yyljt
发表于 2004-3-10 17:56:14
不用改的我省了,比较重要的.
kubilezy
发表于 2004-3-11 02:01:28
呵呵,,好东西。。我想试这个路由。。。感谢YYLJT的配置文件。。。
config拷出来用EDIT 修改。。。FIREWALL 和LINUX的iptables 的命令通用吧
???????????
FLOPPYFW不是可以挂很多扩展包吗? 请问YYLJT 都试用过吗。配置复杂吗?
那位朋友感觉哪个包比较常用的。介绍一下
kubilezy
发表于 2004-3-11 10:59:11
QUOTE
config配置
#
# Configuration for floppyfw
#
# Fill in the blanks.
#
# For configuring of modules to use,# this includes the network interfaces: /modules.lst
# For configuring firewall rules and incoming traffic: /firewall.ini
# For configuring extra network interfaces you may use netwirk.ini
#
# Outside network:
#
#
# DHCP is the hook for the DHCP-client for the outside interface.# If used, you may have hangups of connections when the client has
# to get a new IP-address.
#
# EXTERNAL is a hook for booting a external startup script from a package.
# the external script has to be in /etc/ext-up.init
#
# For fixed IP setup, set the address and stuff a few sections below.
#下面三种方式选择一种没有'#'的是有效的。pppoe 方式有效。
#
#专线如光缆、网线上网
#OUTSIDE_IP=
#由isp提供的DHCP方式上网我想比较少吧
#OUTSIDE_IP=DHCP
#使用pppoe上网如ADSL
OUTSIDE_IP=EXTERNAL
## The external script can need you to add your username and password, as
# the PPPoE package does. This is where you can add that.
#如果有pppoe则填上用户名与密码。
USER_IDENT=
USER_PASSWORD=
#
# eth0 default device.
#
OUTSIDE_DEV=eth0
#
# Not nescessary to set these if you are using DHCP
#如果专线则填上提供给你的ip与掩码
OUTSIDE_NETMASK=
OUTSIDE_NETWORK=
#不知道可以不写
OUTSIDE_BROADCAST=
# MAC address for outside nic
# Some ISPs uses bootp style dhcp tables and some just remembers the last
# used MAC address. this allows you to swap nics
# OUTSIDE_MAC=00:00:e8:48:6c:cb
## Your inside network, this has 10.42.42.* set as default, this is# addresses assigned for internal networks according to RFC 1918.
#
# eth1 is the default device for the internal network.
#
INSIDE_IP=192.168.0.1
INSIDE_DEV=eth1
INSIDE_NETWORK=192.168.0.0
INSIDE_NETMASK=255.255.255.0
INSIDE_BROADCAST=192.168.0.255
#
# Misc
# These are not nescessary to set if you are using DHCP.
# (The DOMAIN field might be useful to change)
#
#专线 提供给你的网关
DEFAULT_GATEWAY=
#dns的ip地址
NAME_SERVER_IP1=
NAME_SERVER_IP2=
HOSTNAME=floppyfw
DOMAIN=floppyfwsecured.com
#
# Use a DHCP server on the inside network. (This will turn on the DNSMASQ)
#打开DHCP服务,想打开的话则n改为y
DHCP_DAEMON=n
DHCP_RANGE_START=192.168.0.100
DHCP_RANGE_END=192.168.0.200
#
# Use a caching DNS server on the floppy. (This will automatically be true if
# the DHCP daemon is used.)
#打开DNS缓存n不打开,y打开。如果打开的话则客户端的dns可以为192.168.0.1
DNSMASQ=y
floppyfw-2.9.6-pppoe.img 的config
#
# Configuration for floppyfw
# $Id: config,v 1.1.1.1 2003/10/18 14:22:56 thomasez Exp $
#
# Fill in the blanks.
#
# For configuring of modules to use,
# this includes the network interfaces: /modules.lst
# For configuring firewall rules and incoming traffic: /firewall.ini
# For configuring extra network interfaces you may use netwirk.ini
# Serial console is set in syslinux.cfg (or isolinux.cfg for CD's)
# The default internal network is 10.42.42.* with 10.42.42.1
# As the floppyfw internal address (and default gateway for all
# internal machines). To change this go down to the INSIDE section.
#=============================================================================
#
# Basic configuration:
#
# Select the type of your OUTSIDE connection:
# CONNECT_TYPE=PPP # if you use a modem
CONNECT_TYPE=PPPoE # if you use some type of DSL that uses PPPoE
# (Most of them do)
# CONNECT_TYPE=DHCP # For getting the IP address by DHCP, often used
# on cable modems.
# CONNECT_TYPE=STATIC # For the good old LAN/WAN connections with
# static IP addresses on the outside.
# (setup of the interface is done further down
# in this file)
# CONNECT_TYPE=EXTERNAL # is a hook for booting a external startup
# script from a package.
# the external script has to be in /etc/ext-up.init
#
# Some connection methods wants a userid and password, PPP and PPPoE
# is the typical but also the EXTERNAL option may want it.
#
USER_IDENT=xxxxxxxx
USER_PASSWORD=xxxxxxxx
#
# Use a DHCP server on the inside network. (This will turn on DNSMASQ aswell)
# (Dnsmasq is a dns cache.)
#
DHCP_DAEMON=y
#
# Floppyfw now has a login prompt.
# Default, for now, is a login prompt and no password..
# You have to "login" as root.
#
# Password can be created in many ways. You have two (three) options,
# DES_PASSWORD will accept a crypted string
# PASSWORD will accept a string (the specific root password).
# This will give you "ffw" as login password.
# DES_PASSWORD=nCLm5JgCK0G5U
PASSWORD=
#
# Done! Your floppyfw should already work by now.
# Save this file and give it a first shot !
# Beneath are options for setting up more advanced stuff
# (including static network settings and ppp)
#
#=============================================================================
#
#
# Physical device layout:
#
# In the files /etc/outside.info and /etc/inside.info you will see
# OUTSIDDE_DEVICE and INSIDE_DEVICE, those are the logical devices used by
# firewall.init and friends..
#
# If you have only one network card you can set INSIDE_DEV to eth0:0
# and it will use ip aliasing to make it all work.
#
OUTSIDE_DEV=eth1
INSIDE_DEV=eth0
#-----------------------------------------------------------------------------
#
# INSIDE settings:
#
#
# Your inside network, this has 10.42.42.* set as default, this is
# addresses assigned for internal networks according to RFC 1918.
#
# Network and broadcast address will be automatically configured.
#
INSIDE_IP=10.1.1.2
INSIDE_NETMASK=255.0.0.0
#
# If you use the internal DHCP server and change the IP address and range
# above you should also set the dhcp address range.
#
DHCP_RANGE_START=10.1.1.1
DHCP_RANGE_END=10.1.1.254
#-----------------------------------------------------------------------------
#
# OUTSIDE settings if you are using the STATIC connection option:
#
# Network and broadcast address will be automatically configured.
#
OUTSIDE_IP=
OUTSIDE_NETMASK=
#
# Misc
# These are not nescessary to set if you are using DHCP.
# (The DOMAIN field might be useful to change)
#
DEFAULT_GATEWAY=
# Name servers can be a list, separated by a space. like "1.1.1.1 1.1.1.2"
NAME_SERVER_IP="202.99.xxx.xxx" "202.99.xxx.xxx"
# MAC address for outside nic
# Some ISPs uses bootp style dhcp tables and some just remembers the last
# used MAC address. this allows you to swap nics
# OUTSIDE_MAC=00:00:e8:48:6c:cb
#-----------------------------------------------------------------------------
#
# DMZ settings.
#
# This is just to set up the network, you have to edit firewall.ini to
# be able to do ahything useful with this.
#
USE_DMZ=n
DMZ_DEV=eth2
DMZ_IP=10.1.1.5
DMZ_NETMASK=255.255.255.0
#
# This switch (is not working yet) will turn on or off NAT to the outside
# network.
#
DMZ_USE_NAT=y
#-----------------------------------------------------------------------------
# PPP settings:
#
# Change the following only if you are using PPP or PPPoE!
#
# Phone number:
TELEPHONE=
# Serial Port COM1 is /dev/tts/0, COM2 is /dev/tts/1 etc.
SERIAL_PORT=/dev/tts/1
PORT_SPEED=57600
PPP_CONNECT_TIMEOUT=60
PPP_CONNECT_POLL=3
#
# General configuration options
#
USEPEERDNS=yes # set to 'yes' or 'no'
#Change the DEMAND variable to either:
# 'no' for "always on" connection
# N where N is the number of idle seconds before we disconnect
#DEMAND=600
DEMAND=no
# A debug option for debugging PPPoE, it will log to the specified file.
# This must NOT be used during normal use, it'll fill up the ramdisk..
# PPPOE_DEBUG=/tmp/pppoe.log
#-----------------------------------------------------------------------------
#
# Defaults and switches:
#
HOSTNAME=floppyfw
DOMAIN=floppyfwsecured.com
#
# Use a caching DNS server on the floppy. (This will automatically be true if
# the DHCP daemon is used.)
#
DNSMASQ=n
#
# And for the logging the scripts use:
# Default works for most purposes.
#
DEBUG_LOG="/dev/vc/3"
#
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
# The firewall.ini file is where you can turn on logging of rejected packages.
#
USE_SYSLOG=n
# Uncomment to log to /dev/vc/4 instead of /var/log/messages
# which aren't exactly a good idea on a ramdisk.
SYSLOG_TTY="-O $DEBUG_LOG"
# Or the another virtual console than the other messages:
# SYSLOG_TTY="-O /dev/vc/4"
# Uncomment to log to network. host:port
# SYSLOG_NET="-R 10.42.42.42:514"
# Uncomment to not print a mark
# SYSLOG_MARK="-m 0"
[ "$SYSLOG_TTY" -a "$SYSLOG_NET" ] && SYSLOG_BOTH="-L"
SYSLOG_FLAGS="$SYSLOG_MARK $SYSLOG_TTY $SYSLOG_NET $SYSLOG_BOTH"
#
# At the bottom (almost) because this is a feature that should not be
# widely used but it will be useful for some people, escpecially
# people using some irc servers demanding a result.
#
# This is a fake ident daemon, you can set the userid it shall answer
# and floppyfw will automagically start the fake identd with this user
# as the response.
#
# This will have security implications since you are running a listening
# daemon (server) on the outside network interface. do this ONLY
# if you really need it.
#
#FAKEIDENT=
# If you want to use a second device (floppy disk, or whatever),
# enter a device name like "/dev/fd1"
# Otherwise enter "n"
#SECOND_DEVICE="/dev/floppy/1"
SECOND_DEVICE=n
****************************
请再看看,哪有什么错误!!!!!!!!!!
kubilezy
发表于 2004-3-11 18:35:49
QUOTE
主要的配置在config文件中
防火墙的配置在firewall.ini 中可以不改,如果要做端口映射则要修改
把映象文件做到软盘上修改这两个文件就行了。
我用这个东东曾做过一个网关,用四块网卡,其中两根光缆实现ip地址的流量匀衡,一根ADSL指定给几台电脑用,一根是内网。
还用这个做了一个优盘启动的。
他好象要对CONFIG文件进行修改,我已经制作好了A盘并且系统启动成功,但是不会用了,请指导!!!!!!!!!!!感谢!
两位用的都是什么网卡,不会都是PCI的吧。有用ISA网卡的吗??
如何配置网卡IO,IRQ的信息。
yyljt
发表于 2004-3-12 00:00:42
在 NAME_SERVER_IP="" 多个ip地址用空格分开
floppyfw用了linux 2.43内核当然用iptables了,对于扩展包我只用过e3vi用来编辑的.
使用扩展包不复杂,解开压缩放到packages目录下就可以了.
floppyfw用isa我没有试过,我用8139的网卡.我用过的四块网卡的那个3块81391块8029,内核我重新编译过的原来的不支持多个网关就不能实现流量匀衡.
我觉的floppyfw可以自己修改定制非常方便.
kubilezy
发表于 2004-3-12 01:12:28
QUOTE
在 NAME_SERVER_IP=\"\" 多个ip地址用空格分开
floppyfw用了linux 2.43内核当然用iptables了,对于扩展包我只用过e3vi用来编辑的.
使用扩展包不复杂,解开压缩放到packages目录下就可以了.
floppyfw用isa我没有试过,我用8139的网卡.我用过的四块网卡的那个3块81391块8029,内核我重新编译过的原来的不支持多个网关就不能实现流量匀衡.
我觉的floppyfw可以自己修改定制非常方便.
NAME_SERVER_IP是输入电信的DNS的IP吗?
NAME_SERVER_IP="xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx"
关于ISA网卡,我上了新闻组,好像要改 modules.lst加入IO和IRQ,结果
PING不通路由IP。
在config里查到 For configuring of modules to use,
# this includes the network interfaces: /modules.lst
edit modules.lst
#
# Modules.lst
#
# $Id: modules.lst,v 1.1.1.1 2003/10/18 14:22:56 thomasez Exp $
#
# Plug and play module, may not be needed.
#
isa-pnp---->要改吗?
#
#
# Network Interface Cards:
#
3c509
3c59x
8390
ne2k-pci
#
# The ne module cannot autoprobe and needs an io port.
#ne eth0 io=0x300 irq=11
#ne eth1 io=0x240 irq=10------>这样写对吗?
alias eth0 ne
options ne io=0x300 irq=11
alias eth1 ne
options ne io=0x240 irq=10 --->还是要这样写(代不代dmesg命令)
mii
tulip
eepro100
#rtl8139
8139cp
8139too
pcnet32
#
# Iptables modules:
#
arp_tables
arptable_filter
iptable_mangle
ip_queue
ipt_DSCP
ipt_ECN
ipt_LOG
ipt_MARK
ipt_MIRROR
ipt_REDIRECT
ipt_TCPMSS
ipt_TOS
ipt_ULOG
ipt_conntrack
ipt_dscp
ipt_ecn
ipt_helper
ipt_length
ipt_limit
ipt_mac
ipt_mark
ipt_owner
ipt_physdev
ipt_pkttype
ipt_tcpmss
ipt_tos
ipt_ttl
ipt_unclean
ip_conntrack_ftp
ip_nat_ftp
ip_conntrack_irc
ip_nat_irc
#ip_nat_tftp
#ip_conntrack_tftp
#ip_nat_amanda
# ip_conntrack_amanda
××××××××××××××××××××
kubilezy
发表于 2004-3-13 05:09:41
首先新手不要下载这里的文件,因为好像是beta版,虽然版本高,支持军管区(但是我下载了2.9.6pppoe.img 没有成功)
http://www.zelow.no/floppyfw/download/Development/
floppyfw-2.9.5-pppoe.img(测试通过)
下载通用版本
http://www.zelow.no/floppyfw/download/
floppyfw-2.0.8-1680K-pppoe.img(测试通过)
floppyfw-current-pppoe.img (没试,我想也可以)
下载后,用winimage程序,格式化写入,变为1680K的软盘
按yyljt 朋友写的 修改 config文件
双ISA网卡:
注意 兼容NE 的ISA网卡是不支持pnp的,自定义IO的IRQ
(好像有些ISA支持,当然网卡要设成pnp)
floppyfw 下使用双ISA网卡,, 编辑modules.lst 加入
ne io=0x300,0x240 (第一个IO可能要写外网的)
只需写io不用写irq
至于防火墙 firewall.ini兼容 LINUX的iptables 的命令
floppyfw用了linux 2.43内核当然用iptables了,对于扩展包我只用过e3vi用来编辑的.
使用扩展包不复杂,解开压缩放到packages目录下就可以了.
虽然floppyfw 支持的扩展包不少,我发现他们基本没有测试过。
--
tc:
packages for traffic control.
the tcmods.bz2 package is always for the newest 1.9/2.0 kernel until
further notice.
--
qADSL
for logging onto the Telia ADSL service.
From: "Mikael Bak"
--
telnetd
check the readme for details.
remember that this is a plaintext protocol and that it can be
sniffed so do make sure you run this on the internal NIC.
Not tested by me.
--
dns2go
from: "Hernan F"
Not tested by me.
--
socks5
From: "Stanislaw Y. Pusep"
not tested by me, compiled static.
--
dnrd
DNS cache.
packages by Ken Yap.
not tested by me (as usual)
--
nanotop
this package is now maintained by Michael Wojciechowski
go to:for updated packages.
"
nanotop is a program with display 3 interesting things:
a) cpu usage
memory consumption
c) send and receice speed on the external interface
"
made by:"Michael Bruestle"
not tested by me (yet)
--
microproxy
micro_proxy and micro_inetd.
Not tested by me.
made by:
Andreas Schweitzer
ndy@physast.uga.edu
check: http://dilbert.physast.uga.edu/~andy/floppyfw.html
for updates and more packages.
--
dante
The dante SOCKS proxy.
and dante-crypt, The dante SOCKS proxy bundled with a libcrypt library.
Not tested by me.
made by:
Andreas Schweitzer
ndy@physast.uga.edu
check: http://dilbert.physast.uga.edu/~andy/floppyfw.html
for updates and more packages.
--
microhttpd
This is in fact a small web server. I don't think it can be
used for controlling the floppy, not making it more secure
but the author wanted to show that it is possible.
Not tested by me.
made by:
Andreas Schweitzer
ndy@physast.uga.edu
check: http://dilbert.physast.uga.edu/~andy/floppyfw.html
for updates and more packages.
--
Loadkeys
french and belgium keyboard mappings.
From:
Benoit Mortier
R&D Engineer
www.opensides.com
--
PPP and PPPoE
PPP and PPPoE clients, made by Brad Wood.
--
ptsnt113.bz2
post-pts.ini
Description: Port Sentry.
This package is made for floppyfw 1.1.1 and above.
Provided by: "Dominique Stender"
not tested by me.
--
E3.bz2
Description: very small editor.
License: GPL
Source: http://freshmeat.net/projects/e3/?highlight=e3
Provided by: "Dominique Stender"
not tested by me.
1.4 version provided by:
From: andy@logic.reptile.house (Andreas Schweitzer)
--
elvis.bz2
Description: elvis the vi like editor.
Tested: no. seems to have some glitches.
Reason: someone wanted an editor.
--
vpnd.bz2
VPN Daemon.
http://www2.crosswinds.net/nuremberg/~anst.../unix/vpnd.html
samples and binary provided in the package.
this package is not tested.
--
strace.bz2
strace with needed libraries.
tested and works.
--
dhcpd.bz2 & post-dhcpd.ini
DHCP-daemon for running on the floppy.
From: Matthew Ashton
Not tested by me.
--
nc.bz2
netcat.
"netcat is a really cool tool for setting up connections on a specific
port to another host."
provided by: Gerard van Dijnsen
Not tested by me.
--
dea.bz2
dea-1.3 is an small 56 bits DES encryption program.
provided by: Gerard van Dijnsen
(Package made in The Netherlands, floppyfw's main server is in Norway)
Not tested by me.
--
chksum.bz2
The package chksum is a compilation of three tools from textutils that
make checksums from
files or strings:
cksum makes a CRC checksums
sum makes 16 bits checksums
md5sum makes 128 bits checksums
md5 is extremely strong, but a bit slow.
cksum and sum are not as strong, but a lot faster.
This typically can be used to implement something resembling tripwire,
giving you the opportunity to check if files on your firewall have been
compromised is some way.
provided by: Gerard van Dijnsen
--
ppp.bz2
Not tested by me, please report success.
From the author:
I needed it somewhere and thought you might be interested. I tested it
and it works ok.
It has pppd and chat, but you need to write your own scripts (and put
them in /etc/ppp)
Also you need to recompile the kernel (PPP _and_ serial support
enabled!)
Have fun!
provided by: Gerard van Dijnsen
--
dhcpcd.bz2
Description: dhcpcd
Tested: reported working.
The client needed to get the DHCP hooks in the floppy working.
Usage in /config on the floppy.
*** This is not needed in versions of the floppyfw from pre14. ***
*********************
有兴趣的朋友可以试一试
floopyfw好像还支持串口管理,有线的朋友也可以试试。
接下来,试试有没有可能把floopyfw装在有coyote的硬盘上。。
最终 的想法是在一块硬盘上装入 全部可以装进硬盘的软路由程序
如coyotefloopyfwfreescofli4l支持vfat分区的 多路由系统。(bbi暂时没戏了)(一块硬盘只装一个路由太可惜了)
高手们,可以再提提意见。。。说说想法。。
kubilezy
发表于 2004-3-13 07:07:15
cotacota 可真是大好人 [闲聊]将floppyfw装在硬盘上
http://users.rcn.com/t3iv/index.html 这里有详细的说明
1.floopyfwon hd硬盘启动
2 VPND 虚拟网
3 bridging网桥
4 printserver打印服务
syslinux -s c:谁能告诉我这个命令是什么意思,产生什么效果。安装LINUX启动分区那它是不是写在MBR 里呢?
还有,谁知道第三方多系统管理软件,各个系统之间是相互独立,看不看的??
system commander ??or bootmagic8.0 必须支持linux才可以用
yyljt
发表于 2004-3-13 20:41:16
syslinux -s c: 相当于sys c: 只不过syslinux传的是linux的引导文件ldlinux.sys
这些防火墙floopyfw、coyote等都是迷你型的linux我想效果是一样的,附加功能少的说不定稳定些。都放在硬盘上没有意思。我倒是修改了floopyfw做了一个用优盘引导的。只要懂些linux相应的就可以自己修改了。
kubilezy
发表于 2004-3-13 23:57:03
QUOTE
syslinux -s c: 相当于sys c: 只不过syslinux传的是linux的引导文件ldlinux.sys
这些防火墙floopyfw、coyote等都是迷你型的linux我想效果是一样的,附加功能少的说不定稳定些。都放在硬盘上没有意思。我倒是修改了floopyfw做了一个用优盘引导的。只要懂些linux相应的就可以自己修改了。
笔如要达到 你做的那个网关双外网,DMZ,内网,的修改。。。要看有关于LINUX的内容的哪个部分。。 (好像高手,都玩完整版的LINUX,软路由也只是LINUX很小的一部分)
yyljt
发表于 2004-3-14 12:15:43
完整版的LINUX功能多其它的服务也多,linux内核中的功能多,但这些小的linux的内核是完全为网络与路由优化的,因此效率也高多了,相对的机器要求也低了。linux的软路由都是linux的最大简化版,只要你使用的机器好点的话它的性能绝对比的上低档的路由器(指主要用来作nat,其实用路由的话可以用Zebra软件包)。路由器其实也是一台电脑只不过cpu不同罢了用了专业的软件。
lisidong
发表于 2004-4-13 18:59:44
floppyfw成功做到硬?的网友,能否???出?.
ynboyinkm
发表于 2004-4-15 01:13:42
省掉的都是不重要的配置吧???
ljz625
发表于 2004-4-23 20:40:42
可以讲一下,怎么做到U盘上的吗?
yyljt
发表于 2004-5-19 01:49:53
哪里有空间?我可以上传一个我修改过的用usb启动的的floppyfw给大家,内核我也编译过的可以用来作流量匀量。