= Welcome to the Proxy Factory project = == Objective == The aim of this project is to build a 'factory' based on Nanobsd to generate proxy images, similar to the 'nodefactory' that is used for generating node-images. We will try to incorporate the results of the [http://www.genericproxy.org/ Hogeschool Leiden project 'generic proxy']. == Functionality == * proxy server for internet browsing from wleiden.net (no access to local subnet if present), e.g. tinyproxy * name server for wleiden.net, e.g. nsd * ntpd for wleiden.net * sshd for administrative use * snmpd for monitoring * no browsing from wleiden.net of local webserver(s) * access to wleiden.net from local network * SSH tunnel to dellas (backdoor) == Previous (and other ongoing) work == Basic work on configuration of a proxy-PC has been done by Dennis, see http://svn.wirelessleiden.nl/svn/projects/proxy/. There is also a howto-description for building proxy-images on the basis of the (outdated) FreeBSD6.0 configuration: http://svn.wirelessleiden.nl/svn/projects/proxy/proxy_op_soekris.txt. Recently Richard has provided some notes on building a proxy for a Soekris-compact flash card: http://svn.wirelessleiden.nl/svn/projects/proxy/2.0/ Hogeschool Leiden is carrying out the GenericProxy project, see also [http://www.genericproxy.org Generic Proxy project website]. == Approach == Files will be stored in a dedicated [http://svn.wirelessleiden.nl/svn/projects/proxy/2.0 svn directory]. We will use the NodeFactory as the basis for this project, based on nanobsd, but build on FreeBSD-8.0. Tinyproxy, ntpd, sshd, snmpd are already included in the packagelist. * rebuilding the nodefactory on the basis of FreeBSD-8.0 No surprises here. We do not need the patches to the driver modules, only usbdevs.patch is still required. * kernel configuration needs some adjustments for 8.0. notably following options should be commented out: * # options CLK_USE_I8254_CALIBRATION * # options ADAPTIVE_GIANT # Giant mutex is adaptive. * # device wlan_scan_ap # 802.11 AP mode scanning. * # device wlan_scan_sta # 802.11 STA mode scanning. * # device ppp # Kernel PPP * # device ugen # Generic * # device sio * adjustments of nanobsd.wleiden config file (required for kernel to build): add the option NANO_PARALLEL_MAKE="1" = Building a Proxy Factory = Please note that you can find the supporting files in the subdirectory [source:nanobsd]. Also keep a close look at the ''INFO'' ''WARN'' ''ERR'' directives as they guide you trough the common pitfalls of the guide. == A. Setup a FreeBSD host == ---- WARN: Make sure ''/usr'' is '''at least 5GB''' in size building as building images require quite some space [[BR]] WARN: Make sure you install the '''i386''' release of FreeBSD also when your system does support amd64, as cross compiling can give some nasty surprises [[BR]] ---- Get yourself a fresh i386 freebsd host with ports and subversion installed as follows: A.1. Run the basic CD installer of 8.0. The procedure below has been tested with 8.0-RELEASE (standard developer install - no ports - will fit our needs). Installing FreeBSD is outside the scope of this document, take a look into [http://www.freebsd.org/doc/en/books/handbook/install.html the FreeBSD handbook Chapter 2 Installing FreeBSD] if you do not know the details. Please do mind that all commands below need to be executed as root, due to the many mounts and unmounts done in various phases. Internet connection is required. Set correct date/time, e.g. {{{ $ ntpdate -s pool.ntp.org }}} A.2. get latest sources {{{ $ csup -h cvsup.nl.freebsd.org /usr/share/examples/cvsup/standard-supfile }}} A.3 fetch ports {{{ $ portsnap fetch extract }}} A.4 set some usefull variables Edit the shell configuration file .cshrc: {{{ vi /root/.cshrc }}} check whether ftp is set to passive mode, to avoid potential firewall issues: {{{ setenv FTP_PASSIVE_MODE YES }}} set a default password for the images that you will produce {{{ setenv CFG_ROOT_PASSWORD [default password] }}} and define the svn download directory: {{{ setenv R /root/nanobsd }}} A.5. install subversion . NOTE: Install all packages via ports to prevent issues later on! {{{ $ cd /usr/ports/devel/subversion; make install clean BATCH=yes }}} A.6. OPTIONAL, every developer has his own preferences, these are mine ;-) {{{ $ (cd /usr/ports/editors/vim-lite; make install clean BATCH=yes) $ (cd /usr/ports/security/sudo; make install clean BATCH=yes) $ (cd /usr/ports/sysutils/screen; make install clean BATCH=yes) }}} == B. Build environment == B.1 Download the environment from the Wireless Leiden svn repository {{{ $ $ svn checkout http://svn.wirelessleiden.nl/svn/projects/proxy/2.0/nanobsd/nanobsd $R $ cd $R }}} Note: if svn is not found: svn is in /usr/local/bin, alternatively log out and in, or use {{{rehash}}} in a {{{csh}}} shell to make it available. B.2. Compile all required packages using {{{ $ /root/nanobsd/tools/package-build.sh }}} == About Trac == * TracGuide -- Built-in Documentation * [http://trac.edgewall.org/ The Trac project] -- Trac Open Source Project * [http://trac.edgewall.org/wiki/TracFaq Trac FAQ] -- Frequently Asked Questions * TracSupport -- Trac Support For a complete list of local wiki pages, see TitleIndex.