_ETCSIZE="20480" NANO_RAM_TMPVARSIZE="102400" # -b -> skip world and kernel FlashDevice SanDisk 1G cust_nobeastie() ( touch ${NANO_WORLDDIR}/boot/loader.conf echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf ) customize_cmd cust_comconsole customize_cmd cust_install_files customize_cmd cust_allow_ssh_root customize_cmd cust_nobeastie customize_cmd cust_pkgng customize_nanobsd () ( chroot ${NANO_WORLDDIR} sh -c 'chsh -s bash;cd /usr/local/etc/squid/errors;mv en ../;rm -r *;mv ../en ./;ln -s en en-us;echo pwd | pw mod user root -h 0;echo -S115200 >> /boot.config;exit' ) customize_cmd customize_nanobsd ===== Fix nanobsd.sh ===== I had to comment out **exit 2** on line 849 of **/usr/src/tools/tools/nanobsd/nanobsd.sh** ... elif [ $now -eq $have ] ; then echo "FAILED: Nothing happened on this pass" #exit 2 break fi ... ===== Kernel Config ===== ... ident NANO options IPSEC #IP security device crypto options ALTQ options ALTQ_CBQ # Class Based Queuing (CBQ) options ALTQ_RED # Random Early Detection (RED) options ALTQ_RIO # RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) #makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols ... ===== Packages ===== {{:freebsd:pkg.tar|Download}} the package arch and extract it to **/Pkg** on the build machine. e.g. tar xvpf pkg.tar -C / ===== Misc Config Files ===== comconsole_speed="115200" sendmail_enable="NONE" hostname="fw1.local" gateway_enable="YES" pf_enable="YES" pflog_enable="YES" pfnat_enable="YES" sshd_enable="YES" cloned_interfaces="bridge0" ifconfig_bridge0="addm sis0 addm sis1 addm sis2 addm sis3 up" ifconfig_bridge0_alias0="inet 192.168.116.1 netmask 255.255.255.0" ifconfig_sis0="up" ifconfig_sis1="up" ifconfig_sis2="up" ifconfig_sis3="up" ifconfig_sis4="DHCP" dhcpd_enable="YES" dhcpd_ifaces="bridge0" ext_if = "sis4" # macro for external interface - use tun0 for PPPoE int_if = "bridge0" # macro for internal interface localnet = $int_if:network # ext_if IP address could be dynamic, hence ($ext_if) nat on $ext_if from $localnet to any -> ($ext_if) #block all pass from { lo0, $localnet } to any keep state WCTA: set device PPPoE:sis4 set authname YOURLOGINNAME@wcta.net set authkey YOURPASSWORD set dial set login add default HISADDR SEBEKA: set authname username set authkey password set timeout 0 set ifaddr 0 0 add 10.1.0.0/22 hisaddr alias enable yes subnet 192.168.116.0 netmask 255.255.255.0 { range 192.168.116.100 192.168.116.254; option domain-name-servers 8.8.8.8; option routers 192.168.116.1; default-lease-time 600; max-lease-time 7200; }