Changeset 10136 in hybrid for trunk/nanobsd/files


Ignore:
Timestamp:
Mar 12, 2012, 6:32:43 AM (13 years ago)
Author:
richardvm
Message:

domme toevoeging van proxy files

Location:
trunk/nanobsd/files
Files:
15 added
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/nanobsd/files/boot/loader.conf

    r10135 r10136  
    2020# Force output to run trough the comconsole, no exceptions
    2121console="comconsole"
    22 
    23 # moduleis for usb-lan adapters
    24 if_mos_load="YES"
    25 if_axe_load="YES"
    26 if_aue_load="YES"
    27 
    28 
  • trunk/nanobsd/files/etc/crontab

    r10135 r10136  
    2828# Write updates for ntp.drift to flash
    29290       12      *       *       *       root    /usr/local/bin/write_ntpdrift
     30#
     31# Nagios checks
     3230      *       *       *       *       root    /usr/local/dense/dense.sh
     33*/15    *       *       *       *       root    /usr/local/sbin/check-inet-alive
  • trunk/nanobsd/files/etc/ipfw.sh

    r10135 r10136  
    11#!/bin/sh -
     2# Based on /etc/rc.firewall
     3#
     4# Credits: Richard van Mansom, Rick van der Zwet
    25
    3 # Based on /etc/rc.firewall
     6
     7allowed2internet="80,443"
     8maxconnections="10"
     9
     10RFC1918_nets="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
     11WLNET='172.16.0.0/12'
    412
    513# Suck in the configuration variables.
     
    3442esac
    3543
     44###########
     45# Set Internal/External Interface
     46#
     47driver=`echo ${internalif} | sed 's/[0-9]*//g'`
     48seq=`echo ${internalif} | sed 's/[a-zA-Z]*//g'`
     49
     50if [ ${seq} = 0 ]; then
     51  seq=`expr ${seq} \+ 1`
     52else
     53  seq=`expr ${seq} \- 1`
     54fi
     55
     56externalif="$driver$seq"
     57
     58# Get interface Addresses
     59externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'`
     60internalip=`ifconfig $internalif | awk '/inet/ { print $2 }'`
    3661############
    3762# Flush out the list before we begin.
     
    4166setup_loopback
    4267
    43 ############
    44 
    45 # By default no firewalling
    46 ${fwcmd} add 65000 pass all from any to any
    47 
    48 # Transproxy/WLportal/Captive portal
    49 ${fwcmd} add 10000 allow tcp from any to localhost 80
    50 ${fwcmd} add 10001 allow tcp from any to me 80
    5168
    5269############
    53 # Reserved: Whitelist rule numbers
    54 # 10002 - 10009
    55 NR=10002
    56   for IP in $captive_portal_whitelist; do
    57   ${fwcmd} add $NR allow tcp from $IP to not 172.16.0.0/12 dst-port 80
    58   NR=`expr $NR + 1`
     70# Block the hosters network (and maybe others)
     71for IP in ${firewall_block}
     72do
     73  ${fwcmd} add deny ip from any to ${IP} in via $internalif
    5974done
    6075
    6176############
    62 # Reserved: WLPortal rule numbers
    63 # 10010 - 10099
     77# Statefull filewall in use
     78${fwcmd} add check-state
    6479
    65 # Forward rules work without a base address, so needed a loop over all inet4 adresses
    66 for INF in $captive_portal_interfaces; do
    67   ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF}
    68 done
     80# Allow anything originating from me
     81${fwcmd} add allow ip from me to any keep-state
     82
     83
     84#############
     85# Outbound NAT setup
     86# WL Net -> Internet
     87${fwcmd} add nat 100 all from $WLNET to any out recv $internalif xmit $externalif
     88${fwcmd} add nat 100 all from any to $externalip in recv $externalif
     89${fwcmd} nat 100 config if $externalif
     90
     91# Subnet Internet is allowed
     92${fwcmd} add allow tcp from $WLNET to any $allowed2internet in via $internalif setup limit src-addr $maxconnections
     93
     94
     95#############
     96# Internal Network -> WL Net
     97# Inbound NAT setup, to allow proxy device to be used gateway from Internal Network to WL
     98${fwcmd} add nat 200 all from $RFC1918_nets to $WLNET out recv $externalif xmit $internalif
     99${fwcmd} add nat 200 all from $WLNET to $internalip in recv $internalif
     100${fwcmd} nat 200 config if $internalif
     101
     102# Allow all traffic inbound
     103${fwcmd} add allow all from $RFC1918_nets to $WLNET in recv $externalif keep-state
     104
     105
     106#############
     107## Services in use
     108## Allow on external interface
     109external_allow_tcp="ssh"
     110${fwcmd} add allow tcp from any to me $external_allow_tcp via $externalif setup keep-state
     111
     112## Allow on internal interface
     113internal_allow_tcp="ssh,domain,3128"
     114internal_allow_udp="ntp,domain,snmp,12345"
     115${fwcmd} add allow udp from $WLNET to me ${internal_allow_udp} via $internalif keep-state
     116${fwcmd} add allow tcp from $WLNET to me ${internal_allow_tcp} via $internalif setup keep-state
     117
     118# Basic ICMP managment traffic
     119${fwcmd} add allow icmp from any to me icmptype 8
     120${fwcmd} add allow icmp from me to any icmptype 3,4,11
     121
     122
     123#############
     124# Block anything else
     125${fwcmd} add 65000 deny log logamount 500 ip from any to any
     126
  • trunk/nanobsd/files/etc/ntp.conf

    r10135 r10136  
    11#XXX: Might need to be dynamic
    22
    3 server 172.17.8.68    # proxy1
    4 server 172.17.143.4   # proxy2
    5 server 172.20.128.98  # proxy3
    6 server 172.16.2.254   # proxy4
    7 server 172.19.168.66  # proxy5
    8 server 172.16.3.146   # proxy6
    9 server 172.17.16.66   # proxy62
    10 server 172.17.0.1     # proxy7
    11 server 172.16.4.54    # proxy9
    12 server 172.22.0.66    # proxy10
    13 server 172.23.25.66   # proxy11
    14 server 172.16.3.98    # proxy13
    15 server 172.17.169.66  # proxy97
     3# server 172.17.8.68    # proxy1
     4# server 172.17.143.4   # proxy2
     5# server 172.20.128.98  # proxy3
     6# server 172.19.137.67  # proxy4
     7# server 172.19.168.66  # proxy5
     8
     9#XXX: All it's local nighboor addresses
     10
     11# server proxy1.wleiden.net #   autokey
     12# server proxy2.wleiden.net #   autokey
     13# server proxy3.wleiden.net #   autokey
     14server 0.nl.pool.ntp.org
     15server 1.nl.pool.ntp.org
     16server 2.nl.pool.ntp.org
     17server 3.nl.pool.ntp.org
     18  #     In case machine get hooked to internet (and got working dns)
     19
     20
    1621
    1722# and if all failes - use our local crummy clock
  • trunk/nanobsd/files/etc/rc.conf

    r10135 r10136  
    22dumpdev="NO"                    # No kernel dumps as we don't have a place to
    33                                # store them
    4 gateway_enable="YES"            # Act like a gateway please
     4gateway_enable="NO"             # Do NOT act like a gateway
    55ipv6_enable="NO"                # No IPv6 support for now, near feature... ;-)
    6 
    7 # Firewall needed for port redirection (captive portal, splash screen)
    8 firewall_enable="YES"
    9 firewall_script="/etc/ipfw.sh"
    106
    117# NTP server needs working config with WL network or internet on boot
     
    2117# Don't let syslog accept input from other remote hosts
    2218syslogd_enable="YES"
    23 syslogd_flags="-s -A -c"
     19syslogd_flags="-s -A -c -b 127.0.0.1"
    2420
    2521# Remote login without DNS checking as it might not also be functionable
     
    3430update_nanobsd_motd="YES"
    3531
    36 ## Port extentions
    37 # Serve our clients some pretty cool IP address to at least get connected
    38 # Also some low-memory footprint dns resolver
    39 dnsmasq_enable="YES"
    40 
    4132# Monitoring deamons
    4233nrpe2_enable="YES"
     
    4435snmpd_flags="-a -LF w /var/log/snmpd.log"
    4536
    46 # Some nodes will serve as HTTP(S) proxy server
    47 tinyproxy_enable="NO"
     37# HTTP(S) proxy server
     38tinyproxy_enable="YES"
    4839
    49 ## WL ports extentions
    50 thttpd_enable="YES"
    51 http302_enable="YES"
    52 
    53 lvrouted_enable="YES"
    54 lvrouted_flags="-u -s s00p3rs3kr3t -m 28 -z 172.16.2.254,172.17.0.1,172.23.25.66,172.17.169.66"
     40# Nameserver for internet and wleiden.net
     41maradns_enable="YES"
     42dnsmasq_enable="NO"
     43fetchzone_enable="YES"
    5544
    5645# Make sure generated ssh keys are saved
    5746nanobsd_save_sshkeys_enable="YES"
    5847
    59 # Do some cool stuff with pen, like checking on best connections and reload, so
    60 # need a wrapper instead of the conventional startup script
    61 pen_wrapper_enable="YES"
    62 
    63 ## Initial (network) configuration
    64 #
    65 hostname="ChangeMe.example.org"
    66 # XXX: Maybe something cool (zero config) as initial configuration
    67 
    68 ## Iperf server mode
    69 #
    70 iperf_enable="YES"
  • trunk/nanobsd/files/etc/sysctl.conf

    r10135 r10136  
    1 # Value depends on link radio with estimated range of 500m, which seems to be a
    2 # maximum usage of our Omni Antenna's. Calculation used:
    3 #   (remember radio signals travel with 300m/s)
    4 #   acktimeout = 23 + (link_length * 2 / 300)
    5 dev.ath.0.slottime=23
    6 dev.ath.0.acktimeout=27
    7 dev.ath.0.ctstimeout=27
    8 net.link.ether.inet.max_age=300
     1#XXX: Might needs to be dynamic as value depends on link length
     2# Turned of since it is highly unlikely that a proxy will use a wlan interface
     3# dev.ath.0.acktimeout=35
     4# dev.ath.1.acktimeout=35
     5# dev.ath.2.acktimeout=35
  • trunk/nanobsd/files/tools/wl-config

    r10135 r10136  
    11#!/bin/sh
    2 # Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd)
     2# Wireless Leiden proxy config-update script for FreeBSD 8.0 (nanobsd)
    33# Based on the 'API' of Jasper
    4 # Rick van der Zwet
     4# Rick van der Zwet ; Richard van Mansom
    55# XXX: TODO, some proper error checking for fetch
    66
    7 
    8 # Slow connection = no connection
    9 export HTTP_TIMEOUT=3
    10 
    11 
    12 check_access() {
    13   # Direct Access - Internal IP
    14   BASEURL="http://172.16.4.46/wleiden/config/"
    15   echo "# INFO: Trying to fetch via internal WL $BASEURL"
    16   fetch -o /dev/null -q $BASEURL > /dev/null && return
    17   echo "# WARN: Fetch via internal $BASEURL failed"
    18  
    19   # Direct Access - External DNS
    20   BASEURL="http://132.229.112.21/wleiden/config/"
    21   echo "# INFO: Trying to fetch via external $BASEURL"
    22   fetch -o /dev/null -q $BASEURL > /dev/null && return
    23   echo "# CRIT: Fetch via external $BASEURL failed"
    24 
    25   exit 1
    26 }
    27 check_access
    28 
     7BASEURL="http://132.229.112.21/config/iris/proxy/FreeBSD/8.0-RELEASE/g_list.pl"
    298
    309# Default config to fetch
    31 CONFIG=`hostname -s`
     10CONFIG=`hostname -s | tr '[A-Z]' '[a-z]'`
    3211
    3312# Determine it's statup and running location and some other hints
    3413# Skip named.conf as it not planned in current release
    35 FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf motd wleiden.yaml"
     14FILES="authorized_keys rc.conf.local resolv.conf"
    3615file_details() {
    3716  case "$1" in
     
    4019     RUNNING_LOC="/etc/dot_ssh/${FILE}"
    4120     FILE_HINT=""
    42    ;;
    43   'motd')
    44      STARTUP_LOC="/cfg/$1"
    45      RUNNING_LOC="/etc/$1"
    46      FILE_HINT=""
    47    ;;
    48   'dnsmasq.conf')
    49      STARTUP_LOC="/cfg/local/${FILE}"
    50      RUNNING_LOC="/etc/local/${FILE}"
    51      FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart"
    52    ;;
    53   'named.conf')
    54      STARTUP_LOC="/cfg/namedb/${FILE}"
    55      RUNNING_LOC="/etc/namedb/${FILE}"
    56      FILE_HINT="/etc/rc.d/named restart"
    5721   ;;
    5822  'rc.conf.local')
     
    6630     FILE_HINT=""
    6731   ;;
    68    'wleiden.yaml')
    69      STARTUP_LOC="/cfg/local/${FILE}"
    70      RUNNING_LOC="/etc/local/${FILE}"
    71      FILE_HINT=""
    72    ;;
    7332  esac
    7433}
     
    7736        (
    7837        echo "Usage: $0 [-bn] [-c <config>] [-m <all|startup|testing|running>]"
    79         echo "  -b          = batch mode, no user input"
    80         echo "  -c <config> = default configuration to fetch"
    81         echo "  -n          = do not mount config partition"
    82         echo "  -m all      = copy config files to running & config partition [default]"
    83         echo "  -m startup  = copy config files to config partition"
    84         echo "  -m testing  = do not copy config files"
    85         echo "  -m running  = copy config files to running partition"
    86         echo "  -m hack     = copy running files to config partition"
     38        echo "  -b              batch mode, no user input"
     39        echo "  -c <config>     default configuration to fetch"
     40        echo "  -n              do not mount config partition"
     41        echo "  -m all          copy config files to running & config partition [default]"
     42        echo "  -m startup      copy config files to config partition"
     43        echo "  -m testing      do not copy config files"
     44        echo "  -m running      copy config files to running partition"
     45        echo "  -m hack         copy running files to config partition"
    8746        ) 1>&2
    8847        exit 2
     
    12180 
    12281  if [ "${OPT_RUNNING}" -eq 1 ]; then
    123     echo "# INFO: Storing new config files in running configuration"
     82    echo "INFO: Storing new config files in running configuration"
    12483  fi
    12584 
    12685  if [ "${OPT_STARTUP}" -eq 1 ]; then
    127     echo "# INFO: Storing new config files in startup configuration"
     86    echo "INFO: Storing new config files in startup configuration"
    12887  fi
    12988 
    13089  if [ "${OPT_HACK}" -eq 1 ]; then
    131     echo "# WARN: Copy running configuration to startup configuration"
    132     echo "# WARN: Please do mind to document/mention this changes somewhere"
     90    echo "WARN: Copy running configuration to startup configuration"
     91    echo "WARN: Please do mind to document/mention this changes somewhere"
    13392  fi
    13493
     
    148107  else
    149108     echo "WARNING: Input '${INPUT}' is not valid, some hints..."
    150      grep -i "${INPUT}" ${TMPDIR}/node_list.txt
     109     grep "${INPUT}" ${TMPDIR}/node_list.txt
    151110     return 1
    152111  fi 
     
    197156# Copy file, saving some bits if no change needed
    198157copy_file() {
    199   NEWFILE=$1
     158  SOURCE=$1
    200159  TARGET=$2
    201   diff -I '^# Generated at ' ${TARGET} ${NEWFILE} 2>/dev/null
     160  diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null
    202161  if [ $? -ne 0 ]; then
    203162    mkdir -p `dirname ${TARGET}` || exit 1
    204     cp ${NEWFILE} ${TARGET} || exit 1
     163    cp ${SOURCE} ${TARGET} || exit 1
    205164    return $?
    206165  fi
     
    241200    file_details ${FILE}
    242201 
    243     echo "# INFO: Working on file: '${FILE}'"
     202    echo "INFO: Working on file: '${FILE}'"
    244203    # Copy file boot location
    245204    if [ ${OPT_STARTUP} -eq 1 ]; then
     
    251210      copy_file ${FRESH_LOC} ${RUNNING_LOC}
    252211      if [ $? -eq 0 ]; then
    253         echo "# INFO: '${FILE}' changed" 
     212        echo "INFO: '${FILE}' changed" 
    254213        if [ -n "${FILE_HINT}" ]; then
    255           echo "# INFO: For instant activate: ${FILE_HINT}"
     214          echo "INFO: For instant activate: ${FILE_HINT}"
    256215          echo ""
    257216        fi
  • trunk/nanobsd/files/usr/local/bin/pen_wrapper

    r10135 r10136  
    99
    1010#XXX: Really static list, some dynamic alternative prefered
    11 PROXY_LIST="${3-172.17.8.68:3128   \
    12                 172.17.143.4:3128  \
    13                 172.20.128.98:3128 \
    14                 172.16.2.254:3128  \
    15                 172.19.168.66:3128 \
    16                 172.16.3.146:3128  \
    17                 172.17.16.66:3128  \
    18                 172.17.0.1:3128    \
    19                 172.16.4.54:3128   \
    20                 172.22.0.66:3128   \
    21                 172.23.25.66:3128  \
    22                 172.17.169.66:3128}"
     11PROXY_LIST="${3-172.17.8.68:3128 172.17.143.4:3128 172.20.128.98:3128 172.16.2.254:3128 172.19.168.66:3128}"
    2312
    2413
  • trunk/nanobsd/files/usr/local/etc/nrpe.cfg

    r10135 r10136  
    77command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
    88command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20
    9 command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 15% -c 10% -p /
     9command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /
    1010command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var
    1111command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70
    12 command[check_inet]=/usr/local/libexec/nagios/check_inet
    13 command[check_inet2]=/usr/local/libexec/nagios/check_inet2
    14 command[check_lv]=/usr/local/libexec/nagios/check_lv
     12
  • trunk/nanobsd/files/usr/local/etc/tinyproxy.conf

    r10135 r10136  
    8080# output, but Notice and below would be suppressed.
    8181#
    82 LogLevel Info
     82LogLevel Warning
    8383
    8484#
     
    181181# The location of the filter file.
    182182#
    183 #Filter "/etc/tinyproxy/filter"
     183Filter "/usr/local/etc/tinyproxy.filter"
    184184
    185185#
     
    206206# deny everything which is _not_ specifically allowed by the filter file.
    207207#
    208 #FilterDefaultDeny Yes
     208FilterDefaultDeny No
    209209
    210210#
  • trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf

    r10135 r10136  
    4747
    4848#    name         max min
    49 proc lvrouted.opt 1   1
    5049proc sshd         8   1
    5150proc syslogd      1   1
    5251proc ntpd         1   1
    5352proc snmpd        1   1
    54 proc dhcpd        1   1
    55 proc pen          1   1
    5653proc cron         2   1
    57 proc named        1   1
    5854
    5955
     
    8076
    8177pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf
    82 
    83 extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh
    84 extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh
    85 
    86 extend .1.3.6.1.4.1.2021.70 dhcp-users /bin/sh -c "/bin/cat /var/db/dnsmasq.leases \| awk '{ print $1,$2,$3 }'"
    87 extend .1.3.6.1.4.1.2021.71 portal-users /bin/sh -c "/bin/cat /var/db/clients \| awk '{ print $1,$2,$3 }'"
    88 extend .1.3.6.1.4.1.2021.72 arp-users /bin/sh -c "/bin/cat /var/db/connect.gone \| awk '{ print $1,$2,$3 }'"
    89 
    90 extend wl-release /bin/cat /tools/wl-release.txt
    91 extend wl-version /usr/bin/awk 'BEGIN{FS=": "}/^URL:/ {u=$2}; /^Last Changed Rev:/ {r=$2}; END{print u"@"r}' /tools/wl-release.txt
    92 
Note: See TracChangeset for help on using the changeset viewer.