mirror of https://github.com/dirtbags/moth.git
IPv6 router
This commit is contained in:
parent
71a8f95f68
commit
70d4f4d27c
2
Makefile
2
Makefile
|
@ -10,6 +10,8 @@ CACHE = cache
|
||||||
# The end result
|
# The end result
|
||||||
BIN = bin
|
BIN = bin
|
||||||
|
|
||||||
|
# Things configure likes to see
|
||||||
|
CONFIG_XCOMPILE_FLAGS = --host=i386-linux --program-transform-name=
|
||||||
|
|
||||||
all: packages
|
all: packages
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,23 @@
|
||||||
ROUTER_PKGDIR = $(TARGET)/router
|
ROUTER_PKGDIR = $(TARGET)/router
|
||||||
ROUTER_BUILDDIR = $(BUILD)/router
|
ROUTER_BUILDDIR = $(BUILD)/router
|
||||||
|
|
||||||
|
|
||||||
|
router-source: $(ROUTER_BUILDDIR)/dnsmasq-source $(ROUTER_BUILDDIR)/radvd-source
|
||||||
|
|
||||||
|
router-build: $(ROUTER_BUILDDIR)/dnsmasq-build $(ROUTER_BUILDDIR)/radvd-build
|
||||||
|
|
||||||
|
router-install: router-build
|
||||||
|
mkdir -p $(ROUTER_PKGDIR)/bin
|
||||||
|
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/bin/
|
||||||
|
|
||||||
|
cp $(RADVD_SRCDIR)/radvd $(ROUTER_PKGDIR)/bin/
|
||||||
|
cp $(RADVD_SRCDIR)/radvdump $(ROUTER_PKGDIR)/bin/
|
||||||
|
|
||||||
|
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
|
||||||
|
|
||||||
|
##
|
||||||
|
## dnsmasq
|
||||||
|
##
|
||||||
DNSMASQ_VERSION = 2.57
|
DNSMASQ_VERSION = 2.57
|
||||||
DNSMASQ_SRCDIR = $(ROUTER_BUILDDIR)/dnsmasq-$(DNSMASQ_VERSION)
|
DNSMASQ_SRCDIR = $(ROUTER_BUILDDIR)/dnsmasq-$(DNSMASQ_VERSION)
|
||||||
DNSMASQ_TARBALL = $(CACHE)/dnsmasq-$(DNSMASQ_VERSION).tar.gz
|
DNSMASQ_TARBALL = $(CACHE)/dnsmasq-$(DNSMASQ_VERSION).tar.gz
|
||||||
|
@ -10,22 +27,39 @@ $(DNSMASQ_TARBALL):
|
||||||
@ mkdir -p $(@D)
|
@ mkdir -p $(@D)
|
||||||
wget -O $@ $(DNSMASQ_URL)
|
wget -O $@ $(DNSMASQ_URL)
|
||||||
|
|
||||||
router-source: $(ROUTER_BUILDDIR)/source
|
$(ROUTER_BUILDDIR)/dnsmasq-source: $(DNSMASQ_TARBALL)
|
||||||
$(ROUTER_BUILDDIR)/source: $(DNSMASQ_TARBALL)
|
|
||||||
mkdir -p $(ROUTER_BUILDDIR)
|
mkdir -p $(ROUTER_BUILDDIR)
|
||||||
zcat $(DNSMASQ_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
|
zcat $(DNSMASQ_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
|
||||||
touch $@
|
touch $@
|
||||||
|
|
||||||
router-build: $(ROUTER_BUILDDIR)/built
|
$(ROUTER_BUILDDIR)/dnsmasq-build: $(ROUTER_BUILDDIR)/dnsmasq-source
|
||||||
$(ROUTER_BUILDDIR)/built: $(ROUTER_BUILDDIR)/source
|
|
||||||
$(MAKE) -C $(DNSMASQ_SRCDIR)
|
$(MAKE) -C $(DNSMASQ_SRCDIR)
|
||||||
touch $@
|
touch $@
|
||||||
|
|
||||||
router-install: router-build
|
|
||||||
mkdir -p $(ROUTER_PKGDIR)/sbin
|
|
||||||
cp $(DNSMASQ_SRCDIR)/src/dnsmasq $(ROUTER_PKGDIR)/sbin/
|
|
||||||
|
|
||||||
$(call COPYTREE, packages/router/service, $(ROUTER_PKGDIR)/service)
|
##
|
||||||
|
## radvd
|
||||||
|
##
|
||||||
|
RADVD_VERSION = 1.8.1
|
||||||
|
RADVD_TARBALL = $(CACHE)/radvd-$(RADVD_VERSION).tar.gz
|
||||||
|
RADVD_URL = http://www.litech.org/radvd/dist/radvd-$(RADVD_VERSION).tar.gz
|
||||||
|
RADVD_SRCDIR = $(ROUTER_BUILDDIR)/radvd-$(RADVD_VERSION)
|
||||||
|
|
||||||
|
$(RADVD_TARBALL):
|
||||||
|
@ mkdir -p $(@D)
|
||||||
|
wget -O $@ $(RADVD_URL)
|
||||||
|
|
||||||
|
$(ROUTER_BUILDDIR)/radvd-source: $(RADVD_TARBALL)
|
||||||
|
mkdir -p $(ROUTER_BUILDDIR)
|
||||||
|
zcat $(RADVD_TARBALL) | (cd $(ROUTER_BUILDDIR) && tar xf -)
|
||||||
|
touch $@
|
||||||
|
|
||||||
|
$(ROUTER_BUILDDIR)/radvd-build: $(ROUTER_BUILDDIR)/radvd-source
|
||||||
|
cd $(RADVD_SRCDIR) && ./configure $(CONFIG_XCOMPILE_FLAGS)
|
||||||
|
$(MAKE) -C $(RADVD_SRCDIR)
|
||||||
|
touch $@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
router-clean:
|
router-clean:
|
||||||
rm -rf $(ROUTER_PKGDIR)
|
rm -rf $(ROUTER_PKGDIR)
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#! /bin/sh
|
|
||||||
|
|
||||||
exec socat -u udp-listen:27844 udp-datagram:172.16.24.255:27844,broadcast
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
exec svlogd -tt $PWD
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
interface eth0 { AdvSendAdvert on; prefix fd84:b410:3441:0::/64; };
|
||||||
|
interface eth0.1 { AdvSendAdvert on; prefix fd84:b410:3441:1::/64; };
|
||||||
|
interface eth0.2 { AdvSendAdvert on; prefix fd84:b410:3441:2::/64; };
|
||||||
|
interface eth0.3 { AdvSendAdvert on; prefix fd84:b410:3441:3::/64; };
|
||||||
|
interface eth0.4 { AdvSendAdvert on; prefix fd84:b410:3441:4::/64; };
|
||||||
|
interface eth0.5 { AdvSendAdvert on; prefix fd84:b410:3441:5::/64; };
|
||||||
|
interface eth0.6 { AdvSendAdvert on; prefix fd84:b410:3441:6::/64; };
|
||||||
|
interface eth0.7 { AdvSendAdvert on; prefix fd84:b410:3441:7::/64; };
|
||||||
|
interface eth0.8 { AdvSendAdvert on; prefix fd84:b410:3441:8::/64; };
|
||||||
|
interface eth0.9 { AdvSendAdvert on; prefix fd84:b410:3441:9::/64; };
|
||||||
|
interface eth0.10 { AdvSendAdvert on; prefix fd84:b410:3441:10::/64; };
|
||||||
|
interface eth0.11 { AdvSendAdvert on; prefix fd84:b410:3441:11::/64; };
|
||||||
|
interface eth0.12 { AdvSendAdvert on; prefix fd84:b410:3441:12::/64; };
|
||||||
|
interface eth0.13 { AdvSendAdvert on; prefix fd84:b410:3441:13::/64; };
|
||||||
|
interface eth0.14 { AdvSendAdvert on; prefix fd84:b410:3441:14::/64; };
|
||||||
|
interface eth0.15 { AdvSendAdvert on; prefix fd84:b410:3441:15::/64; };
|
||||||
|
interface eth0.16 { AdvSendAdvert on; prefix fd84:b410:3441:16::/64; };
|
||||||
|
interface eth0.17 { AdvSendAdvert on; prefix fd84:b410:3441:17::/64; };
|
||||||
|
interface eth0.18 { AdvSendAdvert on; prefix fd84:b410:3441:18::/64; };
|
||||||
|
interface eth0.19 { AdvSendAdvert on; prefix fd84:b410:3441:19::/64; };
|
||||||
|
interface eth0.20 { AdvSendAdvert on; prefix fd84:b410:3441:20::/64; };
|
||||||
|
interface eth0.21 { AdvSendAdvert on; prefix fd84:b410:3441:21::/64; };
|
||||||
|
interface eth0.22 { AdvSendAdvert on; prefix fd84:b410:3441:22::/64; };
|
||||||
|
interface eth0.23 { AdvSendAdvert on; prefix fd84:b410:3441:23::/64; };
|
||||||
|
interface eth0.24 { AdvSendAdvert on; prefix fd84:b410:3441:24::/64; };
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
exec 2>&1
|
||||||
|
|
||||||
|
exec /opt/router/bin/radvd -C radvd.conf -d 1 -m stderr -p radvd.pid
|
|
@ -1,9 +1,9 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
ip addr del 10.0.0.1/16 dev eth0
|
for i in $(seq 24); do
|
||||||
|
|
||||||
for i in $(seq 48); do
|
|
||||||
ip link del link dev eth0.$i
|
ip link del link dev eth0.$i
|
||||||
done
|
done
|
||||||
|
|
||||||
|
ip link set dev eth0 down
|
||||||
|
|
||||||
iptables -F INPUT
|
iptables -F INPUT
|
||||||
|
|
|
@ -4,45 +4,20 @@ exec 2>&1
|
||||||
|
|
||||||
hostname router
|
hostname router
|
||||||
|
|
||||||
# McPhall suggested all these. I don't know what most of them do.
|
PFX=fd84:b410:3441
|
||||||
# But I do know that McPhall is a smart guy.
|
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
# We're a router
|
||||||
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
|
echo 1 > /proc/sys/net/ipv6/conf/default/forwarding
|
||||||
echo 0 > /proc/sys/kernel/randomize_va_space
|
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/all/arp_accept
|
|
||||||
echo 1 > /proc/sys/net/ipv4/conf/all/arp_filter
|
|
||||||
echo 1 > /proc/sys/net/ipv4/conf/all/arp_announce
|
|
||||||
echo 2 > /proc/sys/net/ipv4/conf/all/arp_ignore
|
|
||||||
echo 0 > /proc/sys/net/ipv4/conf/all/shared_media
|
|
||||||
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
|
|
||||||
echo 1 > /proc/sys/net/ipv4/icmp_errors_use_inbound_ifaddr
|
|
||||||
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
|
|
||||||
|
|
||||||
|
# Bring up main ethernet interface
|
||||||
# Make a huge arp table, because this is a router
|
ip addr add $PFX:0::1/64 dev eth0
|
||||||
# and people like to run nmap
|
|
||||||
|
|
||||||
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
|
|
||||||
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
|
|
||||||
|
|
||||||
# No label: dnsmasq can't cope
|
|
||||||
ip addr add 172.16.0.1/24 dev eth0
|
|
||||||
ip addr add 172.30.73.1/24 dev eth0
|
|
||||||
ip link set eth0 up
|
ip link set eth0 up
|
||||||
|
|
||||||
|
# Bring up vlans
|
||||||
for i in $(seq 24); do
|
for i in $(seq 24); do
|
||||||
ip link add link eth0 name eth0.$i type vlan id $i
|
ip link add link eth0 name eth0.$i type vlan id $i
|
||||||
ip addr add 172.16.$i.1/24 dev eth0.$i
|
ip addr add $PFX:$i::1/64 dev eth0.$i
|
||||||
ip link set eth0.$i up
|
ip link set eth0.$i up
|
||||||
done
|
done
|
||||||
|
|
||||||
iptables -P OUTPUT ACCEPT
|
|
||||||
iptables -P FORWARD ACCEPT
|
|
||||||
|
|
||||||
iptables -A INPUT -p udp --dport 53 -j ACCEPT
|
|
||||||
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
|
|
||||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
|
||||||
iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
|
|
||||||
iptables -P INPUT DROP
|
|
||||||
|
|
||||||
sleep 8100d
|
sleep 8100d
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
root:$1$xAJ7KwiU$BeKJjYGs9r/hY9Ag4qv4I1:0:0:root:/:/bin/sh
|
|
@ -1,4 +1,7 @@
|
||||||
#! /bin/sh
|
#! /bin/sh
|
||||||
|
|
||||||
exec 2>&1
|
exec 2>&1
|
||||||
|
|
||||||
|
cat passwd > /etc/passwd
|
||||||
|
|
||||||
exec dropbear -r ./rsa.key -E -F
|
exec dropbear -r ./rsa.key -E -F
|
||||||
|
|
Loading…
Reference in New Issue