Archive for the 'Networking' category

« Previous Page
Newer stuff »

Building home OpenBSD router – Part 1

July 28, 2008 8:01 am

Planning the Project Specs

Goals:

- Two local subnets, Wired and Wireless

- Support Xbox Live

- Provide external access to my file server

- Limit all communication out of my network strictly to the applications and services I choose to allow (web traffic, mail traffic, ssh, xbox, torrents, etc)

- Improved stability over the over-the-counter home routers

- Shape traffic using ALTQ

Resources:

- For the Operating System, I’m going with OpenBSD 4.3 (STABLE)

- Putting to use my MaxTerm 8300B

  • EVE-M 800 mhz (x86)
  • 256 MB of RAM
  • 15 GB IDE hard drive (spare one sitting around)
  • D-Link USB  Wireless Card (rum0 driver in OpenBSD) for local wireless traffic
  • Spare old 3com 10/100 Mbit NIC for local wired traffic
- For reference, I’m using “The Book of PF”.

This has been a great read and an excellent resource in the planning stages of this project for me.  For anyone who doesn’t already have a copy, I can not recommend this book enough.  Heres a link for picking it up from Amazon. (it’s probably be the cheapest part of this project)

The Plan:

  • Local wired traffic: 192.168.0.X/24
  • Local wireless traffic: 192.168.1.X/24
  • Provide DHCP services on both local interfaces
  • External Interface running DHCP
  • Starting with blocking everything [block all]
  • Designate IPs per server and personal computer on my network
  • Designate torrent ports to each of the personal computers
  • Initially just use WEP for proof of concept, later use WPA or even an authpf with a possible web interface for authenticating
  • Perform MRTG graphing if for nothing more than to see what I spend my bandwidth doing

Continue to Part 2.

Categories: Networking, Projects
2 Comments »

AppleTalk on Solaris (AFP)

July 27, 2008 7:45 pm

AppleTalk has been quite a popular choice for networking computers mainly because it’s, well, made by Apple. It was supposedly made solely for Apple computers but the Internet folks have never been one to settle for should be’s and would rather run after could be’s. If cheap mobile phones today can be hacked to become as efficient as high-end phones, why not try making AppleTalk work on other operating systems right? That’s what we’re aiming to do on this page, make AppleTalk work on Solaris.

[Taken from: www.unixzone.dk]

Netatalk 2.0.3 requires some patching to compile on Solaris 10 (or OpenSolaris)

    Requirements:

  • netatalk
  • Berkeley DB 4.2.52
  • GCC compiler, Sun Studio didn’t work for me
  • Patches: netatalk-2.0.3/sys/netatalk/at.h and netatalk-2.0.3/sys/solaris/tpi.c

Click <HERE> for build instructions for DB

On Solaris we don’t use ranlib, LDFLAGS adds /usr/local/lib to the
library search path where my Berkeley DB libs are , rest of the options
are self-explanatory.

 # gzip -cd netatalk-2.0.3.tar.gz | tar xf -
# gzip -cd patches.tar.gz | tar xf -
# cd netatalk-2.0.3
# RANLIB=echo CC=gcc LDFLAGS=-R/usr/local/BerkeleyDB.4.2/lib
./configure --prefix=/opt/netatalk --with-ssl-dir=/usr/sfw
--with-bdb=/usr/local/BerkeleyDB.4.2 --without-pam --disable-ddp
--disable-tcp-wrappers  --disable-srvloc --with-cnid-dbd-backend
# echo "#define SOLARIS2 10" >>config.h

Depending on the version of your Solaris installation, you’ll want to
change this to match, ie. 8, 9, 10, or 11 for OpenSolaris.

Patch the source to support x64 Solaris

 # patch -i ../patches/at.h.patch sys/netatalk/at.h
Looks like a unified context diff.
done
#  patch -i ../patches/config.h.patch ./config.h
Looks like a normal diff.
done
# patch -i ../patches/endian.h.patch sys/netatalk/endian.h
Looks like a normal diff.
done
# patch -i ../patches/tpi.c.patch sys/solaris/tpi.c
Looks like a unified context diff.
done

Build and install the software

 # make
# make install

Under Solaris, you must create atalkd.conf, since Solaris provides no
method for determining the names of the available interfaces. It is
sufficent to name the available interfaces in atalkd.conf, one per line.
E.g.
eri0
on a line by itself on many Suns, hme0 on Ultras etc. See atalkd(8).

Create init script and add to Sun’s svc system

 # cp distrib/initscripts/rc.atalk.sysv /opt/local/lib/svc/method/netatalk

Place netatalk.xml somewhere on the file system

 # svccfg import /path/to/netatalk.xml
# svcadm enable netatalk
# rm /path/to/netatalk.xml

Now for configuration:

 # cd /opt/netatalk/etc/netatalk/
# ls -l
total 96
-rw-r--r--   1 root     root       5066   Apr  4 15:21 AppleVolumes.default
-rw-r--r--   1 root     root       25124  Apr  2 14:49 AppleVolumes.system
-rw-r--r--   1 root     root       11259  Apr  4 14:59 afpd.conf
-rw-r--r--   1 root     root       1059   Apr  4 11:57 atalkd.conf
-rw-r--r--   1 root     root       1429   Apr  4 15:01 netatalk.conf
-rw-r--r--   1 root     root       1479   Apr  2 14:49 papd.conf
drwxr-xr-x   2 root     root       512    Apr  3 11:49 uams
#

Add the following to “afpd.conf”:

 "Solaris AFP" -uamlist uams_guest.so -loginmesg "Welcome, $u!" -transall -noddp -tcp

Configure “netatalk.conf” as seen here:

 # Appletalk configuration
# Change this to increase the maximum number of clients that can connect:
AFPD_MAX_CLIENTS=50

# Change this to set the machine’s atalk name and zone, the latter containing
# the ‘@’ sign as first character — compare with nbp_name(3) if in doubt
#
# NOTE: If Netatalk should register AppleTalk services in the standard zone
#       then you need not to specify a zone name here.

#
#       If your zone has spaces in it, you’re better off specifying
#       it in afpd.conf if you realize that your distribution doesn’t
#       handle spaces correctly in the startup script. Remember to use
#       quotes here if the zone name contains spaces.
#
#ATALK_ZONE=”@some zone”
ATALK_NAME=`echo ${HOSTNAME}|cut -d. -f1`
# specify the Mac and unix charsets to be used

ATALK_MAC_CHARSET=’MAC_ROMAN’
ATALK_UNIX_CHARSET=’LOCALE’
# specify this if you don’t want guest, clrtxt, and dhx
# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so,
#                    uams_randnum.so
#AFPD_UAMLIST=”-U uams_clrtxt.so,uams_dhx.so”
# Change this to set the id of the guest user
AFPD_GUEST=nobody
# Set which daemons to run (papd is dependent upon atalkd):

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no
# Control whether the daemons are started in the background
ATALK_BGROUND=no
# export the charsets, read form ENV by apps

export ATALK_MAC_CHARSET
export ATALK_UNIX_CHARSET

Add the following to “AppleVolumes.default”:

 :DEFAULT: cnidscheme:dbd
/Storage "Storage" rwlist:nobody

Categories: Networking, Projects, Storage
1 Comment »

« Previous Page
Newer stuff »