StingLin Alcatel SPeedtouch USB Firewall for Linux|
Now running on a 2.4.19 kernel. I've ditched the official Alcatel driver as I think Benoit Papillault's driver works better. Openssh is now at v3.4p1. I'm now using rudimentary hotplugging to detect the modem. There's a real cron daemon. I'm using a normal SySV init instead of busybox's init. There's also support to mount a USB disk drive (in my case a Sony Camera's memory stick)12.1.2002 v0.4
I've finally updated it. The 0.3 version was based on the 2.4.7 kernal. I've now used a 2.4.17 kernel. The ppp over atm patch is now incorporated into the kernel. Other changes are iptables 1.2.4 compiled as a single executable. ReiserFS has been ditched in favour of ext3 for any extra filesystems (the root fs is also ext3, but still mounted read only).
IntroductionThis is my attempt at a pre-packaged firewall/gateway based on Linux and the Alcatel Speedtouch USB modem (the weird bluey green thing). This will allow you to connect a home LAN through to an ADSL internet connection.
Network card driver modules included
InstallationYou need 3 floppy disks for the install. You should probably format them first. They are just normal 1.44MB format floppies. If you have a linux box with 'superformat' you can do this:
superformat /dev/fd0 hd sect=18Download and extract the following tar.gz file:
dd if=disk1.bin of=/dev/fd0 bs=1k dd if=disk2.bin of=/dev/fd0 bs=1k dd if=disk3.bin of=/dev/fd0 bs=1kIf you're doing this from Windows then you should get Rawrite for Windows available here.
Label disks as 1 ,2 and 3.
Insert disk 1 into your soon-to-be-firewall and boot it up. Disk one is a linux boot/root disk, so you should see an initial LILO prompt, a long pause while it loads the kernel ... then loads the compressed ramdisk contents. Eventually you should get a prompt asking you to press ENTER to login. You can safely ignore the errors about not being able to write to tty5.
At the '#' prompt type 'setup'. This now goes through all the setup steps and prompts you as appropriate. Here are the main steps:
OperationBoot up the PC. If you're using a serial console, make sure you have an appropriate serial terminal (or PC running a terminal program) plugged in. The usual settings are hardware handshaking/8 bits/no parity and whatever baud rate you set.
The screen output can be messy, but hopefully you should get something like:
Waiting for ADSL negotiation Starting Stingray Modem. Waiting to sense USB attachment .usb_control/bulk_msg: timeout usbdevfs: USBDEVFS_BULK failed dev 2 ep 0x85 len 512 ret -110 . (none) login:The USB errors appear to be OK. I just always get them.
PPP upIts supposed to happen. Now you should be able to press ENTER and get a login prompt. Login and try pinging some known address (eg. ping yahoo.com). It should work. DNS server information is automatically retrieved from the ppp connection.
In order to use a PC on your internal LAN, you'll need to specify a default
gateway (on the PC) that corresponds to the LAN card on the firewall PC. You also need to
specify the DNS servers. To find these out from the firewall PC, just login to
it (using ssh) and
There is a default firewall config script that is run during boot. It is not reconfigured based on the IP address info you entered (maybe in the next version). So unless you set up your internal network like mine, you probably won't get far. Basically, my setup is to have 3 network cards on addresses 10.0.0.5, 10.0.1.5 and 10.0.2.5 (all with netmask 255.255.255.0). Each card just has a crossover cable going to a PC. The firewall script will allow most traffic from these 3 subnets to go out via the ADSL connection. The important variable assignments in the /etc/rcFirewall script are all at the top of the script.
Firewall Boot SequenceI'm now using a SySV init which simplifies things enormously. Here is what you'll probably have:
# Default runlevel. (Do not set to 0 or 6) id:3:initdefault: # System initialization (runs when system boots). si:S:sysinit:/etc/rcS # Script to run when going multi user. rc:2345:wait:/etc/rcM #c1:1235:respawn:/sbin/agetty 38400 tty1 linux #c2:1235:respawn:/sbin/agetty 38400 tty2 linux c1:1235:respawn:/sbin/agetty 38400 tty1 linuxBasically /etc/rcS runs first and then /etc/rcM. None of these initalise the modem. Its all managed from /sbin/hotplug.
This performs the following:/etc/rcM
This just starts the openssh server and the cron daemon./sbin/hotplug
It just checks for an 'add' event and checks that the product id matches the one for an Alcatel Stingray modem. If it does it runs /etc/InsertStingrayetc/rcInsertStingray
This is pretty simple. modem_run loads the modem firmware and waits for the ADSL line to initialise. Then pppd starts up the ppp link.
But there's more
The last major thing init does is to start up pppd. pppd should connect within seconds and will automatically run the ip-up script in /etc/ppp. ip-up then calls /etc/rcFirewall script. This script sets up some simple firewall rules involving doing MASQUERADING from the internal LAN cards onto the ADSL connection.
Setting up a Web ServerYou may have noted that mini_httpd is included with StingLin. The idea is that you can utilise some of your spare disk space (you didn't use up the whole disk for StingLin's partition did you?) for web server content. Unlike, the root fs that is permanently read-only, the web server content file system will need to be read/write (technically it doesn't have to be but its a lot more flexible). Now, because the system was designed so you could just turn it off without shutdown procedures, the web server filesystem needs to be recoverable through and unclean shutdown. Prevously, I used reiserfs, but now that ext3 is getting more mainstream I'm using it. Its seems a lot more simpler, recovers quickly (unlike reiserfs) and doesn't require that enormous mkreiserfs binary.
During the installation procedure for Stinglin it asks if you want to setup another partition. If you didn't then here is what you might do: Here's what you might do:
mke2fs -j /dev/hda4 mount -t ext3 /dev/hda4 /mnt cd /mnt mini_httpd -rNow to mount it at boot time, you could just put the following in /etc/rcS:
mount -t ext3 /dev/hda4 /mntEdit /etc/rcM and add the lines to start the web server:
/sbin/crond # Start mini_httpd cd /mnt /sbin/mini_httpd -r
pablo , 2002-11-17 09:45:32