Weiter: 3.2 Allgemeine Einstellungen Hoch: 3. Basiskonfiguration Zurück: 3. Basiskonfiguration
Die Beispiel-Datei base.txt im Verzeichnis config/ hat
folgenden Inhalt:
##-----------------------------------------------------------------------------
## fli4l __FLI4LVER__ - configuration for package "base"
##
## P L E A S E R E A D T H E D O C U M E N T A T I O N !
##
## B I T T E U N B E D I N G T D I E D O K U M E N T A T I O N L E S E N !
##
##-----------------------------------------------------------------------------
## Creation: 26.06.2001 fm
## Last Update: $Id: base.txt 57636 2020-01-25 07:44:34Z lanspezi $
##
## Copyright (c) 2001-2016 - Frank Meyer, fli4l-Team <team@fli4l.de>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##-----------------------------------------------------------------------------
#------------------------------------------------------------------------------
# General settings:
#------------------------------------------------------------------------------
HOSTNAME='fli4l' # name of fli4l router
PASSWORD='fli4l' # password for root login (console, sshd,
# imond)
BOOT_TYPE='hd' # boot device: hd, cd, ls120, integrated,
# attached, netboot, pxeboot
LIBATA_DMA='disabled' # Use DMA on ATA Drives ('enabled') or not
# ('disabled'). The default 'disabled' allows
# ancient IDE CF cards to be booted from.
# Use 'enabled' if you boot from a VirtualBox's
# virtual device.
MOUNT_BOOT='rw' # mount boot device: ro, rw, no
BOOTMENU_TIME='5' # waiting time of bootmenu in seconds
# before activating normal boot
TIME_INFO='MEZ-1MESZ,M3.5.0,M10.5.0/3'
# description of local time zone,
# don't touch without reading documentation
KERNEL_VERSION='3.16.81' # kernel version
KERNEL_BOOT_OPTION='' # append option to kernel command line
COMP_TYPE_OPT='xz' # compression algorithm if compression is
# enabled for OPT archive;
# NOTE that some boot types may disallow
# some compression algorithms
IP_CONNTRACK_MAX='' # override maximum limit of connection
# tracking entries
POWERMANAGEMENT='acpi' # select pm interface: none, acpi, apm, apm_rm
# apm_rm switches to real mode before invoking
# apm power off
#------------------------------------------------------------------------------
# Localisation
#------------------------------------------------------------------------------
LOCALE='de' # defines the default language for several
# components, such as httpd
#------------------------------------------------------------------------------
# Console settings (serial console, blank time, beep):
#------------------------------------------------------------------------------
CONSOLE_BLANK_TIME='' # time in minutes (1-60) to blank
# console; '0' = never, '' = system default
BEEP='yes' # enable beep after boot and shutdown
SER_CONSOLE='no' # use serial interface instead of or as
# additional output device and main input
# device
SER_CONSOLE_IF='0' # serial interface to use, 0 for ttyS0 (COM1)
SER_CONSOLE_RATE='9600' # baudrate for serial console
#------------------------------------------------------------------------------
# Debug Settings:
#------------------------------------------------------------------------------
DEBUG_STARTUP='no' # write an execution trace of the boot
#------------------------------------------------------------------------------
# Keyboard layout
#------------------------------------------------------------------------------
KEYBOARD_LOCALE='auto' # auto: use most common keyboard layout for
# the language specified in 'LOCALE'
#OPT_MAKEKBL='no' # set to 'yes' to make a new local keyboard
# layout map on the fli4l-router
#------------------------------------------------------------------------------
# Ethernet card drivers:
#------------------------------------------------------------------------------
#
# please see file base_nic.list in your config-dir or read the documentation
#
#
# If you need a dummy device, use 'dummy' as your NET_DRV
# and IP_NET_%_DEV='dummy<number>' as your device
#
#------------------------------------------------------------------------------
NET_DRV_N='1' # number of ethernet drivers to load, usually 1
NET_DRV_1='ne2k-pci' # 1st driver: name (e.g. NE2000 PCI clone)
NET_DRV_1_OPTION='' # 1st driver: additional option
NET_DRV_2='ne' # 2nd driver: name (e.g. NE2000 ISA clone)
NET_DRV_2_OPTION='io=0x320' # 2nd driver: additional option
#------------------------------------------------------------------------------
# Ether networks used with IP protocol:
#------------------------------------------------------------------------------
IP_NET_N='1' # number of IP ethernet networks, usually 1
IP_NET_1='192.168.6.1/24' # IP address of your n'th ethernet card and
# netmask in CIDR (no. of set bits)
IP_NET_1_DEV='eth0' # required: device name like ethX
#------------------------------------------------------------------------------
# Additional routes, optional
#------------------------------------------------------------------------------
IP_ROUTE_N='0' # number of additional routes
IP_ROUTE_1='192.168.7.0/24 192.168.6.99'
# network/netmaskbits gateway
IP_ROUTE_2='0.0.0.0/0 192.168.6.99'
# example for default-route
#------------------------------------------------------------------------------
# Packet filter configuration
#------------------------------------------------------------------------------
PF_INPUT_POLICY='REJECT' # be nice and use reject as policy
PF_INPUT_ACCEPT_DEF='yes' # use default rule set
PF_INPUT_LOG='no' # don't log at all
PF_INPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst of 5
# events
PF_INPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_INPUT_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_INPUT_N='1' # number of INPUT rules
PF_INPUT_1='IP_NET_1 ACCEPT' # allow all hosts in the local network to
# access the router
PF_INPUT_2='tmpl:samba DROP NOLOG'
# drop (or reject) samba access
PF_INPUT_2_COMMENT='no samba traffic allowed'
# without logging, otherwise the log file will
# be filled with useless entries
PF_FORWARD_POLICY='REJECT' # be nice and use reject as policy
PF_FORWARD_ACCEPT_DEF='yes' # use default rule set
PF_FORWARD_LOG='no' # don't log at all
PF_FORWARD_LOG_LIMIT='3/minute:5'
# log 3 events per minute; allow a burst of 5
# events
PF_FORWARD_REJ_LIMIT='1/second:5'
# reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_FORWARD_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_FORWARD_N='2' # number of FORWARD rules
PF_FORWARD_1='tmpl:samba DROP' # drop samba traffic if it tries to leave the
# subnet
PF_FORWARD_2='IP_NET_1 ACCEPT' # accept everything else
PF_OUTPUT_POLICY='ACCEPT' # default policy for outgoing packets
PF_OUTPUT_ACCEPT_DEF='yes' # use default rule set
PF_OUTPUT_LOG='no' # don't log at all
PF_OUTPUT_LOG_LIMIT='3/minute:5'
# log 3 events per minute; allow a burst of 5
# events
PF_OUTPUT_REJ_LIMIT='1/second:5'
# reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_OUTPUT_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_OUTPUT_N='0' # number of OUTPUT rules
PF_POSTROUTING_N='1' # number of POSTROUTING rules
PF_POSTROUTING_1='IP_NET_1 MASQUERADE'
# masquerade traffic leaving the subnet
PF_PREROUTING_N='0' # number of PREROUTING rules
PF_PREROUTING_1='1.2.3.4 dynamic:22 DNAT:@client2'
# forward ssh connections coming from 1.2.3.4
# to client2
PF_PREROUTING_CT_ACCEPT_DEF='yes'
# use default rule set
PF_PREROUTING_CT_N='1' # number of conntrack PREROUTING rules
PF_PREROUTING_CT_1='tmpl:ftp IP_NET_1 HELPER:ftp'
# associate FTP conntrack helper for active FTP
# forwarded from within the LAN
PF_PREROUTING_CT_2='tmpl:ftp any dynamic HELPER:ftp'
# associate FTP conntrack helper for active FTP
# forwarded to the router's external IP
PF_OUTPUT_CT_ACCEPT_DEF='yes' # use default rule set
PF_OUTPUT_CT_N='0' # number of conntrack OUTPUT rules
PF_OUTPUT_CT_1='tmpl:ftp HELPER:ftp'
# associate FTP conntrack helper for outgoing
# active FTP on the router (this rule is added
# automatically by the tools package if
# OPT_FTP='yes' and FTP_PF_ENABLE_ACTIVE='yes')
PF_USR_CHAIN_N='0' # number of user-defined rules
#------------------------------------------------------------------------------
# Domain configuration:
# settings for DNS, DHCP server and HOSTS -> see package DNS_DHCP
#------------------------------------------------------------------------------
DOMAIN_NAME='lan.fli4l' # your domain name
DNS_FORWARDERS='194.8.57.8' # DNS servers of your provider,
# e.g. ns.n-ix.net
# optional configuration for the host-entry of the router in /etc/hosts
#HOSTNAME_IP='IP_NET_1_IPADDR' # IP to bind to HOSTNAME
#HOSTNAME_ALIAS_N='0' # how many ALIAS names for the router
#HOSTNAME_ALIAS_1='router.lan.fli4l'
# first ALIAS name
#HOSTNAME_ALIAS_2='gateway.my.lan'
# secound ALIAS name
#------------------------------------------------------------------------------
# imond configuration:
#------------------------------------------------------------------------------
START_IMOND='no' # start imond: yes or no
IMOND_PORT='5000' # port (tcp), don't open it to the outside
IMOND_PASS='' # imond-password, may be empty
IMOND_ADMIN_PASS='' # imond-admin-password, may be empty
IMOND_LED='' # tty for led: com1 - com4 or empty
IMOND_BEEP='no' # beep if connection is going up/down
IMOND_LOG='no' # log /var/log/imond.log: yes or no
IMOND_LOGDIR='auto' # log-directory, e.g. /var/log or auto for
# saving in auto-detected savedir
IMOND_ENABLE='yes' # accept "enable/disable" command
IMOND_DIAL='yes' # accept "dial/hangup" command
IMOND_ROUTE='yes' # accept "route" command
IMOND_REBOOT='yes' # accept "reboot" command
#------------------------------------------------------------------------------
# Generic circuit configuration:
#------------------------------------------------------------------------------
IP_DYN_ADDR='yes' # use dyn. IP addresses (most providers do)
DIALMODE='auto' # standard dialmode: auto, manual, or off
#------------------------------------------------------------------------------
# optional package: syslogd
#------------------------------------------------------------------------------
#OPT_SYSLOGD='no' # start syslogd: yes or no
#SYSLOGD_RECEIVER='yes' # receive messages from network
SYSLOGD_DEST_N='1' # number of destinations
SYSLOGD_DEST_1='*.* /dev/console'
# n'th prio & destination of syslog msgs
SYSLOGD_DEST_2='*.* @192.168.6.2'
# example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log'
# example: log infos to file
SYSLOGD_ROTATE='no' # rotate syslog-files once every day
SYSLOGD_ROTATE_DIR='/data/syslog'
# move rotated files to ....
SYSLOGD_ROTATE_MAX='5' # max number of rotated syslog-files
#------------------------------------------------------------------------------
# Optional package: klogd
#------------------------------------------------------------------------------
#OPT_KLOGD='no' # start klogd: yes or no
#------------------------------------------------------------------------------
# Optional package: logip
#------------------------------------------------------------------------------
#OPT_LOGIP='no' # logip: yes or no
LOGIP_LOGDIR='auto' # log-directory, e.g. /boot or auto-detected
#------------------------------------------------------------------------------
# Optional package: y2k correction
#------------------------------------------------------------------------------
#OPT_Y2K='no' # y2k correction: yes or no
Y2K_DAYS='0' # correct hardware y2k-bug: add x days
#------------------------------------------------------------------------------
# Optional package: PNP
#------------------------------------------------------------------------------
#OPT_PNP='no' # install isapnp tools: yes or no
Zu beachten ist, dass diese Datei im DOS-Format gespeichert ist. Das heißt, sie enthält jeweils am Zeilenende ein zusätzliches Carriage-Return (CR). Da die meisten Unix-Editoren damit keine Probleme bekommen wurde dieses Format gewählt, denn umgekehrt hat der Windows-Editor bei fehlendem CR am Zeilenende keine Chance!
Sollte es wider Erwarten unter Unix/Linux doch Probleme mit dem Lieblingseditor geben, kann die Datei vor dem Editieren mit einem Befehl in das Unix-Format konvertiert werden:
sh unix/dtou config/base.txt
Für die Erstellung des Boot-Mediums ist es völlig unerheblich, ob die Datei CRs am Zeilenende enthält oder nicht. Sie werden beim Schreiben auf das Boot-Medium einschließlich der Kommentare komplett ignoriert.
Jetzt aber zum Inhalt ...