====== NanoBSD Router ======
===== Notes =====
* The following configs and files should make a diskimage for a 1GB CF card in use with a Soekris 4801 or better.
* It was designed to work with a 5 ethernet port variant.
* You will need to build this on **FreeBSD 10.1 32bit**.
* port speed is set to **115200**
* root password is set to "pwd"
* When the build process will create a image file **/usr/obj/nanobsd.seokris/nanobsd_seokris.img**.
* Write this file to a CF card using **dd** or something simular
==== Misc Nanobsd notes ====
* by default nanobsd.sh rebuilds world and kernel every build to reuse existing world and kernel builds use the **-b** swtich ./nanobsd.sh -c seokris.nano -b
* [[http://bsdrp.net/documentation/technical_docs/nanobsd|Super Handy nanobsd reference]]
* [[https://www.freebsd.org/doc/en/articles/nanobsd/howto.html|Not a terribly usful nanobsd howto]]
* [[https://www.freebsd.org/cgi/man.cgi?query=nanobsd|nanobsd.sh man page]]
===== seokris.nano (nano BSD build definition) =====
NANO_NAME=seokris
NANO_SRC=/usr/src
NANO_KERNEL=NANO
NANO_IMAGES=1
NANO_DRIVE=ada0
NANO_MODULES=default
NANO_PACKAGE_DIR="/Pkg"
NANO_PACKAGE_LIST="*"
NANO_IMGNAME="nanobsd_seokris.img"
NANO_RAM_ETCSIZE="20480"
NANO_RAM_TMPVARSIZE="102400"
# -b -> skip world and kernel
FlashDevice SanDisk 1G
cust_nobeastie() (
touch ${NANO_WORLDDIR}/boot/loader.conf
echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf
)
customize_cmd cust_comconsole
customize_cmd cust_install_files
customize_cmd cust_allow_ssh_root
customize_cmd cust_nobeastie
customize_cmd cust_pkgng
customize_nanobsd () (
chroot ${NANO_WORLDDIR} sh -c 'chsh -s bash;cd /usr/local/etc/squid/errors;mv en ../;rm -r *;mv ../en ./;ln -s en en-us;echo pwd | pw mod user root -h 0;echo -S115200 >> /boot.config;exit'
)
customize_cmd customize_nanobsd
===== Fix nanobsd.sh =====
I had to comment out **exit 2** on line 849 of **/usr/src/tools/tools/nanobsd/nanobsd.sh**
...
elif [ $now -eq $have ] ; then
echo "FAILED: Nothing happened on this pass"
#exit 2
break
fi
...
===== Kernel Config =====
...
ident NANO
options IPSEC #IP security
device crypto
options ALTQ
options ALTQ_CBQ # Class Based Queuing (CBQ)
options ALTQ_RED # Random Early Detection (RED)
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
#makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
...
===== Packages =====
{{:freebsd:pkg.tar|Download}} the package arch and extract it to **/Pkg** on the build machine.
e.g.
tar xvpf pkg.tar -C /
===== Misc Config Files =====
comconsole_speed="115200"
sendmail_enable="NONE"
hostname="fw1.local"
gateway_enable="YES"
pf_enable="YES"
pflog_enable="YES"
pfnat_enable="YES"
sshd_enable="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm sis0 addm sis1 addm sis2 addm sis3 up"
ifconfig_bridge0_alias0="inet 192.168.116.1 netmask 255.255.255.0"
ifconfig_sis0="up"
ifconfig_sis1="up"
ifconfig_sis2="up"
ifconfig_sis3="up"
ifconfig_sis4="DHCP"
dhcpd_enable="YES"
dhcpd_ifaces="bridge0"
ext_if = "sis4" # macro for external interface - use tun0 for PPPoE
int_if = "bridge0" # macro for internal interface
localnet = $int_if:network
# ext_if IP address could be dynamic, hence ($ext_if)
nat on $ext_if from $localnet to any -> ($ext_if)
#block all
pass from { lo0, $localnet } to any keep state
WCTA:
set device PPPoE:sis4
set authname YOURLOGINNAME@wcta.net
set authkey YOURPASSWORD
set dial
set login
add default HISADDR
SEBEKA:
set authname username
set authkey password
set timeout 0
set ifaddr 0 0
add 10.1.0.0/22 hisaddr
alias enable yes
subnet 192.168.116.0 netmask 255.255.255.0 {
range 192.168.116.100 192.168.116.254;
option domain-name-servers 8.8.8.8;
option routers 192.168.116.1;
default-lease-time 600;
max-lease-time 7200;
}