Configuring lrp
Introduction
This document was written in the hope of making easier the installation and maintenance of LRP based router or gateway.
It is not necessary for one to be highly knowledgeable in Linux to setup an LRP BOX. In fact, a computer literate person with no exposure to Linux or other flavors of Unix, after reading this manual and following the fundamental steps, can install and have an LRP box up and running in no time at all (provided of course all the basic hardware are all working).
It is however assumed that the LRP user has fundamental knowledge in the following areas
And a lot of patience and perseverance especially when bumping into troubles.
In case of trouble, do not bang your head against the wall. Help is available thru the LRP mailing list. Do not expect immediate replies though as the list is not manned by people dedicated or tasked as help desk and technical support. Generally, however, the people on the list, all ladies and gentlemen, do respond out of their good heart and when time is available.
Click here to subscribe and join the mail list. It is normally considered rude to post something to the mail list without being a subscriber.
To browse the archives see http://www.linuxrouter.org.
When posting a help request, please describe or write down exactly what the errors are. You can add your observations and the steps you have take or made before the errors occurred.
What is LRP
LRP stands for Linux Router Project. It is a one-floppy based Linux software (basic distribution affectionately labelled idiot image). It makes a robust and reliable router or gateway from a low-end Intel based PC.
Its layout mimics a rescue disk. It uses a floppy disk as the standard boot device and creates a filesystem (Minix) into a ramdisk thereby creating a solid state router.
The motivating factor in this design is to maintain a highly secured router by preventing possible hacking of the filesystem. If someone does succeeds, simply reboot using the floppy and the system is restored to its initial working state. Other security features are also utilised in the form of firewalling and address masquerading.
Basic Deployment of LRP
Basic Hardware Requirements
Basic Software Requirements
Pre-configuration Step
Basic Lrp Tools /Command
The default command prompt is "myrouter#"
Typed commands and syntax in LRP are case sensitive. Common errors are due to mis-typing (eg. uppercase A is not the same as lowercase a).
When navigating through the file system, the Slash ("/") is the default delimiter or separator, as opposed to the Backslash ("\") in DOS/Windows (eg. "cd /" in Linux corresponds to "cd \" in DOS/Windows).
File which has "lrp" as the extension is simply a file that was tar’ed first using tar (a linux archiver) then compressed using gzip (a linux compressor). Normally, it would look like filename.tar.gz or filename.tgz. The tgz extension has been renamed to lrp.
To uncompress or view an lrp file using WinZip, change the lrp extension to filename.tgz or filename.tar.gz.
Further, an lrp file is usually a package of files (eg. root.lrp, etc.lrp. log.lrp, local.lrp and modules.lrp – these are the fundamental building block of an LRP distribution – See appropriate section below of the composition of each) or applications (eg. ppp.lrp, gated.lrp, bind.lrp, etc – these are are standard Linux applications adapted for use in LRP (LRP’ed)).
Block devices
Floppy Drive
Unlike the DOS/Windows world where A: or B: are the default designations of the floppy drive, in the Unix world, they come in the form of /dev/fd0 (the default 1.44MB floppy drive).
To access the drive, you have to issue the mount command, define the file system to use, the device to mount, and the mount point (the location where to put the files).
Syntax example: mount –t msdos /dev/fd0 /mnt
(command) (type of filesystem) (device to mount) (mount point)
Explanation:
The command is : mount
The type of filesystem : -t msdos
The device to mount : /dev/fd0 (the floppy drive using 1440KB format)
The mount point is : /mnt
You can put the files anywhere provided the directory exist. If the existing directory have files, these files are temporarily inaccessible (they are not deleted but are put in the background) and will be accessible again once the mounted device (which in this example is /dev/fd0) is unmounted. Because of this, please choose an appropriate mount point (in LRP, it is commonly /mnt or you can use /tmp (create a directory first) or /root). I do not recommend using /lib, /etc, /bin, /proc, /sbin, /usr/sbin, etc.. as mount points. These directories contain binaries (executables), libraries and configuration files that the system use and if these are temporarily inaccessible to the system, you would experience weird errors.
To access information about a package, type
"help /path_to_package/package_name_without_the_lrp_extension"
The default editor is "ae" (Anthony’s Editor).
Any changes you make are written to the ramdisk (/dev/ram0 – This is where LRP root file system resides). These are not automatically written to or saved to the floppy disk. To make the changes committed to disk, you have to use the backup option in "lrcfg" – the LRP configuration, setup, and backup menu system (actually, it is a scripts-based menuing system).
Basic Commands
Piping/Redirection
|
>
>>
Command History
Up and Down Arrow keys
Console
Only two (2) consoles are configured in LRP. Other Linux ditributions have more. In simple terms, a console can be considered as your door, window or session interfacing with the Linux system. Once logged in, especially as root, you have full access to the entire system.
You can log simultaneously in both consoles, executing simultaneous jobs with no problems at all. Remember, Linux is a fully featured multi-tasking system.
Alt+F1 – Access or go to first console (tty1)
Alt+F2 - Access or go to second console (tty2)
Composition
linux – the Kernel
syslinux – the kernel boot loader
syslinux.cfg – the boot loader configuration file
syslinux.dpy – the LRP banner displayed at boot time
root.lrp
etc.lrp
local.lrp
log.lrp
modules.lrp
addon_packages.lrp
TIPS AND CUSTOMIZATION
Edit /root/.profile and disable the line that starts up "lrcfg". By doing this, you will have the root login prompt instead of the lrcfg menu.
Set the root password by
passwd root
Security
For each LRP box you make, keep in a secured place a copy of your working LRP disk as your backup copy. Label them accordingly.
Keep and secure the original LRP idiot disk (preferably without the modules.lrp) and disable all lines in /etc/modules file. This disk is especially useful when moving from one LRP box to another or configuring multiple LRP boxes. More so if these LRP boxes have different settings and use different NICs.
First, disable the HALT ON ALL ERRORS in the BIOS. Remove the LRP disk, keyboard and monitor. Put a visible label on the LRP box to denote, to you and to all persons that have access to the LRP box, it is a working LRP box.
(Side Story : I was working once, as a contractor in a big multinational company. In one of the lab rooms, a box was labelled as a backup server using plain paper, marking pen, and a scotch tape. One way or the other, the scotch tape got dislodged and the label was gone. Later on, someone in the IT group deemed it was a spare PC, ordered that it be pulled apart and have configured it as a workstation. Then somehow the Netware system went down. The network admin came rushing in and looking for the backup server (it contained a backup replica of the Netware system). Luckily, I was the one that pulled the system apart. I set aside the SCSI controller and SCSI drive and handed them over to the network admin after hearing about the missing backup server. It cost the company four (4) days downtime plus contractor cost. Compare this cost to one proper label or one box of proper labels.)
Move your floppy drive a bit more towards the inside of the case so you can suitably insert a dummy floppy drive front bezel panel or use a plain bezel panel. This will hide your floppy drive to the un-informed.
For LRP boxes deployed in commercial or production environments, consider using a small UPS (Uninterruptible Power Supply).
Use the idiot image as the base image.
Procedure:
For Kernel 2.0.36
Download the current idiot_image_1440KB_2_9.4(idiot image) from the download page area (http:///www.linuxrouter.org). You also need to download the rawrite utility from the /utils directory. The rawrite utility is used to write the idiot image to a floppy disk 1440kb).
Download other modules from the modmaker page (http://www.linuxrouter.org/modmaker). These modules are needed later as the idiot image /lib/modules directory is empty or the modules you need are might not be included in the idiot image.
For Kernel 2.2.X (currently 2.2.10ac3 and 2.2.11 versions)
Get them from http://lrp.plain.co.nz/
For DOS/Windows 3.x/Win9X users, copy the idiot image to an 8.3 filename, say lrp.img (instead of renaming - this way you have the original download file and you work on a copy only). Without shortening the long name to the 8.3 DOS format, DOS will complain it cannot find the file (because DOS/Win cannot handle the long name of the idiot image) when rawriting the idiot image to floppy disk.
For Linux users, just use dd if=input_file of=/dev/fd0
Before attempting to rawrite, perform a surface/media check on the floppy disk ,e.g. use "scandisk a: (or b:)/surface" preferably in DOS mode (so there is a graphical/colored status screen ). The purpose being is to ensure the floppy disk you are using is not a bad one (no red "B" marks reported by scandisk). This will save you a lot of frustration and aggravation later. If scandisk reports any bad blocks, trash the disk and get another disk. Then, repeat the scandisk procedure. This procedure is highly recommended when using high density formatting (1680kb, 1722kb or 1743kb).
Using a clean floppy disk, at the DOS Prompt, type
Dir_Path_To\rawrite
When prompted:
type in the Dir_Path_To\8.3DOS_ filename_of_idiot_image
type A or B (whichever is your 1440kb floppy drive).
Or
Rawrite -f Dir_Path_To\8.3DOS_ filename_of_idiot_image -d A (or B)
The imaged floppy should now have the following files
linux
syslinux.cfg
syslinux.dpy
root.lrp
etc.lrp
modules.lrp
log.lrp
local.lrp
ppp.lrp
The idiot image does not have any files in the modules.lrp.
Unzip the modules (generated by modmaker).
Record and setup your hardware
9.1. Setup and write down the PCI settings and the assigned interrupts.
Use same type of memory chips. LRP is loaded entirely into memory.
9.3. Note down the chip set and manufacturer of your NIC cards. If available, use the supplied setup/utility disk to determine/change the IO, IRQ settings and ,if necessary, turn off the Plug-n-Play feature of the card. If this setup/utility disk is not available, download one from the manufacturer's web site. Configure and test the NIC (including a cable test) one at a time. Write down the settings of each card. There should not be conflicting settings on IO level or on IRQ level. If your NIC are of Combo type (COAX/UTP) connection or just COAX connection, use terminators on the COAX connection. Put all the NICs in.
9.4. Set the BIOS to boot from the floppy drive.
9.5. Use a cleaned (free of dust), good, and working floppy drive or better still, use a new floppy drive.
Boot using the rawrited floppy (LRP disk). At the prompt (myrouter login:), login as root (the admin/supervisor/administrator of the Linux/Unix world) by typing in "root" (lowercase and without the apostrophes) and press Enter . The LRP menu will come up. For now, familiarize yourself with the LRP menu.
The LRP Menu
Main Menu - LRP Configuration Menu
1) Network Settings
This points to /etc/network.conf with the following default settings.
###############################################################################
# Auto configuration bypass (Say NO to use this file)
###############################################################################
DIRECT_SETTINGS_ONLY=NO
###############################################################################
# Default Settings
###############################################################################
VERBOSE=YES
MAX_LOOP=6
IPFWDING_KERNEL=NO
IPFWDING_FW=NO
CONFIG_HOSTNAME=NO
CONFIG_HOSTSFILE=NO
CONFIG_DNS=NO
###############################################################################
# Interfaces
###############################################################################
#IF0_IFNAME=eth0
IF0_IPADDR=192.168.1.194
IF0_NETMASK=255.255.255.192
IF0_BROADCAST=192.168.1.255
IF0_IP_SPOOF=YES
#IF1_IFNAME=eth1
IF1_IPADDR=192.168.2.1
IF1_NETMASK=255.255.255.0
IF1_BROADCAST=192.168.2.255
IF1_IP_SPOOF=YES
###############################################################################
# Hosts
###############################################################################
#HOST0_IPADDR=192.168.7.123
HOST0_GATEWAY_IF=default
HOST0_GATEWAY_IP=192.168.1.200
HOST0_IPMASQ=NO
HOST0_IPMASQ_IF=default
###############################################################################
# Networks
###############################################################################
#NET0_NETADDR=192.168.1.192
NET0_NETMASK=$IF0_NETMASK
NET0_GATEWAY_IF=default
NET0_GATEWAY_IP=default
NET0_IPMASQ=YES
NET0_IPMASQ_IF=default
###############################################################################
# Gateways (Default Routes)
###############################################################################
#GW0_IPADDR=$HOST0_IPADDR
GW0_IFNAME=$IF0_NAME
GW0_METRIC=1
###############################################################################
# Hostname Requires: CONFIG_HOSTNAME=YES
###############################################################################
HOSTNAME=myrouter
###############################################################################
# Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES
###############################################################################
# IP FQDN hostname alias1 alias2..
HOSTS0="$IF0_IPADDR $HOSTNAME.somewhere.net $HOSTNAME mr rtr"
HOSTS1="192.168.1.22 host2.somewhere.net host2 h2"
###############################################################################
# Domain Search Order and Name Servers Requires: CONFIG_DNS=YES
###############################################################################
DOMAINS="somewhere.net domain2.net"
DNS0=192.168.1.1
DNS1=192.168.1.2
###############################################################################
# Brief instructions for this file
###############################################################################
#
# DIRECT_SETTINGS_ONLY=(YES/NO) Default: YES
# Bypass automatic configuration using this file's settings,
# and only execute the commands in /etc/network_direct.conf
#
# VERBOSE=(YES/NO) Default: Yes
# Be verbose about settings.
#
# MAX_LOOP=(int) Default: 10
# Maximum number of incrementable entries to search for.
# IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached.
# (DNS0 - DNS7 == 8 entires)
# Setting this value too high will decrease the speed of the configuation
# system.
#
# IPFWDING_KERNEL=(YES/NO) Default: NO
# Enable IP forwarding in the kernel.
#
# IPFWDING_FW=(YES/NO) Default: NO (requires ipfwadm)
# Set firewall forwarding policy to 'allow'.
#
# CONFIG_HOSTNAME=(YES/NO) Default: NO
# Create /etc/hostname file using HOSTNAME entry.
# Any current hostname file will be **OVERWRITTEN**
#
# CONFIG_HOSTSFILE=(YES/NO) Default: NO
# Create /etc/hosts file using HOSTSx entries.
# Any current hosts file will be **OVERWRITTEN**
#
# CONFIG_DNS=(YES/NO) Default: NO
# Create /etc/resolv.conf file using DOMAINS and DNSx entries.
# Any current resolv.conf file will be **OVERWRITTEN**
#
###############################################################################
# End
###############################################################################
2) Network Configuration (direct)
This points to /etc/network_direct.conf
###############################################################################
# Direct Network Settings
###############################################################################
#Extensive firewall rules
#ipfwadm
#Forward Quake connections to an IP Masq'ed machine
#ipautofw -A -r tcp 26000 26999 -h 192.168.5.80
#ipautofw -A -r udp 26000 26999 -h 192.168.5.80
#Foward RealAudio behind IP Masq (requires ip_masq_raudio.o module)
#ipautofw -A -r udp 6970 7170 -c tcp 7070
#arp -i eth0 -Ds ip1 eth0 pub
###############################################################################
# Instructions for this file
###############################################################################
#
# This file is executed (sourced) at the very end of the master network
# initialization script. It should contain only commands to be executed
# when the network is brought up. Since it is run last you can assume
# all the interfaces and routes that are specified in /etc/network.conf
# are up and available. You can also access those variables, such as
# IF0_IPADDR=
#
# Remember this file *should not* contain daemons, like inetd or routed.
# Those are kept in /etc/init.d/netstd_init and /etc/init.d/netbase
#
# If you would prefer to not deal with making settings in /etc/network.conf
# and just explictly specify all commands to initialize the network here,
# you can do so by setting:
# DIRECT_SETTINGS_ONLY=YES
# at the top of the /etc/network.conf file.
#
###############################################################################
# End
###############################################################################
3) Super server daemon configuration (inetd.conf)
This points to /etc/inetd.conf
# /etc/inetd.conf: see inetd(8) for further informations.
#
# Internet server configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
#:INTERNAL: Internal services
#echo stream tcp nowait root internal
#echo dgram udp wait root internal
#chargen stream tcp nowait root internal
#chargen dgram udp wait root internal
discard stream tcp nowait root internal
discard dgram udp wait root internal
daytime stream tcp nowait root internal
daytime dgram udp wait root internal
time stream tcp nowait root internal
time dgram udp wait root internal
#:STANDARD: These are standard services.
#ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd
telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd
#:BSD: Shell, login, exec and talk are BSD protocols.
#shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd
#login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind
#exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd
#talk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.talkd
#ntalk dgram udp wait root /usr/sbin/tcpd /usr/sbin/in.ntalkd
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#finger stream tcp nowait nobody /usr/sbin/tcpd /usr/sbin/in.fingerd
#ident stream tcp nowait nobody /usr/sbin/identd identd -i
#:BOOT: Tftp service is provided primarily for booting. Most sites
# run this only on machines acting as "boot servers."
tftp dgram udp wait nobody /usr/sbin/tcpd /usr/sbin/in.tftpd /tmp
#bootps dgram udp wait root /usr/sbin/bootpd bootpd -i -t 120
#:RPC: RPC based services
#mountd/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.mountd
#rstatd/1-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rstatd
#rusersd/2-3 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rusersd
#walld/1 dgram rpc/udp wait root /usr/sbin/tcpd /usr/sbin/rpc.rwalld
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
#ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd -i
4) hosts.allow
/etc/hosts.allow
# /etc/hosts.allow: list of hosts that are allowed to access the system. See
# hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example: ALL: LOCAL @some_netgroup
# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
5) hosts.deny
/etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID
6) networks
/etc/networks
localnet 127.0.0.0
7) gateways
/etc/gateways
# /etc/gateways: Used by routed among others
#
#<net | host> NAME1 gateway NAME2 metric VALUE <passive | active | external>
8) routed, etc
/etc/init.d/netstd_init
#!/bin/sh
#
# Start networking daemons.
RCDLINKS="0,K03 1,K03 2,S02 3,S02 4,S02 5,S02 6,K03"
test -f /usr/sbin/routed || exit 0
case "$1" in
start)
# echo -n "Starting network routing daemon: routed"; start-stop-daemon --start --quiet --exec /usr/sbin/routed ; echo "."
;;
stop)
start-stop-daemon --stop --quiet --oknodo --exec /usr/sbin/routed
;;
*)
echo "Usage: /etc/init.d/netstd_init {start|stop}"
exit 1
esac
#### Configure IPX Routing (added by Cezar M. Meliton Jr. 12 August 1999)
#### Follow strictly the sequence
## Make sure the interfaces are UP and RUNNING
ifconfig eth0 up
ifconfig eth1 up
ifconfig eth2 up
## Configure the interfaces
ipx_interface add -p eth0 802.2 0xface8022
ipx_interface add eth0 802.3 0xface8023
ipx_interface add eth1 802.2 0x85e9b8a3
ipx_interface add eth1 802.3 0x035c168f
## Start IPXD (RIP/SAPDaemon) by the ipxripd script
/etc/init.d/ipxripd start
#### End of IPX configuration
exit 0
9) additional daemons
/etc/init.d/netstd_misc (missing)
q) Quit
Selection Prompt
2) System Settings
1) Master LRP settings. (lrp.conf)
/etc/lrp.conf
#This is the master config file for systemwide LRP functions.
#It is referenced by multicron-* and POSIXness.
# Log files in /var/log/ to rotate. DEPTH == Amount to keep.
lrp_LOGS_DAILY="daemon.log debug kern.log messages syslog user.log \
ppp.log pslave.log"
lrp_LOGS_WEEKLY="auth.log lastlog"
lrp_LOGS_MONTHLY="wtmp"
lrp_LOGS_DEPTH=4
# Host SMTP server for the 'mail' command. If blank the host 'mail' is used.
#lrp_MAIL_SERVER="smtp.mydomain.net"
# Email address to use for notices and alerts. If blank alerts won't be sent.
#lrp_MAIL_ADMIN="admin@mydomain.net"
# Server that will be contacted via 'rdate' for the time service daily.
#lrp_DATE_SERVER="date.mydomain.net"
# List of hosts to ping check. ADMIN will be sent mail if any fail.
#lrp_PING_HOSTS="router1.upstream.com server2.theirnet.org"
# SPACECHECK, will check the space available on the root device.
# If the remaining free space is <= MINKB or <= MINPER, each level
# of file mask(s) will be wiped, until the minimum available space
# is met or level 5 is reached. Files are individually null'ed
# to 0 size. They are not rm'ed. (syslogd will not be interrupted)
# When the level set in MAIL_LEVEL, is reached or exceeded, an
# alert will be sent to ADMIN. (If set)
lrp_SPACECHECK=NO # YES or NO
lrp_SC_MINKB=-1 # <= -1 to disable.
lrp_SC_MINPER=2 # >= 101 to disable. Default 2%.
lrp_SC_MAIL_LEVEL=2 # >= 6 to disable.
lrp_SC_DEL_L1="/var/log/*[4-9].gz"
lrp_SC_DEL_L2="/var/log/*[1-3].gz"
lrp_SC_DEL_L3="/var/log/*.gz"
lrp_SC_DEL_L4="/var/log/*.0"
lrp_SC_DEL_L5="/var/log/wtmp"
2) Lowest level boot-up configuration (inittab)
/etc/inittab
# /etc/inittab: init(8) configuration.
# $Id: inittab,v 1.6 1997/01/30 15:03:55 miquels Exp $
# The default runlevel.
id:2:initdefault:
# Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
si::sysinit:/etc/init.d/rcS
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin
# /etc/init.d executes the S and K scripts upon change
# of runlevel.
#
# Runlevel 0 is halt.
# Runlevel 1 is single-user.
# Runlevels 2-5 are multi-user.
# Runlevel 6 is reboot.
l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6
# Normally not reached, but fallthrough in case of emergency.
#z6:6:respawn:/sbin/sulogin
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -r now
# Action on special keypress (ALT-UpArrow).
kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
# What to do when the power fails/returns.
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop
# /sbin/getty invocations for the runlevels.
#
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
#
# Format:
# <id>:<runlevels>:<action>:<process>
1:2345:respawn:/sbin/getty 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
# Example how to put a getty on a serial line (for a terminal)
#
#T1:23:respawn:/sbin/getty -L ttyS1 19200 vt100
# Example how to put a getty on a modem line.
#
#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3
#Example how to run portslave
#
#T0:23:respawn:+/usr/sbin/portslave 0
#T1:23:respawn:+/usr/sbin/portslave 1
#T2:23:respawn:+/usr/sbin/portslave 2
#T3:23:respawn:+/usr/sbin/portslave 3
3) System wide profile (profile)
/etc/profile
# /etc/profile: system-wide .profile file for sh.
export PATH="/usr/local/bin:/usr/bin:/bin"
export LD_LIBRARY_PATH="/usr/local/lib:/usr/lib:/lib"
export HOSTNAME="$(hostname)"
export PS1="$HOSTNAME$ "
umask 022
#This fixes the backspace when telnetting in.
if [ "$TERM" != "linux" ]; then
stty erase ^H
fi
alias dir="ls"
alias vdir="ls -l"
alias d="ls"
alias v="ls -l"
alias da="ls -a"
alias va="ls -la"
alias m="more"
alias +="more"
echo
echo "Type in help if you are really lost"
echo
4) Ports root is allowed to login to. (securetty)
/etc/securetty
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
#
# Include ttyp0, ttyp1, etc to allow telnet access. *NOT RECOMMENDED*
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
5) System loggin configuration. (syslog.conf)
/etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# Log everything remotely. The other machine must run syslog with '-r'.
# WARNING: Doing this is unsecure and can open you up to a DoS attack.
#
#*.* @host.ip.address-or-name.here
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#cron.* /var/log/cron.log
#lpr.* -/var/log/lpr.log
#mail.* /var/log/mail.log
#user.* -/var/log/user.log
#uucp.* -/var/log/uucp.log
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#ppp
local2.* -/var/log/ppp.log
#portslave
local6.* -/var/log/pslave.log
6) Serial port (ttySx) configuration (0setserial)
/etc/rc.boot/0setserial
#! /bin/sh
# Initializes the serial ports on your system
#
# Distributed with setserial version 2.12
#
STD_FLAGS="autoconfig session_lockout ^fourport spd_vhi"
SETSERIAL=/bin/setserial
echo -n "Configuring serial ports.... "
${SETSERIAL} -b /dev/ttyS0 uart 16550A port 0x3F8 irq 4 ${STD_FLAGS}
${SETSERIAL} -b /dev/ttyS1 uart 16550A port 0x2F8 irq 3 ${STD_FLAGS}
echo "done."
#${SETSERIAL} -bg /dev/ttyS*
7) Service name to number translation (services)
/etc/services
# /etc/services:
# $Id: services,v 1.4 1997/05/20 19:41:21 tobias Exp $
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 19 Not all ports
# are included, only the more common ones.
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
# 24 - private
smtp 25/tcp mail
# 26 - unassigned
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
domain 53/tcp nameserver # name-domain server
domain 53/udp nameserver
mtp 57/tcp # deprecated
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
rje 77/tcp netrjs
finger 79/tcp
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
kerberos 88/tcp kerberos5 krb5 # Kerberos v5
kerberos 88/udp kerberos5 krb5 # Kerberos v5
supdup 95/tcp
# 100 - reserved
hostnames 101/tcp hostname # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE.
csnet-ns 105/tcp cso-ns # also used by CSO name server
csnet-ns 105/udp cso-ns
# unfortunately the poppassd (Eudora) uses a port which has already
# been assigned to a different service. We list the poppassd as an
# alias here. This should work for programs asking for this service.
# (due to a bug in inetd the 3com-tsmux line is disabled)
#3com-tsmux 106/tcp poppassd
#3com-tsmux 106/udp poppassd
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop-2 109/tcp postoffice # POP version 2
pop-2 109/udp
pop-3 110/tcp # POP version 3
pop-3 110/udp
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
auth 113/tcp authentication tap ident
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap2 143/tcp # Interim Mail Access Proto v2
imap2 143/udp
snmp 161/udp # Simple Net Mgmt Proto
snmp-trap 162/udp snmptrap # Traps for SNMP
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
cmip-man 163/udp
cmip-agent 164/tcp
cmip-agent 164/udp
xdmcp 177/tcp # X Display Mgr. Control Proto
xdmcp 177/udp
nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp NeXTStep NextStep # server
bgp 179/tcp # Border Gateway Proto.
bgp 179/udp
prospero 191/tcp # Cliff Neuman's Prospero
prospero 191/udp
irc 194/tcp # Internet Relay Chat
irc 194/udp
smux 199/tcp # SNMP Unix Multiplexer
smux 199/udp
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # The Quick Mail Transfer Protocol
qmtp 209/udp # The Quick Mail Transfer Protocol
z3950 210/tcp wais # NISO Z39.50 database
z3950 210/udp wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
ulistserv 372/tcp # UNIX Listserv
ulistserv 372/udp
https 443/tcp # MCom
https 443/udp # MCom
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp # Simple Network Paging Protocol
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp # Simple Asynchronous File Transfer
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster # npmp-local / DQS
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd # npmp-gui / DQS
hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
route 520/udp router routed # RIP
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # uucp daemon
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp # AFP over TCP
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
#
webster 765/tcp # Network dictionary
webster 765/udp
#
# From ``Assigned Numbers'':
#
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations. For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined. This list specifies the port used by the server process as its
#> contact port. While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.
#
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius # datametrics / old radius entry
datametrics 1645/udp old-radius # datametrics / old radius entry
sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry
radius 1812/tcp # Radius
radius 1812/udp # Radius
radacct 1813/tcp # Radius Accounting
radacct 1813/udp # Radius Accounting
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp # CVS client/server operations
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
rfe 5002/tcp # Radio Free Ethernet
rfe 5002/udp # Actually uses UDP only
cfengine 5308/tcp # CFengine
cfengine 5308/udp # CFengine
bbs 7000/tcp # BBS service
#
#
# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unofficial. Sites running
# v4 should uncomment these and comment out the v5 entries above.
#
kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp
kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
krb_prop 754/tcp # Kerberos slave propagation
krbupdate 760/tcp kreg # Kerberos registration
kpasswd 761/tcp kpwd # Kerberos "passwd"
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/udp # Zephyr hostmanager
eklogin 2105/tcp # Kerberos encrypted rlogin
#
# Unofficial but necessary (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging
#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol
#
# Services added for the Debian GNU/Linux distribution
poppassd 106/tcp # Eudora
poppassd 106/udp # Eudora
mailq 174/tcp # Mailer transport queue for Zmailer
mailq 174/tcp # Mailer transport queue for Zmailer
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd # online mirror
rmtcfg 1236/tcp # Gracilis Packeten remote config server
xtel 1313/tcp # french minitel
coda_opcons 1355/udp # Coda opcons (Coda fs)
coda_venus 1363/udp # Coda venus (Coda fs)
coda_auth 1357/udp # Coda auth (Coda fs)
coda_udpsrv 1359/udp # Coda udpsrv (Coda fs)
coda_filesrv 1361/udp # Coda filesrv (Coda fs)
codacon 1423/tcp venus.cmu # Coda Console (Coda fs)
coda_aux1 1431/tcp # coda auxiliary service (Coda fs)
coda_aux1 1431/udp # coda auxiliary service (Coda fs)
coda_aux2 1433/tcp # coda auxiliary service (Coda fs)
coda_aux2 1433/udp # coda auxiliary service (Coda fs)
coda_aux3 1435/tcp # coda auxiliary service (Coda fs)
coda_aux3 1435/udp # coda auxiliary service (Coda fs)
cfinger 2003/tcp # GNU Finger
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp # Afbackup system
icp 3130/tcp # Internet Cache Protocol (Squid)
icp 3130/udp # Internet Cache Protocol (Squid)
postgres 5432/tcp # POSTGRES
postgres 5432/udp # POSTGRES
fax 4557/tcp # FAX transmission service (old)
hylafax 4559/tcp # HylaFAX client-server protocol (new)
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses TCP (nocol)
ircd 6667/tcp # Internet Relay Chat
ircd 6667/udp # Internet Relay Chat
webcache 8080/tcp # WWW caching service
webcache 8080/udp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
tproxy 8081/udp # Transparent Proxy
mandelspawn 9359/udp mandelbrot # network mandelbrot
amanda 10080/udp # amanda backup services
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp # isdn logging system
vboxd 20012/tcp # voice box system
vboxd 20012/udp # voice box system
binkp 24554/tcp # Binkley
binkp 24554/udp # Binkley
asp 27374/tcp # Address Search Protocol
asp 27374/udp # Address Search Protocol
tfido 60177/tcp # Ifmail
tfido 60177/udp # Ifmail
fido 60179/tcp # Ifmail
fido 60179/udp # Ifmail
# Local services
8) Local timezone (timezone)
/etc/timezone
GMT
q) quit
Selection Prompt
3) Package Settings
1) Local - What is the purpose ?? Currently empty.
2) Modules
1) Modules
/etc/modules
# /etc/modules: kernel modules to load at boot time.
#
# This file should contain the names of kernel modules that are
# to be loaded at boot time, one per line. Comments begin with
# a `#', and everything on the line after them are ignored.
#
# All modules should reside in /lib/modules, and you are required
# to list what you need *in the correct order*. Modprobe is not
# used and there is no dependacy checking.
# How they are loaded: insmod /lib/module/"$module".o $args
#serial
###Some ethernet cards
#3c509
eepro io=0x300 irq=5
#3c59x
#tulip
#de4x5
###Some 8390 based ethernet cards
8390
# card1,card2
#ne io=0x300,0x350
ne2k-pci
eepro100
#e2100
###Sangoma WANPIPE cards:
#router
#sdladrv
#wanpipe
###OR (only one set!)
#dlci
#sdla
###Wireless
#wavelan
#arlan
###PPP and SLIP (bsd_comp for ppp optional)
slhc
ppp
slip
###IP Masq modules
ip_masq_ftp
ip_masq_irc
ip_masq_quake
ip_masq_raudio
ip_masq_vdolive
ip_masq_cuseeme
####IPX module for IPX routing : added by Cezar M. Meliton Jr. 14 Aug 1999
ipx
####Include FAT16/FAT32 support : added by Cezar M. Meliton Jr. 14 Aug 1999
vfat
q) Quit
Selection Prompt
b) Back-up Ramdisk
1) root
2) etc
3) log
4) local
5) modules
e) Everything EXCEPT log
l) Everything including log
t) Write to /tmp before /var/lib/lrpkg/mnt = ON
c) Confirm writes = ON
q) Quit
Selection
H) Help
1) root
2) etc
3) log
4) local
5) modules
q) Quit
Selection Prompt