mirror of https://github.com/dirtbags/moth.git
IPv6 router
This commit is contained in:
parent
103688df85
commit
17d0544c1e
2
Makefile
2
Makefile
|
@ -10,6 +10,8 @@ CACHE = cache
|
|||
# The end result
|
||||
BIN = bin
|
||||
|
||||
# Things configure likes to see
|
||||
CONFIG_XCOMPILE_FLAGS = --host=i386-linux --program-transform-name=
|
||||
|
||||
all: packages
|
||||
|
||||
|
|
|
@ -1,6 +1,23 @@
|
|||
ROUTER_PKGDIR = $(TARGET)/router
|
||||
ROUTER_BUILDDIR = $(BUILD)/router
|
||||
|
||||
|
||||
router-source: $(ROUTER_BUILDDIR)/dnsmasq-source $(ROUTER_BUILDDIR)/radvd-source
|
||||
|
||||
router-build: $(ROUTER_BUILDDIR)/dnsmasq-build $(ROUTER_BUILDDIR)/radvd-build
|
||||
|
||||
router-install: router-build
|
||||
mkdir -p $(ROUTER_PKGDIR)/bin
|
||||
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/bin/
|
||||
|
||||
cp $(RADVD_SRCDIR)/radvd $(ROUTER_PKGDIR)/bin/
|
||||
cp $(RADVD_SRCDIR)/radvdump $(ROUTER_PKGDIR)/bin/
|
||||
|
||||
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
|
||||
|
||||
##
|
||||
## dnsmasq
|
||||
##
|
||||
DNSMASQ_VERSION = 2.57
|
||||
DNSMASQ_SRCDIR = $(ROUTER_BUILDDIR)/dnsmasq-$(DNSMASQ_VERSION)
|
||||
DNSMASQ_TARBALL = $(CACHE)/dnsmasq-$(DNSMASQ_VERSION).tar.gz
|
||||
|
@ -10,22 +27,39 @@ $(DNSMASQ_TARBALL):
|
|||
@ mkdir -p $(@D)
|
||||
wget -O $@ $(DNSMASQ_URL)
|
||||
|
||||
router-source: $(ROUTER_BUILDDIR)/source
|
||||
$(ROUTER_BUILDDIR)/source: $(DNSMASQ_TARBALL)
|
||||
$(ROUTER_BUILDDIR)/dnsmasq-source: $(DNSMASQ_TARBALL)
|
||||
mkdir -p $(ROUTER_BUILDDIR)
|
||||
zcat $(DNSMASQ_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
|
||||
touch $@
|
||||
|
||||
router-build: $(ROUTER_BUILDDIR)/built
|
||||
$(ROUTER_BUILDDIR)/built: $(ROUTER_BUILDDIR)/source
|
||||
$(ROUTER_BUILDDIR)/dnsmasq-build: $(ROUTER_BUILDDIR)/dnsmasq-source
|
||||
$(MAKE) -C $(DNSMASQ_SRCDIR)
|
||||
touch $@
|
||||
|
||||
router-install: router-build
|
||||
mkdir -p $(ROUTER_PKGDIR)/sbin
|
||||
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/sbin/
|
||||
|
||||
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
|
||||
##
|
||||
## radvd
|
||||
##
|
||||
RADVD_VERSION = 1.8.1
|
||||
RADVD_TARBALL = $(CACHE)/radvd-$(RADVD_VERSION).tar.gz
|
||||
RADVD_URL = http://www.litech.org/radvd/dist/radvd-$(RADVD_VERSION).tar.gz
|
||||
RADVD_SRCDIR = $(ROUTER_BUILDDIR)/radvd-$(RADVD_VERSION)
|
||||
|
||||
$(RADVD_TARBALL):
|
||||
@ mkdir -p $(@D)
|
||||
wget -O $@ $(RADVD_URL)
|
||||
|
||||
$(ROUTER_BUILDDIR)/radvd-source: $(RADVD_TARBALL)
|
||||
mkdir -p $(ROUTER_BUILDDIR)
|
||||
zcat $(RADVD_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
|
||||
touch $@
|
||||
|
||||
$(ROUTER_BUILDDIR)/radvd-build: $(ROUTER_BUILDDIR)/radvd-source
|
||||
cd $(RADVD_SRCDIR) && ./configure $(CONFIG_XCOMPILE_FLAGS)
|
||||
$(MAKE) -C $(RADVD_SRCDIR)
|
||||
touch $@
|
||||
|
||||
|
||||
|
||||
router-clean:
|
||||
rm -rf $(ROUTER_PKGDIR)
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec socat -u udp-listen:27844 udp-datagram:172.16.24.255:27844,broadcast
|
|
@ -0,0 +1,4 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec svlogd -tt $PWD
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
interface eth0 { AdvSendAdvert on; prefix fd84:b410:3441:0::/64; };
|
||||
interface eth0.1 { AdvSendAdvert on; prefix fd84:b410:3441:1::/64; };
|
||||
interface eth0.2 { AdvSendAdvert on; prefix fd84:b410:3441:2::/64; };
|
||||
interface eth0.3 { AdvSendAdvert on; prefix fd84:b410:3441:3::/64; };
|
||||
interface eth0.4 { AdvSendAdvert on; prefix fd84:b410:3441:4::/64; };
|
||||
interface eth0.5 { AdvSendAdvert on; prefix fd84:b410:3441:5::/64; };
|
||||
interface eth0.6 { AdvSendAdvert on; prefix fd84:b410:3441:6::/64; };
|
||||
interface eth0.7 { AdvSendAdvert on; prefix fd84:b410:3441:7::/64; };
|
||||
interface eth0.8 { AdvSendAdvert on; prefix fd84:b410:3441:8::/64; };
|
||||
interface eth0.9 { AdvSendAdvert on; prefix fd84:b410:3441:9::/64; };
|
||||
interface eth0.10 { AdvSendAdvert on; prefix fd84:b410:3441:10::/64; };
|
||||
interface eth0.11 { AdvSendAdvert on; prefix fd84:b410:3441:11::/64; };
|
||||
interface eth0.12 { AdvSendAdvert on; prefix fd84:b410:3441:12::/64; };
|
||||
interface eth0.13 { AdvSendAdvert on; prefix fd84:b410:3441:13::/64; };
|
||||
interface eth0.14 { AdvSendAdvert on; prefix fd84:b410:3441:14::/64; };
|
||||
interface eth0.15 { AdvSendAdvert on; prefix fd84:b410:3441:15::/64; };
|
||||
interface eth0.16 { AdvSendAdvert on; prefix fd84:b410:3441:16::/64; };
|
||||
interface eth0.17 { AdvSendAdvert on; prefix fd84:b410:3441:17::/64; };
|
||||
interface eth0.18 { AdvSendAdvert on; prefix fd84:b410:3441:18::/64; };
|
||||
interface eth0.19 { AdvSendAdvert on; prefix fd84:b410:3441:19::/64; };
|
||||
interface eth0.20 { AdvSendAdvert on; prefix fd84:b410:3441:20::/64; };
|
||||
interface eth0.21 { AdvSendAdvert on; prefix fd84:b410:3441:21::/64; };
|
||||
interface eth0.22 { AdvSendAdvert on; prefix fd84:b410:3441:22::/64; };
|
||||
interface eth0.23 { AdvSendAdvert on; prefix fd84:b410:3441:23::/64; };
|
||||
interface eth0.24 { AdvSendAdvert on; prefix fd84:b410:3441:24::/64; };
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec 2>&1
|
||||
|
||||
exec /opt/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid
|
|
@ -1,9 +1,9 @@
|
|||
#! /bin/sh
|
||||
|
||||
ip addr del 10.0.0.1/16 dev eth0
|
||||
|
||||
for i in $(seq 48); do
|
||||
for i in $(seq 24); do
|
||||
ip link del link dev eth0.$i
|
||||
done
|
||||
|
||||
ip link set dev eth0 down
|
||||
|
||||
iptables -F INPUT
|
||||
|
|
|
@ -4,45 +4,20 @@ exec 2>&1
|
|||
|
||||
hostname router
|
||||
|
||||
# McPhall suggested all these. I don't know what most of them do.
|
||||
# But I do know that McPhall is a smart guy.
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
PFX=fd84:b410:3441
|
||||
|
||||
# We're a router
|
||||
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
|
||||
echo 0 > /proc/sys/kernel/randomize_va_space
|
||||
echo 0 > /proc/sys/net/ipv4/conf/all/arp_accept
|
||||
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
|
||||
echo 1 > /proc/sys/net/ipv4/conf/all/arp_announce
|
||||
echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
|
||||
echo 0 > /proc/sys/net/ipv4/conf/all/shared_media
|
||||
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
|
||||
echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
|
||||
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
||||
|
||||
|
||||
# Make a huge arp table, because this is a router
|
||||
# and people like to run nmap
|
||||
|
||||
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
|
||||
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
|
||||
|
||||
# No label: dnsmasq can't cope
|
||||
ip addr add 172.16.0.1/24 dev eth0
|
||||
ip addr add 172.30.73.1/24 dev eth0
|
||||
# Bring up main ethernet interface
|
||||
ip addr add $PFX:0::1/64 dev eth0
|
||||
ip link set eth0 up
|
||||
|
||||
# Bring up vlans
|
||||
for i in $(seq 24); do
|
||||
ip link add link eth0 name eth0.$i type vlan id $i
|
||||
ip addr add 172.16.$i.1/24 dev eth0.$i
|
||||
ip addr add $PFX:$i::1/64 dev eth0.$i
|
||||
ip link set eth0.$i up
|
||||
done
|
||||
|
||||
iptables -P OUTPUT ACCEPT
|
||||
iptables -P FORWARD ACCEPT
|
||||
|
||||
iptables -A INPUT -p udp --dport 53 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
|
||||
iptables -P INPUT DROP
|
||||
|
||||
sleep 8100d
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
root:$1$xAJ7KwiU$BeKJjYGs9r/hY9Ag4qv4I1:0:0:root:/:/bin/sh
|
|
@ -1,4 +1,7 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec 2>&1
|
||||
|
||||
cat passwd > /etc/passwd
|
||||
|
||||
exec dropbear -r ./rsa.key -E -F
|
||||
|
|
Loading…
Reference in New Issue