Archive for July, 2008

Building home OpenBSD router - Part 2

July 29, 2008 7:40 pm

Start at Part 1

Configuring the Interfaces

First step is to configure the interfaces. My external interface is rl0 (”Realtek 8139″ - you can see dmesg below), my internal wired interface is xl0 (”3Com 3c905B 100Base-TX”), and my wireless interface is rum0 (”Ralink 802.11 bg WLAN”).

As I stated in Part 1 the external interface (rl0) will be a dhcp client to my cable ISP. To configure this, I created /etc/hostname.rl0 with the following information:

dhcp NONE NONE description "Global Uplink"

ifconfig rl0 looks like this:

rl0: flags=8843 mtu 1500
lladdr 00:0d:87:07:07:56
description: Global Uplink
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:87ff:fe07:756%rl0 prefixlen 64 scopeid 0x2
inet  netmask 0xfffffe00 broadcast 255.255.255.255

Next the internal wired interface (xl0); will be statically configured with the address 192.168.0.1 with a 24 bit subnet mask, later this interface while be advertising DHCP service for the wired local network. I created /etc/hostname.xl0 like this:

inet 192.168.0.1 255.255.255.0 192.168.0.255 description "Local Wired"

ifconfig xl0:

xl0: flags=8843 mtu 1500
lladdr 00:10:5a:0e:da:9a
description: Local Wired
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::210:5aff:fe0e:da9a%xl0 prefixlen 64 scopeid 0x1

And lastly the wireless interface (rum0). This interface is being set up as a wireless access point (”hostap”) configured as follows:

Will be set to only support 802.11B for the time being
Utilizing channel 6
Use a hex WEP key
Configured as 192.168.1.1 with a 24 bit netmask
And later will be advertising DHCP for the local wireless network

My /etc/hostname.rum0 looks like this:

up mediaopt hostap mode 11b chan 6 nwid Puffy nwkey 0x
inet 192.168.1.1

ifconfig rum0:

rum0: flags=8843 mtu 1500
lladdr 00:1c:f0:90:82:22
groups: wlan
media: IEEE802.11 autoselect mode 11b hostap
status: active
ieee80211: nwid Puffy chan 6 bssid 00:1c:f0:90:82:22 nwkey 0x 100dBm
inet6 fe80::21c:f0ff:fe90:8222%rum0 prefixlen 64 scopeid 0x5
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255

The ‘dmesg’ output:

OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Ezra ("CentaurHauls" 686-class) 801 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX
real mem  = 259555328 (247MB)
avail mem = 242909184 (231MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/17/03, BIOS32 rev. 0 @ 0xfb390, SMBIOS rev. 2.2 @ 0xf0800 (43 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 03/17/2003
bios0: VIA Technologies, Inc. VT8601
apm0 at bios0: Power Management spec V1.2 (slowidle)
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xdd54
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdce0/112 (5 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11 12
pcibios0: PCI Interrupt Router at 000:07:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0xc000 0xcc000/0x4000! 0xd0000/0x4000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8601 PCI" rev 0x05
agp0 at pchb0: v2, aperture at 0xe0000000, size 0x10000000
ppb0 at pci0 dev 1 function 0 "VIA VT82C601 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "Trident CyberBlade i1" rev 0x6a
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 7 function 0 "VIA VT82C686 ISA" rev 0x40
pciide0 at pci0 dev 7 function 1 "VIA VT82C571 IDE" rev 0x06: ATA100, channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 1: <QUANTUM FIREBALLlct15 15>
wd0: 16-sector PIO, LBA, 14324MB, 29336832 sectors
wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 7 function 2 "VIA VT83C572 USB" rev 0x1a: irq 11
uhci1 at pci0 dev 7 function 3 "VIA VT83C572 USB" rev 0x1a: irq 11
viaenv0 at pci0 dev 7 function 4 "VIA VT82C686 SMBus" rev 0x40: 24-bit timer at 3579545Hz
xl0 at pci0 dev 8 function 0 "3Com 3c905B 100Base-TX" rev 0x24: irq 10, address 00:10:5a:0e:da:9a
exphy0 at xl0 phy 24: 3Com internal media interface
rl0 at pci0 dev 14 function 0 "Realtek 8139" rev 0x10: irq 11, address 00:0d:87:07:07:56
rlphy0 at rl0 phy 0: RTL internal PHY
cmpci0 at pci0 dev 15 function 0 "C-Media Electronics CMI8738/C3DX Audio" rev 0x10: irq 12
audio0 at cmpci0
opl0 at cmpci0: model OPL3
midi0 at opl0: <CMPCI Yamaha OPL3>
mpu at cmpci0 not configured
"C-Media Electronics HSP56 AMR" rev 0x20 at pci0 dev 15 function 1 not configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "VIA UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "VIA UHCI root hub" rev 1.00/1.00 addr 1
biomask ebed netmask efed ttymask efef
rum0 at uhub0 port 2 "Ralink 802.11 bg WLAN" rev 2.00/0.01 addr 2
rum0: MAC/BBP RT2573 (rev 0x2573a), RF RT2528, address 00:1c:f0:90:82:22
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Continue to Step 3.

Categories: Projects
No Comments »

Building home OpenBSD router - Part 1

July 28, 2008 8:01 am

Planning the Project Specs

Goals:

- Two local subnets, Wired and Wireless

- Support Xbox Live

- Provide external access to my file server

- Limit all communication out of my network strictly to the applications and services I choose to allow (web traffic, mail traffic, ssh, xbox, torrents, etc)

- Improved stability over the over-the-counter home routers

- Shape traffic using ALTQ

Resources:

- For the Operating System, I’m going with OpenBSD 4.3 (STABLE)

- Putting to use my MaxTerm 8300B

EVE-M 800 mhz (x86)
256 MB of RAM
15 GB IDE hard drive (spare one sitting around)
D-Link USB Wireless Card (rum0 driver in OpenBSD) for local wireless traffic
Spare old 3com 10/100 Mbit NIC for local wired traffic

- For reference, I’m using “The Book of PF”.

This has been a great read and an excellent resource in the planning stages of this project for me. For anyone who doesn’t already have a copy, I can not recommend this book enough. Heres a link for picking it up from Amazon. (it’s probably be the cheapest part of this project)

The Plan:

Local wired traffic: 192.168.0.X/24
Local wireless traffic: 192.168.1.X/24
Provide DHCP services on both local interfaces
External Interface running DHCP
Starting with blocking everything [block all]
Designate IPs per server and personal computer on my network
Designate torrent ports to each of the personal computers
Initially just use WEP for proof of concept, later use WPA or even an authpf with a possible web interface for authenticating
Perform MRTG graphing if for nothing more than to see what I spend my bandwidth doing

Continue to Part 2.

Categories: Projects
2 Comments »

Thumbdrive for redundant boot device (OpenSolaris)

July 27, 2008 7:46 pm

First disable automating; this may be volfs or hal depending on the version of solaris 10/11

 # svcadm disable volfs

Now plug in the thumbdrive and determine the location for the logical node

bash-3.00# rmformat -l

Looking for devices...

1. Logical Node: /dev/rdsk/c0t0d0p0

Physical Node: /pci@0,0/pci-ide@1f,1/ide@0/sd@0,0

Connected Device: TEAC     CD-224E-N        1.AA

Device Type: CD Reader

2. Logical Node: /dev/rdsk/c4t0d0p0

Physical Node: /pci@0,0/pci15d9,7980@1d,7/hub@5/storage@1/disk@0,0

Connected Device: Corsair  Flash Voyager    1.00

Device Type: Removable

bash-3.00#

/dev/rdsk/c4t0d0 will be the root of what we’re working with in this example

Now run:

# fdisk -B /dev/rdsk/c4t0d0s0

Now you can get the geometry using the following:

# fdisk -W - /dev/rdsk/c4t0d0s0

Now, look at output from previous step and find max MB (MAXSIZE) of usable storage. You do this by multiplying bytes/sector (usually 512 at the top) with num sectors at the bottom of output (in my case, a 4 GB drive had roughly 7.9Million sections or so) divide by (1024*1024) to yield MB (should be 3900 MB or so for a 4GB flash stick.

slices: 0 = 2MB, {$MAXSIZE-3}MB, "wm", "root" :

1 = 0, 1MB, "wu", "boot" :

2 = 0, {$MAXSIZE - 1}MB, "wm", "backup"

Here is a “slices.txt” file for a 256 mb thumbdrive

slices: 0 = 2MB, 244MB, "wm", "root" :

1 = 0, 1MB, "wu", "boot" :

2 = 0, 246MB, "wm", "backup"

Now put this label to the drive

# rmformat -s ./path/to/slices.txt /dev/rdsk/c4t0d0p0

Now to refresh Solaris devices:

# devfsadm; devfsadm -C

Now to create the filesystem, mount it and copy the necessary files

# newfs /dev/rdsk/c4t0d0s0
# mkdir /mnt/backup
# mount /dev/dsk/c4t0d0s0 /mnt/backup
# cd /mnt/backup
# cp -r /boot ./boot
# cp -r /platform ./platform

Now lets make this bootable

# fdisk /dev/rdsk/c4t0d0p0

Set partition 1 active using option 2

# cd /mnt/backup/boot/grub/
# installgrub stage1 stage2 /dev/rdsk/c4t0d0s0

Now safely unmount

 # cd /;umount /mnt/backup

references:

Giving USB the boot - install

Categories: Docs
No Comments »

AppleTalk on Solaris (AFP)

7:45 pm

AppleTalk has been quite a popular choice for networking computers mainly because it’s, well, made by Apple. It was supposedly made solely for Apple computers but the Internet folks have never been one to settle for should be’s and would rather run after could be’s. If cheap mobile phones today can be hacked to become as efficient as high-end phones, why not try making AppleTalk work on other operating systems right? That’s what we’re aiming to do on this page, make AppleTalk work on Solaris.

[Taken from: www.unixzone.dk]

Netatalk 2.0.3 requires some patching to compile on Solaris 10 (or OpenSolaris)

netatalk
Berkeley DB 4.2.52
GCC compiler, Sun Studio didn’t work for me
Patches: netatalk-2.0.3/sys/netatalk/at.h and netatalk-2.0.3/sys/solaris/tpi.c

Click <HERE> for build instructions for DB

On Solaris we don’t use ranlib, LDFLAGS adds /usr/local/lib to the
library search path where my Berkeley DB libs are , rest of the options
are self-explanatory.

 # gzip -cd netatalk-2.0.3.tar.gz | tar xf -
# gzip -cd patches.tar.gz | tar xf -
# cd netatalk-2.0.3
# RANLIB=echo CC=gcc LDFLAGS=-R/usr/local/BerkeleyDB.4.2/lib
./configure --prefix=/opt/netatalk --with-ssl-dir=/usr/sfw
--with-bdb=/usr/local/BerkeleyDB.4.2 --without-pam --disable-ddp
--disable-tcp-wrappers  --disable-srvloc --with-cnid-dbd-backend
# echo "#define SOLARIS2 10" >>config.h

Depending on the version of your Solaris installation, you’ll want to
change this to match, ie. 8, 9, 10, or 11 for OpenSolaris.

Patch the source to support x64 Solaris

 # patch -i ../patches/at.h.patch sys/netatalk/at.h
Looks like a unified context diff.
done
#  patch -i ../patches/config.h.patch ./config.h
Looks like a normal diff.
done
# patch -i ../patches/endian.h.patch sys/netatalk/endian.h
Looks like a normal diff.
done
# patch -i ../patches/tpi.c.patch sys/solaris/tpi.c
Looks like a unified context diff.
done

Build and install the software

 # make
# make install

Under Solaris, you must create atalkd.conf, since Solaris provides no
method for determining the names of the available interfaces. It is
sufficent to name the available interfaces in atalkd.conf, one per line.
E.g.
eri0
on a line by itself on many Suns, hme0 on Ultras etc. See atalkd(8).

Create init script and add to Sun’s svc system

 # cp distrib/initscripts/rc.atalk.sysv /opt/local/lib/svc/method/netatalk

Place netatalk.xml somewhere on the file system

 # svccfg import /path/to/netatalk.xml
# svcadm enable netatalk
# rm /path/to/netatalk.xml

Now for configuration:

 # cd /opt/netatalk/etc/netatalk/
# ls -l
total 96
-rw-r--r--   1 root     root       5066   Apr  4 15:21 AppleVolumes.default
-rw-r--r--   1 root     root       25124  Apr  2 14:49 AppleVolumes.system
-rw-r--r--   1 root     root       11259  Apr  4 14:59 afpd.conf
-rw-r--r--   1 root     root       1059   Apr  4 11:57 atalkd.conf
-rw-r--r--   1 root     root       1429   Apr  4 15:01 netatalk.conf
-rw-r--r--   1 root     root       1479   Apr  2 14:49 papd.conf
drwxr-xr-x   2 root     root       512    Apr  3 11:49 uams
#

Add the following to “afpd.conf”:

 "Solaris AFP" -uamlist uams_guest.so -loginmesg "Welcome, $u!" -transall -noddp -tcp

Configure “netatalk.conf” as seen here:

 # Appletalk configuration
# Change this to increase the maximum number of clients that can connect:
AFPD_MAX_CLIENTS=50

# Change this to set the machine’s atalk name and zone, the latter containing
# the ‘@’ sign as first character — compare with nbp_name(3) if in doubt
#
# NOTE: If Netatalk should register AppleTalk services in the standard zone
#       then you need not to specify a zone name here.

#
#       If your zone has spaces in it, you’re better off specifying
#       it in afpd.conf if you realize that your distribution doesn’t
#       handle spaces correctly in the startup script. Remember to use
#       quotes here if the zone name contains spaces.
#
#ATALK_ZONE=”@some zone”
ATALK_NAME=`echo ${HOSTNAME}|cut -d. -f1`
# specify the Mac and unix charsets to be used

ATALK_MAC_CHARSET=’MAC_ROMAN’
ATALK_UNIX_CHARSET=’LOCALE’
# specify this if you don’t want guest, clrtxt, and dhx
# available options: uams_guest.so, uams_clrtxt.so, uams_dhx.so,
#                    uams_randnum.so
#AFPD_UAMLIST=”-U uams_clrtxt.so,uams_dhx.so”
# Change this to set the id of the guest user
AFPD_GUEST=nobody
# Set which daemons to run (papd is dependent upon atalkd):

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no
# Control whether the daemons are started in the background
ATALK_BGROUND=no
# export the charsets, read form ENV by apps

export ATALK_MAC_CHARSET
export ATALK_UNIX_CHARSET

Add the following to “AppleVolumes.default”:

 :DEFAULT: cnidscheme:dbd
/Storage "Storage" rwlist:nobody