User Tools

Site Tools


freebsd:nanobsd_router

This is an old revision of the document!


NanoBSD Router

Notes

  • The following configs and files should make a diskimage for a 1GB CF card in use with a Soekris 4801 or better.
  • It was designed to work with a 5 ethernet port variant.
  • You will need to build this on FreeBSD 10.1 32bit.
  • port speed is set to 115200
  • root password is set to “pwd”
  • When the build process will create a image file /usr/obj/nanobsd.seokris/nanobsd_seokris.img.
  • Write this file to a CF card using dd or something simular

Misc Nanobsd notes

seokris.nano (nano BSD build definition)

seokris.nano
NANO_NAME=seokris
NANO_SRC=/usr/src
NANO_KERNEL=NANO
NANO_IMAGES=1
NANO_DRIVE=ada0
NANO_MODULES=default
 
NANO_PACKAGE_DIR="/Pkg"
NANO_PACKAGE_LIST="*"
NANO_IMGNAME="nanobsd_seokris.img"
NANO_RAM_ETCSIZE="20480"
NANO_RAM_TMPVARSIZE="102400"
 
# -b -> skip world and kernel
 
FlashDevice SanDisk 1G
 
cust_nobeastie() (
        touch ${NANO_WORLDDIR}/boot/loader.conf
        echo "beastie_disable=\"YES\"" >> ${NANO_WORLDDIR}/boot/loader.conf
)
 
customize_cmd cust_comconsole
customize_cmd cust_install_files
customize_cmd cust_allow_ssh_root
customize_cmd cust_nobeastie
customize_cmd cust_pkgng
 
customize_nanobsd () (
chroot ${NANO_WORLDDIR} sh -c 'chsh -s bash;cd /usr/local/etc/squid/errors;mv en ../;rm -r *;mv ../en ./;ln -s en en-us;echo pwd | pw mod user root -h 0;echo -S115200 >> /boot.config;exit'
)
customize_cmd customize_nanobsd

Fix nanobsd.sh

I had to comment out exit 2 on line 849 of /usr/src/tools/tools/nanobsd/nanobsd.sh

/usr/src/tools/tools/nanobsd/nanobsd.sh
...
elif [ $now -eq $have ] ; then
    echo "FAILED: Nothing happened on this pass"
    #exit 2
    break
fi
...

Kernel Config

/usr/src/sys/i386/conf/NANO
...
ident           NANO
 
options   IPSEC        #IP security
device    crypto
options         ALTQ
options         ALTQ_CBQ        # Class Based Queuing (CBQ)
options         ALTQ_RED        # Random Early Detection (RED)
options         ALTQ_RIO        # RED In/Out
options         ALTQ_HFSC       # Hierarchical Packet Scheduler (HFSC)
options         ALTQ_PRIQ       # Priority Queuing (PRIQ)
 
#makeoptions    DEBUG=-g                # Build kernel with gdb(1) debug symbols
...

Packages

Download the package arch and extract it to /Pkg on the build machine. e.g.

tar xvpf pkg.tar -C /

Misc Config Files

/usr/src/tools/tools/nanobsd/Files/boot/loader.conf
comconsole_speed="115200"
/usr/src/tools/tools/nanobsd/Files/etc/rc.conf
sendmail_enable="NONE"
hostname="fw1.local"
gateway_enable="YES"
pf_enable="YES"
pflog_enable="YES"
pfnat_enable="YES"
sshd_enable="YES"
 
cloned_interfaces="bridge0"
ifconfig_bridge0="addm sis0 addm sis1 addm sis2 addm sis3 up"
ifconfig_bridge0_alias0="inet 192.168.116.1 netmask 255.255.255.0"
ifconfig_sis0="up"
ifconfig_sis1="up"
ifconfig_sis2="up"
ifconfig_sis3="up"
 
ifconfig_sis4="DHCP"
 
dhcpd_enable="YES"
dhcpd_ifaces="bridge0"
/usr/src/tools/tools/nanobsd/Files/etc/pf.conf
ext_if = "sis4"                         # macro for external interface - use tun0 for PPPoE
int_if = "bridge0"                      # macro for internal interface
localnet = $int_if:network
 
# ext_if IP address could be dynamic, hence ($ext_if)
nat on $ext_if from $localnet to any -> ($ext_if)
 
#block all
pass from { lo0, $localnet } to any keep state
/usr/src/tools/tools/nanobsd/Files/etc/ppp/ppp.conf
WCTA:
  set device PPPoE:sis4
  set authname YOURLOGINNAME@wcta.net
  set authkey YOURPASSWORD
  set dial
  set login
  add default HISADDR
 
 
SEBEKA:
 set authname username
 set authkey  password
 set timeout 0
 set ifaddr 0 0
 add 10.1.0.0/22 hisaddr
 alias enable yes
/usr/src/tools/tools/nanobsd/Files/usr/local/etc/dhcpd.conf
subnet 192.168.116.0 netmask 255.255.255.0 {
        range 192.168.116.100 192.168.116.254;
        option domain-name-servers 8.8.8.8;
        option routers 192.168.116.1;
        default-lease-time 600;
        max-lease-time 7200;
}
freebsd/nanobsd_router.1423759015.txt.gz · Last modified: 2015/02/12 10:36 by tschulz