Changeset 10136 in hybrid for trunk/nanobsd/files
- Timestamp:
- Mar 12, 2012, 6:32:43 AM (13 years ago)
- Location:
- trunk/nanobsd/files
- Files:
-
- 15 added
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/nanobsd/files/boot/loader.conf
r10135 r10136 20 20 # Force output to run trough the comconsole, no exceptions 21 21 console="comconsole" 22 23 # moduleis for usb-lan adapters24 if_mos_load="YES"25 if_axe_load="YES"26 if_aue_load="YES"27 28 -
trunk/nanobsd/files/etc/crontab
r10135 r10136 28 28 # Write updates for ntp.drift to flash 29 29 0 12 * * * root /usr/local/bin/write_ntpdrift 30 # 31 # Nagios checks 32 30 * * * * root /usr/local/dense/dense.sh 33 */15 * * * * root /usr/local/sbin/check-inet-alive -
trunk/nanobsd/files/etc/ipfw.sh
r10135 r10136 1 1 #!/bin/sh - 2 # Based on /etc/rc.firewall 3 # 4 # Credits: Richard van Mansom, Rick van der Zwet 2 5 3 # Based on /etc/rc.firewall 6 7 allowed2internet="80,443" 8 maxconnections="10" 9 10 RFC1918_nets="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" 11 WLNET='172.16.0.0/12' 4 12 5 13 # Suck in the configuration variables. … … 34 42 esac 35 43 44 ########### 45 # Set Internal/External Interface 46 # 47 driver=`echo ${internalif} | sed 's/[0-9]*//g'` 48 seq=`echo ${internalif} | sed 's/[a-zA-Z]*//g'` 49 50 if [ ${seq} = 0 ]; then 51 seq=`expr ${seq} \+ 1` 52 else 53 seq=`expr ${seq} \- 1` 54 fi 55 56 externalif="$driver$seq" 57 58 # Get interface Addresses 59 externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'` 60 internalip=`ifconfig $internalif | awk '/inet/ { print $2 }'` 36 61 ############ 37 62 # Flush out the list before we begin. … … 41 66 setup_loopback 42 67 43 ############44 45 # By default no firewalling46 ${fwcmd} add 65000 pass all from any to any47 48 # Transproxy/WLportal/Captive portal49 ${fwcmd} add 10000 allow tcp from any to localhost 8050 ${fwcmd} add 10001 allow tcp from any to me 8051 68 52 69 ############ 53 # Reserved: Whitelist rule numbers 54 # 10002 - 10009 55 NR=10002 56 for IP in $captive_portal_whitelist; do 57 ${fwcmd} add $NR allow tcp from $IP to not 172.16.0.0/12 dst-port 80 58 NR=`expr $NR + 1` 70 # Block the hosters network (and maybe others) 71 for IP in ${firewall_block} 72 do 73 ${fwcmd} add deny ip from any to ${IP} in via $internalif 59 74 done 60 75 61 76 ############ 62 # Reserved: WLPortal rule numbers63 # 10010 - 10099 77 # Statefull filewall in use 78 ${fwcmd} add check-state 64 79 65 # Forward rules work without a base address, so needed a loop over all inet4 adresses 66 for INF in $captive_portal_interfaces; do 67 ${fwcmd} add 10100 fwd 172.31.255.1,8081 tcp from any to not 172.16.0.0/12 80 in via ${INF} 68 done 80 # Allow anything originating from me 81 ${fwcmd} add allow ip from me to any keep-state 82 83 84 ############# 85 # Outbound NAT setup 86 # WL Net -> Internet 87 ${fwcmd} add nat 100 all from $WLNET to any out recv $internalif xmit $externalif 88 ${fwcmd} add nat 100 all from any to $externalip in recv $externalif 89 ${fwcmd} nat 100 config if $externalif 90 91 # Subnet Internet is allowed 92 ${fwcmd} add allow tcp from $WLNET to any $allowed2internet in via $internalif setup limit src-addr $maxconnections 93 94 95 ############# 96 # Internal Network -> WL Net 97 # Inbound NAT setup, to allow proxy device to be used gateway from Internal Network to WL 98 ${fwcmd} add nat 200 all from $RFC1918_nets to $WLNET out recv $externalif xmit $internalif 99 ${fwcmd} add nat 200 all from $WLNET to $internalip in recv $internalif 100 ${fwcmd} nat 200 config if $internalif 101 102 # Allow all traffic inbound 103 ${fwcmd} add allow all from $RFC1918_nets to $WLNET in recv $externalif keep-state 104 105 106 ############# 107 ## Services in use 108 ## Allow on external interface 109 external_allow_tcp="ssh" 110 ${fwcmd} add allow tcp from any to me $external_allow_tcp via $externalif setup keep-state 111 112 ## Allow on internal interface 113 internal_allow_tcp="ssh,domain,3128" 114 internal_allow_udp="ntp,domain,snmp,12345" 115 ${fwcmd} add allow udp from $WLNET to me ${internal_allow_udp} via $internalif keep-state 116 ${fwcmd} add allow tcp from $WLNET to me ${internal_allow_tcp} via $internalif setup keep-state 117 118 # Basic ICMP managment traffic 119 ${fwcmd} add allow icmp from any to me icmptype 8 120 ${fwcmd} add allow icmp from me to any icmptype 3,4,11 121 122 123 ############# 124 # Block anything else 125 ${fwcmd} add 65000 deny log logamount 500 ip from any to any 126 -
trunk/nanobsd/files/etc/ntp.conf
r10135 r10136 1 1 #XXX: Might need to be dynamic 2 2 3 server 172.17.8.68 # proxy1 4 server 172.17.143.4 # proxy2 5 server 172.20.128.98 # proxy3 6 server 172.16.2.254 # proxy4 7 server 172.19.168.66 # proxy5 8 server 172.16.3.146 # proxy6 9 server 172.17.16.66 # proxy62 10 server 172.17.0.1 # proxy7 11 server 172.16.4.54 # proxy9 12 server 172.22.0.66 # proxy10 13 server 172.23.25.66 # proxy11 14 server 172.16.3.98 # proxy13 15 server 172.17.169.66 # proxy97 3 # server 172.17.8.68 # proxy1 4 # server 172.17.143.4 # proxy2 5 # server 172.20.128.98 # proxy3 6 # server 172.19.137.67 # proxy4 7 # server 172.19.168.66 # proxy5 8 9 #XXX: All it's local nighboor addresses 10 11 # server proxy1.wleiden.net # autokey 12 # server proxy2.wleiden.net # autokey 13 # server proxy3.wleiden.net # autokey 14 server 0.nl.pool.ntp.org 15 server 1.nl.pool.ntp.org 16 server 2.nl.pool.ntp.org 17 server 3.nl.pool.ntp.org 18 # In case machine get hooked to internet (and got working dns) 19 20 16 21 17 22 # and if all failes - use our local crummy clock -
trunk/nanobsd/files/etc/rc.conf
r10135 r10136 2 2 dumpdev="NO" # No kernel dumps as we don't have a place to 3 3 # store them 4 gateway_enable=" YES" # Act like a gateway please4 gateway_enable="NO" # Do NOT act like a gateway 5 5 ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) 6 7 # Firewall needed for port redirection (captive portal, splash screen)8 firewall_enable="YES"9 firewall_script="/etc/ipfw.sh"10 6 11 7 # NTP server needs working config with WL network or internet on boot … … 21 17 # Don't let syslog accept input from other remote hosts 22 18 syslogd_enable="YES" 23 syslogd_flags="-s -A -c "19 syslogd_flags="-s -A -c -b 127.0.0.1" 24 20 25 21 # Remote login without DNS checking as it might not also be functionable … … 34 30 update_nanobsd_motd="YES" 35 31 36 ## Port extentions37 # Serve our clients some pretty cool IP address to at least get connected38 # Also some low-memory footprint dns resolver39 dnsmasq_enable="YES"40 41 32 # Monitoring deamons 42 33 nrpe2_enable="YES" … … 44 35 snmpd_flags="-a -LF w /var/log/snmpd.log" 45 36 46 # Some nodes will serve asHTTP(S) proxy server47 tinyproxy_enable=" NO"37 # HTTP(S) proxy server 38 tinyproxy_enable="YES" 48 39 49 ## WL ports extentions 50 thttpd_enable="YES" 51 http302_enable="YES" 52 53 lvrouted_enable="YES" 54 lvrouted_flags="-u -s s00p3rs3kr3t -m 28 -z 172.16.2.254,172.17.0.1,172.23.25.66,172.17.169.66" 40 # Nameserver for internet and wleiden.net 41 maradns_enable="YES" 42 dnsmasq_enable="NO" 43 fetchzone_enable="YES" 55 44 56 45 # Make sure generated ssh keys are saved 57 46 nanobsd_save_sshkeys_enable="YES" 58 47 59 # Do some cool stuff with pen, like checking on best connections and reload, so60 # need a wrapper instead of the conventional startup script61 pen_wrapper_enable="YES"62 63 ## Initial (network) configuration64 #65 hostname="ChangeMe.example.org"66 # XXX: Maybe something cool (zero config) as initial configuration67 68 ## Iperf server mode69 #70 iperf_enable="YES" -
trunk/nanobsd/files/etc/sysctl.conf
r10135 r10136 1 # Value depends on link radio with estimated range of 500m, which seems to be a 2 # maximum usage of our Omni Antenna's. Calculation used: 3 # (remember radio signals travel with 300m/s) 4 # acktimeout = 23 + (link_length * 2 / 300) 5 dev.ath.0.slottime=23 6 dev.ath.0.acktimeout=27 7 dev.ath.0.ctstimeout=27 8 net.link.ether.inet.max_age=300 1 #XXX: Might needs to be dynamic as value depends on link length 2 # Turned of since it is highly unlikely that a proxy will use a wlan interface 3 # dev.ath.0.acktimeout=35 4 # dev.ath.1.acktimeout=35 5 # dev.ath.2.acktimeout=35 -
trunk/nanobsd/files/tools/wl-config
r10135 r10136 1 1 #!/bin/sh 2 # Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd)2 # Wireless Leiden proxy config-update script for FreeBSD 8.0 (nanobsd) 3 3 # Based on the 'API' of Jasper 4 # Rick van der Zwet 4 # Rick van der Zwet ; Richard van Mansom 5 5 # XXX: TODO, some proper error checking for fetch 6 6 7 8 # Slow connection = no connection 9 export HTTP_TIMEOUT=3 10 11 12 check_access() { 13 # Direct Access - Internal IP 14 BASEURL="http://172.16.4.46/wleiden/config/" 15 echo "# INFO: Trying to fetch via internal WL $BASEURL" 16 fetch -o /dev/null -q $BASEURL > /dev/null && return 17 echo "# WARN: Fetch via internal $BASEURL failed" 18 19 # Direct Access - External DNS 20 BASEURL="http://132.229.112.21/wleiden/config/" 21 echo "# INFO: Trying to fetch via external $BASEURL" 22 fetch -o /dev/null -q $BASEURL > /dev/null && return 23 echo "# CRIT: Fetch via external $BASEURL failed" 24 25 exit 1 26 } 27 check_access 28 7 BASEURL="http://132.229.112.21/config/iris/proxy/FreeBSD/8.0-RELEASE/g_list.pl" 29 8 30 9 # Default config to fetch 31 CONFIG=`hostname -s `10 CONFIG=`hostname -s | tr '[A-Z]' '[a-z]'` 32 11 33 12 # Determine it's statup and running location and some other hints 34 13 # Skip named.conf as it not planned in current release 35 FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf motd wleiden.yaml"14 FILES="authorized_keys rc.conf.local resolv.conf" 36 15 file_details() { 37 16 case "$1" in … … 40 19 RUNNING_LOC="/etc/dot_ssh/${FILE}" 41 20 FILE_HINT="" 42 ;;43 'motd')44 STARTUP_LOC="/cfg/$1"45 RUNNING_LOC="/etc/$1"46 FILE_HINT=""47 ;;48 'dnsmasq.conf')49 STARTUP_LOC="/cfg/local/${FILE}"50 RUNNING_LOC="/etc/local/${FILE}"51 FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart"52 ;;53 'named.conf')54 STARTUP_LOC="/cfg/namedb/${FILE}"55 RUNNING_LOC="/etc/namedb/${FILE}"56 FILE_HINT="/etc/rc.d/named restart"57 21 ;; 58 22 'rc.conf.local') … … 66 30 FILE_HINT="" 67 31 ;; 68 'wleiden.yaml')69 STARTUP_LOC="/cfg/local/${FILE}"70 RUNNING_LOC="/etc/local/${FILE}"71 FILE_HINT=""72 ;;73 32 esac 74 33 } … … 77 36 ( 78 37 echo "Usage: $0 [-bn] [-c <config>] [-m <all|startup|testing|running>]" 79 echo " -b =batch mode, no user input"80 echo " -c <config> =default configuration to fetch"81 echo " -n =do not mount config partition"82 echo " -m all =copy config files to running & config partition [default]"83 echo " -m startup =copy config files to config partition"84 echo " -m testing =do not copy config files"85 echo " -m running =copy config files to running partition"86 echo " -m hack = copyrunning files to config partition"38 echo " -b batch mode, no user input" 39 echo " -c <config> default configuration to fetch" 40 echo " -n do not mount config partition" 41 echo " -m all copy config files to running & config partition [default]" 42 echo " -m startup copy config files to config partition" 43 echo " -m testing do not copy config files" 44 echo " -m running copy config files to running partition" 45 echo " -m hack copy running files to config partition" 87 46 ) 1>&2 88 47 exit 2 … … 121 80 122 81 if [ "${OPT_RUNNING}" -eq 1 ]; then 123 echo " #INFO: Storing new config files in running configuration"82 echo "INFO: Storing new config files in running configuration" 124 83 fi 125 84 126 85 if [ "${OPT_STARTUP}" -eq 1 ]; then 127 echo " #INFO: Storing new config files in startup configuration"86 echo "INFO: Storing new config files in startup configuration" 128 87 fi 129 88 130 89 if [ "${OPT_HACK}" -eq 1 ]; then 131 echo " #WARN: Copy running configuration to startup configuration"132 echo " #WARN: Please do mind to document/mention this changes somewhere"90 echo "WARN: Copy running configuration to startup configuration" 91 echo "WARN: Please do mind to document/mention this changes somewhere" 133 92 fi 134 93 … … 148 107 else 149 108 echo "WARNING: Input '${INPUT}' is not valid, some hints..." 150 grep -i"${INPUT}" ${TMPDIR}/node_list.txt109 grep "${INPUT}" ${TMPDIR}/node_list.txt 151 110 return 1 152 111 fi … … 197 156 # Copy file, saving some bits if no change needed 198 157 copy_file() { 199 NEWFILE=$1158 SOURCE=$1 200 159 TARGET=$2 201 diff - I '^# Generated at ' ${TARGET} ${NEWFILE}2>/dev/null160 diff -q ${SOURCE} ${TARGET} >/dev/null 2>/dev/null 202 161 if [ $? -ne 0 ]; then 203 162 mkdir -p `dirname ${TARGET}` || exit 1 204 cp ${ NEWFILE} ${TARGET} || exit 1163 cp ${SOURCE} ${TARGET} || exit 1 205 164 return $? 206 165 fi … … 241 200 file_details ${FILE} 242 201 243 echo " #INFO: Working on file: '${FILE}'"202 echo "INFO: Working on file: '${FILE}'" 244 203 # Copy file boot location 245 204 if [ ${OPT_STARTUP} -eq 1 ]; then … … 251 210 copy_file ${FRESH_LOC} ${RUNNING_LOC} 252 211 if [ $? -eq 0 ]; then 253 echo " #INFO: '${FILE}' changed"212 echo "INFO: '${FILE}' changed" 254 213 if [ -n "${FILE_HINT}" ]; then 255 echo " #INFO: For instant activate: ${FILE_HINT}"214 echo "INFO: For instant activate: ${FILE_HINT}" 256 215 echo "" 257 216 fi -
trunk/nanobsd/files/usr/local/bin/pen_wrapper
r10135 r10136 9 9 10 10 #XXX: Really static list, some dynamic alternative prefered 11 PROXY_LIST="${3-172.17.8.68:3128 \ 12 172.17.143.4:3128 \ 13 172.20.128.98:3128 \ 14 172.16.2.254:3128 \ 15 172.19.168.66:3128 \ 16 172.16.3.146:3128 \ 17 172.17.16.66:3128 \ 18 172.17.0.1:3128 \ 19 172.16.4.54:3128 \ 20 172.22.0.66:3128 \ 21 172.23.25.66:3128 \ 22 172.17.169.66:3128}" 11 PROXY_LIST="${3-172.17.8.68:3128 172.17.143.4:3128 172.20.128.98:3128 172.16.2.254:3128 172.19.168.66:3128}" 23 12 24 13 -
trunk/nanobsd/files/usr/local/etc/nrpe.cfg
r10135 r10136 7 7 command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10 8 8 command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20 9 command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 15% -c 10% -p /9 command[check_disk1]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p / 10 10 command[check_disk2]=/usr/local/libexec/nagios/check_disk -w 20% -c 10% -p /var 11 11 command[check_procs]=/usr/local/libexec/nagios/check_procs -w 55 -c 70 12 command[check_inet]=/usr/local/libexec/nagios/check_inet 13 command[check_inet2]=/usr/local/libexec/nagios/check_inet2 14 command[check_lv]=/usr/local/libexec/nagios/check_lv 12 -
trunk/nanobsd/files/usr/local/etc/tinyproxy.conf
r10135 r10136 80 80 # output, but Notice and below would be suppressed. 81 81 # 82 LogLevel Info82 LogLevel Warning 83 83 84 84 # … … 181 181 # The location of the filter file. 182 182 # 183 #Filter "/etc/tinyproxy/filter"183 Filter "/usr/local/etc/tinyproxy.filter" 184 184 185 185 # … … 206 206 # deny everything which is _not_ specifically allowed by the filter file. 207 207 # 208 #FilterDefaultDeny Yes 208 FilterDefaultDeny No 209 209 210 210 # -
trunk/nanobsd/files/usr/local/share/snmp/snmpd.conf
r10135 r10136 47 47 48 48 # name max min 49 proc lvrouted.opt 1 150 49 proc sshd 8 1 51 50 proc syslogd 1 1 52 51 proc ntpd 1 1 53 52 proc snmpd 1 1 54 proc dhcpd 1 155 proc pen 1 156 53 proc cron 2 1 57 proc named 1 158 54 59 55 … … 80 76 81 77 pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf 82 83 extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh84 extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh85 86 extend .1.3.6.1.4.1.2021.70 dhcp-users /bin/sh -c "/bin/cat /var/db/dnsmasq.leases \| awk '{ print $1,$2,$3 }'"87 extend .1.3.6.1.4.1.2021.71 portal-users /bin/sh -c "/bin/cat /var/db/clients \| awk '{ print $1,$2,$3 }'"88 extend .1.3.6.1.4.1.2021.72 arp-users /bin/sh -c "/bin/cat /var/db/connect.gone \| awk '{ print $1,$2,$3 }'"89 90 extend wl-release /bin/cat /tools/wl-release.txt91 extend wl-version /usr/bin/awk 'BEGIN{FS=": "}/^URL:/ {u=$2}; /^Last Changed Rev:/ {r=$2}; END{print u"@"r}' /tools/wl-release.txt92
Note:
See TracChangeset
for help on using the changeset viewer.