Well, the pain has subsided a little bit and I am pretty sure I had a good time last night. Plus I apparently got some good reviews. Anyway, the guy from work I conned into coming down said it was pretty OK. Here are the notes I accumulated while working on the router. Let me know if you post them on the ALE website and I'll put a reference on my page at http://coldread.siteless.com. 1. Making a new LRP diskette a) Use the syslinux program in /usr/syslinux-1.43 to create a bootable syslinux diskette: cd /usr/syslinux-1.43 syslinux /dev/fd0h1440 b) Copy the lrp syslinux configuration files onto it: cd /usr/lrp/syslinux mcopy syslinux.cfg a: mcopy syslinux.dpy a: c) Copy the lrp packages onto it (there should be five: etc.lrp,log.lrp,modules.lrp,ppp.lrp, and root.lrp) cd /usr/lrp/rootpkg mcopy *.lrp a: d) Copy the appropriate kernel file. For colt, this is the kernel _without_ FP emulation. Pentia and '486 DX+ should use this one; lower ones should use 2.0.36pre2-1LRP.FPU-zImage. The image must be copied to the filename "linux" on the diskette. cd /usr/lrp/2.0.36pre2 mcopy 2.0.36pre2-1-LRP.zImage a:linux e) Try it out! 2. Problems encountered First, catch your chicken You will need at root access on a machine running linux as well as your router in order to do this thing. A machine running the Debian distribution is a definite convenience. LRP uses libc6, so if you plan to make(1L) anything you'll have to have access to something that uses glibc Programs on the older libc5 will give "not found" messages on LRP when you attempt to run them. Another machine running MS-DOG may prove handy for checking whether diskettes are OK or for formatting diskettes so that LRP can read them. a) Hardware level: Wrong drivers for ethernet card (Toms root boot helps) No serial.o in modules library ("Operation not supported" msg) Shared Libraries differ on LRP and my Slackware distribution; "not found" message on trying to run binaries. Use ldd to find out about this. b) LRP level: After you change the password, you may find that root pkg rebuilt on another machine won't allow you to log in. This is because when you rebuild the root package, you must _be_ root on the machine on which you build it. Failing that, you must use find(1L) to chown everything in the root package directory tree to root. Then it will work. There may be a more precise way to handle the specific login problem, but you will avoid all privilege problems associated with the root package in this way. c) PPP level: Get ppp.lrp; do not try this at home folks. Chat script to modem: atz forces modem to ignore rest of "AT" command sentence Chat script to compuserve: backslash ("\") on username/password causes chat to kill 1st character of password. Result is a "not 8-bit clean" message from ppp. Inscrutable. PPP will automagically shift over to 8-N-1 parity even if you log in to the PDN at 7-1-E parity. The "Not 8-bit-clean" message almost always means your chat script has failed. Make sure that the firewall is properly configured in the /etc/ppp/ip-up script. If not, you will have problems adding another machine or two onto your home network. I originally allowed only packets from caterpiller through the ipfwadm firewall; when I added another machine on the same network, it would bring the PPP connection up but not actually forward packets. It was only after I changed the firewall rules to allow _all_ packets from 192.168.1.* through that things started working. Be sure also to flush all firewall rules every time (ipfwadm -F -f) if you are adding firewall rules through ip-up. Otherwise, you will just keep appending the same rule over and over. A bad thing. d) Networking level Comment out the "CONSOLE" line in /etc/login.defs if you wish to telnet into your router. Or better, edit /etc/securetty to add the ptys. Be sure to change the password away from the default. e) Adding diald Big problem: no easily available lrp packages. So I decided to create them. I am still running RedHat 1994 release, so I cannot compile source to run on LRP, which is derived from a more recent Debian release. I find the Debian diald package, but you cannot open dpkg packages with shell commands. And the Debian package manager source comes in -- guess what -- a dpkg package. A friend of mine has a redhat 5 distribution running on a spare PC. I find a tgz debian package manager and hack it a little. Turns out that I need to install a single shared object and the program "dpkg-deb". I do that, and I'm then able to rip open the Debian packages and re-tar/gzip them so I can read and write them. Once I do that, I can create LRP packages from the files which run on LRP linux. I create a diald package and successfully load it onto colt. f) Hardware Fun But the floppy goes bad. It takes me a while to re-create my /etc/diald/diald.options file. You must have the "include/etc/diald/standard.filter" line in the options file, or diald will simply ignore all outbound packets and as a result never pop the pppd program. Make sure that every file reference in the options file is from root as well, since diald shells have no paths. Hence, "chat ..." will not work for the connect command; it has to be "/sbin/chat ...". Do not include the "-v" flag when you start using the router; it will write your password to the logs. This could be bad. More Hardware Fun: So when the CMOS memory gives a CRC error, it goes back to the factory default configuration of 1 1.2 meg floppy on drive A:. The result is that LRP boots OK, but then puts "Installing - etc(nf!) log(nf!) modules(nf!) ppp(nf!) -finished", complains that the inittab file is not found, and goes to a "runlevel" prompt. This is not useful. g) Adding /dev/fd1* I had to edit /var/lib/lrpkg/root.dev.mk and /var/lib/lrpkg/root.dev.own in order to add the /dev/fd1* devices when I tied a new floppy drive to colt. Make sure that the minor device numbers on the fd1* devices are 1 more than their counterparts on fd0*. And make sure the proper chown(1L) command gets added to /var/lib/lrpkg/root.dev.own as well. You can copy it from the chown(1L) command for /dev/fd0*. 3. Useful scripts & tips a) Loading packages by hand I had to develop packages (see note 2e above). So I wrote this script to manually load a package off either fd0 or fd1: DEV=$1 PKG=$2 MOUNTED=`mount | grep $DEV` PKGFILE=/var/lib/lrpkg/packages if test -z "$MOUNTED" then mount -o ro -t msdos $DEV /mnt fi cd / echo Loading package $PKG.. gunzip < /mnt/$PKG.lrp | untar ECHOED=`grep $PKG $PKGFILE` if test -z $ECHOED then echo $PKG >> $PKGFILE fi if test -z "$MOUNTED" then umount /mnt fi It is smart enough not to add the same package to the /var/lib/lrpkg/packages file twice, and also smart enough to leave the mounts where it found them. It does still mount everything on /mnt, though. b) Loading packages from /dev/fd1 The LRP boot scripts are copied from the Debian distribution, and can be charitably described as baroque. The /etc/init.d/rcS script walks through each /etc/rc[0,1,2,3,4,5].d directory, running all scripts it finds in them in sorted order as the run levels change. It then runs everything in "/etc/rc.boot" 'for compatibility', as the script says. I tried loading packages from /etc/rc.boot, but my loader did not get saved when I backed up root to diskette. Guess that's part of the etc package. A closer look at /etc/init.d/rcS revealed a hook for running a script _before_ the load level scripting mechanism kicks in. The /etc/init.d/rcS script runs a "/sbin/unconfigured.sh" if present then. Here's what mine looks like, with some error reporting stuff added in: #! /bin/bash MOUNTPT=/mntfd1 FD1PKGFILE=/var/lib/lrpkg/pkgsfd1 MAINPKGFILE=/var/lib/lrpkg/packages SYSTEMLOG=/var/log/syslog notifyError () { echo /sbin/unconfigured.sh: $* >> $SYSTEMLOG echo $* } # # Main line starts here. # if ! mount -o ro -t msdos /dev/fd1h1440 ${MOUNTPT} then notifyError fd1 is broken or not inserted. exit fi echo Loading packages from fd1.. echo Loading packages from fd1 >> $SYSTEMLOG (cat ${FD1PKGFILE}; echo) | #Make sure of lf at end of pkgs file while read PKGNAME args do echo "${PKGNAME} -" REALPKGNAME=${MOUNTPT}/${PKGNAME}.lrp if [ -f ${REALPKGNAME} ] then gunzip < ${REALPKGNAME} | untar echo ${PKGNAME} >> ${MAINPKGFILE} else notifyError Cannot find ${REALPKGNAME} on disk fd1. fi done umount ${MOUNTPT} Because it was in /sbin, the script got saved when I asked lrcfg to save the root package. This script loads all the lrp packages before the rest of the /erc/rc*.d scripts run, thus ensuring that any rc*d/ scripts loaded by the packages will in fact kick off at the proper time. It does require the /var/lib/pkgsfd1 file, and the /mntfd1 directory. But lrcfg saved those files correctly when I asked it to save the root package. This also makes lrcfg assume that everything is in /dev/fd0 for backup purposes. But moving the diskette from the second floppy to the first is not that difficult. b1) More adventures with boot scripts So the diald script would not run with a link only into /etc/rc4.d. Rather than figuring out where it was supposed to be, I added links to /etc/init.d/diald into every init level script, as cron was configured. This did force diald to be executed only once. What fun. c) Loading addons Early on, I ran out of room for minicom or tcpdump on my boot floppy. But I still needed them to debug ppp. So I wrote this addon loader: MOUNTDIR=/root/floppy ROOTDIR=/root TGZ=tar.gz mkdir ${MOUNTDIR} mount -o ro -t msdos /dev/fd0h1440 ${MOUNTDIR} cp $MOUNTDIR/$1.tgz ${ROOTDIR}/$1.${TGZ} gunzip < ${ROOTDIR}/$1.${TGZ} > ${ROOTDIR}/$1.tar tar -xvf ${ROOTDIR}/$1.tar rm ${ROOTDIR}/$1.tar rm ${ROOTDIR}/$1.${TGZ} umount ${MOUNTDIR} It is a little naive -- I did not know about the "/mnt" directory then, so it creates its own mountpoint, for example. But it did the job and saved some keystrokes. This only gets the addon into memory; changing to the correct directory, typing in "install" and configuring it are still your job. Of course, if you back up root to your boot device while the addon is loaded, you will run out of space there. d) Named Everything you know about named is wrong. The format of the named.conf file given in all of the Debian documentation is out of date. The One True Format is in the latest bind howto; all else is a snare and a delusion. But once you get the right format into the conf files, all else is simple. This changes the behavior of ping(1) so that it tries to connect only on the actual ping to a site you have visited during this run of named. This means that ping(1) will give counts of lost packets when you try it the first time from diald. Setting up a domain of your own is not impossible, but it requires great care. I spent an hour or so with named claiming it could not read my SOA record before I realized that you _must_ have both a domain name _and_ a domain maintainer email address on the first line of the SOA record. Otherwise, named simply refuses to recognize the whole thing. Named does solve another dread problem though. When it comes up, it normally makes a call outside the machine. This works around a bug in diald016, where the first call out must be made from the router before IP masquerade will kick in. The Final Major Problem (22 July 1999). I have ping, telnet, and ftp from my stepdaughter's Lose95 box. But when I try to run Microsoft Internet Explorer 5, it just hangs. I find one message on the LRP mailing list, which says "ftp, telnet, no HTTP...", but no replies. I email the guy, and he mumbles something about DNS. I double-check that my stepdaughter's computer is not in fact using an HTTP proxy server, and find to my disappointment that it's not. But I don't have a reverse DNS database file set up for my private network yet, so I decide to try setting that up. After I set up "tomshiro.rev-lan", with PTR records for everything in the house, Microsoft's browser works without a hitch. As does AIM. Phew. It is OVER. 24 Jul 1999 Final Adjustments. Remove "-v" from chat invocation in diald options file so that my compuserve password does not show up in syslog. Put "M0" into actual chat script so that I don't have to hear the modem screech every time I make a connection. 24 Oct 1999 rexecd. I have to put this on to keep my wife happy by providing a way to down the connection from pollywog. Got rexecd off the Debian distribution. Installed it, uncommented the rexecd line in /etc/inetd.conf, got hosts.allow halfway figured out. Then spent a fruitless few hours trying to make rsh talk to it. Wrong client. The real client is "rexec", which has no man page nor any hint of its existence on my current distribution. Hacked pollywog back on the network to test with its OS/2 rexec client, but found a named problem. In fixing the named problem, trashed my auxiliary diskette. Ah, the joys of Computer Science. 30 Oct 1999 Got rexec working. The named problem was basically fog in the cockpit. I fixed a minor problem in the reverse resolution file, but the real problem was that when the /etc/hosts.deny file is set to "ALL:PARANOID", then tcpd expects for the name of any system attempting to log in with rexec or telnet to be in the /etc/hosts file, regardless of any other name database. After I figured this out, I also found that rexecd will refuse root logins. I created another user on lrp, but it told me that ash could not load a library which was in fact in /lib. After some futile wrangling, I found that the only valid group on the system is 0 -- the root group. Once I changed my new user to the root group, it started working. Because diald is not running as this user, I also had to chmod +s /bin/kill in order to let it signal the diald daemon. A hideous security hole, but for a router, who cares? 31 Oct 1999 Everything works. But I cannot back up root because I have loaded enough stuff into memory that there's not enough "free space" to compress the root archive. So the answer is to carefully delete stuff from non-root packages until I have enough free space to compress the rest. A ticklish business. 1) How I Became a K00L L1NUX D00D by hacking together a Linux Router Why do it yourself? a) Have fun playing with strange toys b) Don't spend a lot of money c) Gain Status (become K00L D00D) d) Learn UNIX, Linux, and TCP/IP, become consultant, earn lots of money and meet beautiful women. e<) Spend hours hunched over tiny desk while beautiful sun shines in the Big Room and beautiful women sun themselves at beach 2) Possible Internet Routing Solutions a) The $60 NT solution (great if you already have a spare NT box) b) Radio IP Home Networking devices ($100+ each, 1 MB per second speeds) c) Just putting a modem on every machine in the house (All is well 'til the fateful day when you must change ISPs..) 3) Why have an internet Router at home? a) Isolate your machines from your ISP b) Have a single point for upgrading hardware, internet access c) Have a centralized naming service for your network d) A PC is on 24 x 7 for household automation i) X10 and crontab 4) First, Catch Your Chicken: needed equipment (The Descent into Used Computer Heaven) a) Linux Router Box: 16 megs+, 80486 DX 66+, network card, 14400 or better modem, 2 floppies, case, power supply, cheapest possible video card, monitor & keyboard (borrow these) b) Linux development box 8 megs, '486, net card, glibc. Debian a good choice, but not necessary. No need for X. c) Client boxes (Whatever) d) Possible Sources of Supply (Homebrew beer distribution, 'free' lunches, company rummage piles, used computer equipment stores, groveling and begging, etc) 5) First Hardware Steps: Makin' stuff work a) You must install a video card. Bummer. b) Configure CMOS c) Figuring out a bell that works -- danger, don't short pins while power is on. d) Install network card and modem e) Use tom's root boot or MS-DOS to verify boot from diskette. 6) First Software Steps: getting to a login prompt a) Ignore Idiot Image b) syslinux c) Copy kernel to diskette (mcopy) d) Copy lrp files to diskette (mcopy) e) Pitfalls and Traps for the Unwary 7) Modules -- making linux run all your hardware a) ethernet drivers b) serial drivers c) ip forwarding drivers d) Pitfalls and traps for the Unwary... 8) The Universe You Are In a) Solid State -- you must write changes to diskette b) make backups. Make Backups. MAKE BACKUPS! b) A surprising amount of stuff is available -- basic commands, scripting, etc. 9) Changing The Universe -- useful scripts a) ldtgz -- load a tgz package b) ldpkg -- load a real package 10) Getting PPP to work a) Find LRP image b) Find "minicom" tgz image c) Make Chat Script i) Minicom Fun ii) Pitfalls and Traps for the Unwary d) Write a script to kick off ppp 11) Getting IP Masquerade to work a) Compiled into kernel b) ipfwadm and ip-up script b) Pitfalls and Traps for the Unwary 12) Oh No, I have run out of room! a) Possible solutions i) Expensive Storage: ZIP drives, 2.88 meg floppies, et cetera. ii) A cheap Hard Drive b) Loading Packages from the Second Floppy c) The "unconfigured.sh" script d) Do you Need to Change lrcfg? Depends.. 13) Getting diald to work a) Make an LRP yerself i) How LRP packages work -- briefly b) Pitfalls and Traps for the Unwary c) The Joys of init 14) Getting DNS to work a) Find an LRP package b) Add rc?.d pointers to etc/init.d/bind b) Pitfalls and traps for the Unwary 15) Security a) Take "-v" out of chat line in your diald.options file (to prevent ISP password from showing up in syslogs) b) The Most Security is Not Being Connected. Use diald.0.99 to manage your cable modem. 16) Living With Your Router a) cron scripts b) Getting your Family to go through the router c) The Joys of ping(1) and Lose95 d) Takin' off your monitor e) Add "M0" to chat script to quiet your modem down if you wish f) Take Good Notes. Spread the Joy of Linux. << Slide 1>> How I became A K00l L9ux D00d with the Linux Router Project Charles Shapiro 9 December 1999 << Slide 2>> Why Do It Yourself? Fun! Cheap! Learn networking, UNIX, become K00l D00d <> Home Internet Solutions <> Put a modem on every machine <> Let Them Eat Cake <> The Path of Righteousness <> First, catch your Chicken 16 MB+ 80486 DX 66 + NIC, Modem, 1.44 meg floppy drive Another linux machine Client machine(s) <> Making Stuff Work You Must Install A Video Card Configure CMOS Bell Install NIC & Modem <> Getting to a login: prompt Ignore Idiot Image Pitfalls: Access Problems Libc5 and glibc <> The Joy of Modules Proper Serial Driver Proper ethernet driver IP Forwarding Driver <> The World Of Linux Router Project Real Linux Solid State Packages And Scripts Make Backups! <> Changing Your World <> Useful Scripts Load a package PKG=$2 DEV=$1 if [ ${2:-nothing} = nothing ] then PKG=$1 DEV=/dev/fd0h1440 fi MOUNTED=`mount | grep $DEV` PKGFILE=/var/lib/lrpkg/packages if test -z "$MOUNTED" then mount -o ro -t msdos $DEV /mnt fi cd / echo Loading package $PKG.. gunzip < /mnt/$PKG.lrp | untar ECHOED=`grep $PKG $PKGFILE` if test -z $ECHOED then echo $PKG >> $PKGFILE fi if test -z "$MOUNTED" then umount /mnt fi <> Load a TGZ File MOUNTDIR=/root/floppy ROOTDIR=/root TGZ=tar.gz mkdir ${MOUNTDIR} mount -o ro -t msdos /dev/fd0h1440 ${MOUNTDIR} cp $MOUNTDIR/$1.tgz ${ROOTDIR}/$1.${TGZ} gunzip < ${ROOTDIR}/$1.${TGZ} > ${ROOTDIR}/$1.tar tar -xvf ${ROOTDIR}/$1.tar rm ${ROOTDIR}/$1.tar rm ${ROOTDIR}/$1.${TGZ} umount ${MOUNTDIR} <> Getting PPP To Work Find LRP Image Find "minicom" tgz image Make Chat Script (minicom) Write Manual PPP start script <> A Sample Manual PPP Start Script /usr/sbin/pppd connect "chat -v -f /etc/ppp/ppp.chatscript" /dev/ttyS1 \ defaultroute <> Making IP Masquerade Work Already Compiled into kernel ip-up script and ipfwadm Ways to Hurt Yourself <> Oh No! I have Run Out of Room! Possible Solutions to the Space Problem Expensive Storage Cheap Hard Disk Second Floppy <> Loading Packages from The Second Floppy Do you need to change lrcfg? <> The "unconfigured.sh" Script MOUNTPT=/mntfd1 FD1PKGFILE=/var/lib/lrpkg/pkgsfd1 MAINPKGFILE=/var/lib/lrpkg/packages SYSTEMLOG=/var/log/syslog notifyError () { echo /sbin/unconfigured.sh: $* >> $SYSTEMLOG echo $* } # # Main line starts here. # if ! mount -o ro -t msdos /dev/fd1h1440 ${MOUNTPT} then notifyError fd1 is broken or not inserted. exit fi echo Loading packages from fd1.. echo Loading packages from fd1 >> $SYSTEMLOG (cat ${FD1PKGFILE}; echo) | #Make sure of lf at end of pkgs file while read PKGNAME args do echo "${PKGNAME} -" REALPKGNAME=${MOUNTPT}/${PKGNAME}.lrp if [ -f ${REALPKGNAME} ] then gunzip < ${REALPKGNAME} | untar echo ${PKGNAME} >> ${MAINPKGFILE} else notifyError Cannot find ${REALPKGNAME} on disk fd1. fi done umount ${MOUNTPT} <> Getting Diald to work Making Your Own LRP Package The Joys of init.. <> Getting Domain Name Server to work Find an LRP package Add rc?.d pointers to /etc/init.d/bind <> Security Take "-V" out of your diald.options The Best Security is a pair of Diagonal Cutters <> Living With Your Router Cron Scripts Getting Your Family to Use Your Router The Joys of ping(1) and Lose95 Add "M0" to chat script for quieter connects Setting Up rexecd for forced disconnects <> Useful Websites Linux Router Project: http://www.linuxrouter.org/ Tom's Root/Boot: http://www.toms.net/~toehser/rb/ (Gratuitous Plug) http://coldread.siteless.com <> Take Good Notes. "Embedding the Bird for the Good of All Humanity" <> Linux Router Project -- configuration menu 1 ) Network settings 2 ) System settings 3 ) Package settings b) Back-up ramdisk h) Help q) quit ------------------------------------------------ Selection: <> The volume label in drive A is Al. Directory of A:\ LINUX 358760 5-19-99 10:01p LDLINUX SYS 5480 5-19-99 10:03p SYSLINUX CFG 181 5-22-99 7:06p SYSLINUX DPY 697 5-19-99 10:03p ETC LRP 38127 10-30-99 5:03p LOG LRP 636 5-19-99 10:04p MODULES LRP 58393 6-08-99 9:29p ROOT LRP 854279 10-31-99 10:28a PPP LRP 59381 10-31-99 12:10p 9 file(s) 1375934 bytes used 79360 bytes free <> The volume label in drive A is Ab. Directory of A:\ BIND LRP 290233 12-10-99 7:08p DIALD LRP 38602 12-10-99 7:08p REXEC LRP 4645 12-10-99 7:08p LRPOUTL TXT 3975 12-10-99 7:09p LRPNOTES TXT 14397 12-10-99 7:09p 5 file(s) 351852 bytes used 1104384 bytes free