This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
freebsd:nanobsd_router [2015/02/12 10:01] tschulz created |
freebsd:nanobsd_router [2015/02/12 15:57] (current) tschulz [Misc Nanobsd notes] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== NanoBSD Router ====== | ====== NanoBSD Router ====== | ||
- | ===== Headline ===== | + | ===== Notes ===== |
+ | * The following configs and files should make a diskimage for a 1GB CF card in use with a Soekris 4801 or better. | ||
+ | * It was designed to work with a 5 ethernet port variant. | ||
+ | * You will need to build this on **FreeBSD 10.1 32bit**. | ||
+ | * port speed is set to **115200** | ||
+ | * root password is set to "pwd" | ||
+ | * When the build process will create a image file **/usr/obj/nanobsd.seokris/nanobsd_seokris.img**. | ||
+ | * Write this file to a CF card using **dd** or something simular | ||
- | <file> | + | ==== Misc Nanobsd notes ==== |
+ | * by default nanobsd.sh rebuilds world and kernel every build to reuse existing world and kernel builds use the **-b** swtich <file>./nanobsd.sh -c seokris.nano -b</file> | ||
+ | * [[http://bsdrp.net/documentation/technical_docs/nanobsd|Super Handy nanobsd reference]] | ||
+ | * [[https://www.freebsd.org/doc/en/articles/nanobsd/howto.html|Not a terribly usful nanobsd howto]] | ||
+ | * [[https://www.freebsd.org/cgi/man.cgi?query=nanobsd|nanobsd.sh man page]] | ||
+ | ===== seokris.nano (nano BSD build definition) ===== | ||
+ | |||
+ | <file bash seokris.nano> | ||
NANO_NAME=seokris | NANO_NAME=seokris | ||
NANO_SRC=/usr/src | NANO_SRC=/usr/src | ||
Line 37: | Line 51: | ||
</file> | </file> | ||
+ | ===== Fix nanobsd.sh ===== | ||
+ | I had to comment out **exit 2** on line 849 of **/usr/src/tools/tools/nanobsd/nanobsd.sh** | ||
+ | <file bash /usr/src/tools/tools/nanobsd/nanobsd.sh> | ||
+ | ... | ||
+ | elif [ $now -eq $have ] ; then | ||
+ | echo "FAILED: Nothing happened on this pass" | ||
+ | #exit 2 | ||
+ | break | ||
+ | fi | ||
+ | ... | ||
+ | </file> | ||
+ | |||
+ | ===== Kernel Config ===== | ||
+ | <file kernel /usr/src/sys/i386/conf/NANO> | ||
+ | ... | ||
+ | ident NANO | ||
+ | |||
+ | options IPSEC #IP security | ||
+ | device crypto | ||
+ | options ALTQ | ||
+ | options ALTQ_CBQ # Class Based Queuing (CBQ) | ||
+ | options ALTQ_RED # Random Early Detection (RED) | ||
+ | options ALTQ_RIO # RED In/Out | ||
+ | options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) | ||
+ | options ALTQ_PRIQ # Priority Queuing (PRIQ) | ||
+ | |||
+ | #makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols | ||
+ | ... | ||
+ | </file> | ||
+ | |||
+ | ===== Packages ===== | ||
+ | {{:freebsd:pkg.tar|Download}} the package arch and extract it to **/Pkg** on the build machine. | ||
+ | e.g. <file> | ||
+ | tar xvpf pkg.tar -C / | ||
+ | </file> | ||
+ | |||
+ | |||
+ | |||
+ | ===== Misc Config Files ===== | ||
+ | |||
+ | <file bash /usr/src/tools/tools/nanobsd/Files/boot/loader.conf > | ||
+ | comconsole_speed="115200" | ||
+ | </file> | ||
+ | |||
+ | <file bash /usr/src/tools/tools/nanobsd/Files/etc/rc.conf> | ||
+ | sendmail_enable="NONE" | ||
+ | hostname="fw1.local" | ||
+ | gateway_enable="YES" | ||
+ | pf_enable="YES" | ||
+ | pflog_enable="YES" | ||
+ | pfnat_enable="YES" | ||
+ | sshd_enable="YES" | ||
+ | |||
+ | cloned_interfaces="bridge0" | ||
+ | ifconfig_bridge0="addm sis0 addm sis1 addm sis2 addm sis3 up" | ||
+ | ifconfig_bridge0_alias0="inet 192.168.116.1 netmask 255.255.255.0" | ||
+ | ifconfig_sis0="up" | ||
+ | ifconfig_sis1="up" | ||
+ | ifconfig_sis2="up" | ||
+ | ifconfig_sis3="up" | ||
+ | |||
+ | ifconfig_sis4="DHCP" | ||
+ | |||
+ | dhcpd_enable="YES" | ||
+ | dhcpd_ifaces="bridge0" | ||
+ | </file> | ||
+ | |||
+ | <file bash /usr/src/tools/tools/nanobsd/Files/etc/pf.conf> | ||
+ | ext_if = "sis4" # macro for external interface - use tun0 for PPPoE | ||
+ | int_if = "bridge0" # macro for internal interface | ||
+ | localnet = $int_if:network | ||
+ | |||
+ | # ext_if IP address could be dynamic, hence ($ext_if) | ||
+ | nat on $ext_if from $localnet to any -> ($ext_if) | ||
+ | |||
+ | #block all | ||
+ | pass from { lo0, $localnet } to any keep state | ||
+ | </file> | ||
+ | |||
+ | <file bash /usr/src/tools/tools/nanobsd/Files/etc/ppp/ppp.conf> | ||
+ | WCTA: | ||
+ | set device PPPoE:sis4 | ||
+ | set authname YOURLOGINNAME@wcta.net | ||
+ | set authkey YOURPASSWORD | ||
+ | set dial | ||
+ | set login | ||
+ | add default HISADDR | ||
+ | |||
+ | |||
+ | SEBEKA: | ||
+ | set authname username | ||
+ | set authkey password | ||
+ | set timeout 0 | ||
+ | set ifaddr 0 0 | ||
+ | add 10.1.0.0/22 hisaddr | ||
+ | alias enable yes | ||
+ | </file> | ||
+ | |||
+ | <file named /usr/src/tools/tools/nanobsd/Files/usr/local/etc/dhcpd.conf> | ||
+ | subnet 192.168.116.0 netmask 255.255.255.0 { | ||
+ | range 192.168.116.100 192.168.116.254; | ||
+ | option domain-name-servers 8.8.8.8; | ||
+ | option routers 192.168.116.1; | ||
+ | default-lease-time 600; | ||
+ | max-lease-time 7200; | ||
+ | } | ||
+ | </file> |