Gateway Installation: Unterschied zwischen den Versionen
Aus Opennet
(→Konfiguration: Allgemeines, Netzwerk...) |
(→Konfiguration: mehr sourcen) |
||
Zeile 30: | Zeile 30: | ||
=== Konfiguration === | === Konfiguration === | ||
− | * Hostname /etc/hostname | + | * Hostname /etc/hostname + /etc/mailname |
* Zeitzone /etc/timezone -> UTC | * Zeitzone /etc/timezone -> UTC | ||
− | |||
* Kernelmodule /etc/modules | * Kernelmodule /etc/modules | ||
+ | * Dateisysteme /etc/fstab | ||
/dev/<device>1 /boot ext2 noauto,noatime 1 1 | /dev/<device>1 /boot ext2 noauto,noatime 1 1 | ||
/dev/<device>3 / xfs noatime 0 0 | /dev/<device>3 / xfs noatime 0 0 | ||
Zeile 55: | Zeile 55: | ||
provider <peername> | provider <peername> | ||
* PPP /etc/ppp/* | * PPP /etc/ppp/* | ||
− | |||
** /etc/ppp/pap-secrets -> "<account>" * "<password>" | ** /etc/ppp/pap-secrets -> "<account>" * "<password>" | ||
− | ** /etc/ppp/peers/<peername> | + | ** /etc/ppp/peers/<peername>, Defaults mit: |
− | + | logfile /var/log/pppd/qsc-dsl.log | |
+ | #defaultroute | ||
+ | hide-password | ||
+ | lcp-echo-interval 20 | ||
+ | lcp-echo-failure 3 | ||
+ | connect /bin/true | ||
+ | noauth | ||
+ | persist | ||
+ | mtu 1492 | ||
+ | noaccomp | ||
+ | default-asyncmap | ||
+ | plugin rp-pppoe.so eth0 | ||
+ | user "<account>" | ||
+ | :* ln -s /etc/ppp/peers/<peername> /etc/ppp/peers/provider | ||
+ | :* mkdir /var/log/pppd/qsc-dsl.log | ||
+ | :* /etc/ppp/ip-up.d | ||
+ | #!/bin/sh | ||
+ | # default routes | ||
+ | route add -net 0.0.0.0/1 gw $PPP_REMOTE | ||
+ | route add -net 128.0.0.0/1 gw $PPP_REMOTE | ||
+ | # uni rostock | ||
+ | route add -net 139.30.0.0/16 gw $PPP_REMOTE | ||
+ | # ipkg repositories | ||
+ | route add -host 195.56.146.238 gw $PPP_REMOTE | ||
+ | route add -host 212.91.225.42 gw $PPP_REMOTE | ||
+ | # wikipedia | ||
+ | route add -net 207.142.131.192/26 gw $PPP_REMOTE | ||
+ | route add -net 145.97.39.128/28 gw $PPP_REMOTE | ||
+ | route add -net 212.85.150.128/28 gw $PPP_REMOTE | ||
+ | # www.opennet-initiative.de | ||
+ | route add -host 212.105.204.29 gw $PPP_REMOTE | ||
+ | # rostock.de | ||
+ | route add -net 195.37.188.160/28 gw $PPP_REMOTE | ||
+ | :* /etc/ppp/ip-down.d/00routes - analog nur s/add/del | ||
* OLSR /etc/olsrd.conf, Defaults mit: | * OLSR /etc/olsrd.conf, Defaults mit: | ||
UseHysteresis no | UseHysteresis no | ||
Zeile 79: | Zeile 111: | ||
195.37.188.160 255.255.255.240 | 195.37.188.160 255.255.255.240 | ||
} | } | ||
+ | * OpenVPN |
Version vom 7. Januar 2006, 23:58 Uhr
Kurzer Leitfaden für das Aufsetzen neuer Vereinsgateways.
Inhaltsverzeichnis |
Hardware
- sinnvoll >500 Mhz CPU, >256 MB RAM
- mindestens 2 NICs
- ausreichend HD-Kapazität; ideal SCSI (z.B. U2W), alternativ IDE (mit z.B. RAID1)
Vorbereitung
- Booten, z.B. per CD oder PXE mit Knoppix
- Dateisystem:
- cfdisk /dev/<device>, z.B. /dev/hda (IDE) oder /dev/sda (SCSI)
- primäre Partitionen: 32 MB boot (Typ 83 + bootable), 500 MB swap (Typ 82), Rest für / (Typ 83)
- boot mit EXT2: mkfs.ext2 /dev/<device>1
- swap mit SWAP: mkswap /dev/<device>2
- root mit XFS: mkfs.xfs /dev/<device>3
Basisinstallation
- Debian Stable (oder Testing) installieren
- z.B. als Kopie von izumi
- Filesysteme auf izumi ggf. mounten, crontab Einträge ggf. deaktivieren (CPU-Last)
- boot einbinden: mount /dev/<device>1 /mnt/
- boot spiegeln: rsync -avz -e ssh root@izumi:/boot/ /mnt/
- root einbinden: umount /mnt; mount /dev/<device>3 /mnt/
- root spiegeln: rsync -avzlx -e ssh root@izumi:/ /mnt/
- oder per debootstap von Knoppix aus
Konfiguration
- Hostname /etc/hostname + /etc/mailname
- Zeitzone /etc/timezone -> UTC
- Kernelmodule /etc/modules
- Dateisysteme /etc/fstab
/dev/<device>1 /boot ext2 noauto,noatime 1 1 /dev/<device>3 / xfs noatime 0 0 /dev/<device>2 none swap sw 0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,ro 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0
- Ethernet /etc/network/interfaces
auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto eth1 iface eth1 inet static address 192.168.0.X netmask 255.255.0.0 network 192.168.0.1 broadcast 192.168.255.255 auto <peername> iface <peername> inet ppp provider <peername>
- PPP /etc/ppp/*
- /etc/ppp/pap-secrets -> "<account>" * "<password>"
- /etc/ppp/peers/<peername>, Defaults mit:
logfile /var/log/pppd/qsc-dsl.log #defaultroute hide-password lcp-echo-interval 20 lcp-echo-failure 3 connect /bin/true noauth persist mtu 1492 noaccomp default-asyncmap plugin rp-pppoe.so eth0 user "<account>"
- ln -s /etc/ppp/peers/<peername> /etc/ppp/peers/provider
- mkdir /var/log/pppd/qsc-dsl.log
- /etc/ppp/ip-up.d
#!/bin/sh # default routes route add -net 0.0.0.0/1 gw $PPP_REMOTE route add -net 128.0.0.0/1 gw $PPP_REMOTE # uni rostock route add -net 139.30.0.0/16 gw $PPP_REMOTE # ipkg repositories route add -host 195.56.146.238 gw $PPP_REMOTE route add -host 212.91.225.42 gw $PPP_REMOTE # wikipedia route add -net 207.142.131.192/26 gw $PPP_REMOTE route add -net 145.97.39.128/28 gw $PPP_REMOTE route add -net 212.85.150.128/28 gw $PPP_REMOTE # www.opennet-initiative.de route add -host 212.105.204.29 gw $PPP_REMOTE # rostock.de route add -net 195.37.188.160/28 gw $PPP_REMOTE
- /etc/ppp/ip-down.d/00routes - analog nur s/add/del
- OLSR /etc/olsrd.conf, Defaults mit:
UseHysteresis no LinkQualityLevel 2 Interface "eth1" { <defaults> } Hna4 { # university rostock 139.30.0.0 255.255.0.0 # ipkg repositories 195.56.146.238 255.255.255.255 212.91.225.42 255.255.255.255 # wikipedia 207.142.131.192 255.255.255.192 145.97.39.128 255.255.255.240 212.85.150.128 255.255.255.240 # www.opennet-initiative.de 212.105.204.29 255.255.255.255 # www.rostock.de 195.37.188.160 255.255.255.240 }
- OpenVPN