Plus : 3.2 Configuration générale En haute : 3. Configuration de la Retour : 3. Configuration de la
L'exemple fichier de base.txt qui est dans le répertoire config/ a
le contenu suivant: :
##-----------------------------------------------------------------------------
## fli4l __FLI4LVER__ - configuration for package "base"
##
## P L E A S E R E A D T H E D O C U M E N T A T I O N !
##
## B I T T E U N B E D I N G T D I E D O K U M E N T A T I O N L E S E N !
##
##-----------------------------------------------------------------------------
## Creation: 26.06.2001 fm
## Last Update: $Id: base.txt 54926 2019-01-15 19:30:51Z lanspezi $
##
## Copyright (c) 2001-2016 - Frank Meyer, fli4l-Team <team@fli4l.de>
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##-----------------------------------------------------------------------------
#------------------------------------------------------------------------------
# General settings:
#------------------------------------------------------------------------------
HOSTNAME='fli4l' # name of fli4l router
PASSWORD='fli4l' # password for root login (console, sshd,
# imond)
BOOT_TYPE='hd' # boot device: hd, cd, ls120, integrated,
# attached, netboot, pxeboot
LIBATA_DMA='disabled' # Use DMA on ATA Drives ('enabled') or not
# ('disabled'). The default 'disabled' allows
# ancient IDE CF cards to be booted from.
# Use 'enabled' if you boot from a VirtualBox's
# virtual device.
MOUNT_BOOT='rw' # mount boot device: ro, rw, no
BOOTMENU_TIME='5' # waiting time of bootmenu in seconds
# before activating normal boot
TIME_INFO='MEZ-1MESZ,M3.5.0,M10.5.0/3'
# description of local time zone,
# don't touch without reading documentation
KERNEL_VERSION='3.16.62' # kernel version
KERNEL_BOOT_OPTION='' # append option to kernel command line
COMP_TYPE_OPT='xz' # compression algorithm if compression is
# enabled for OPT archive;
# NOTE that some boot types may disallow
# some compression algorithms
IP_CONNTRACK_MAX='' # override maximum limit of connection
# tracking entries
POWERMANAGEMENT='acpi' # select pm interface: none, acpi, apm, apm_rm
# apm_rm switches to real mode before invoking
# apm power off
#------------------------------------------------------------------------------
# Localisation
#------------------------------------------------------------------------------
LOCALE='de' # defines the default language for several
# components, such as httpd
#------------------------------------------------------------------------------
# Console settings (serial console, blank time, beep):
#------------------------------------------------------------------------------
CONSOLE_BLANK_TIME='' # time in minutes (1-60) to blank
# console; '0' = never, '' = system default
BEEP='yes' # enable beep after boot and shutdown
SER_CONSOLE='no' # use serial interface instead of or as
# additional output device and main input
# device
SER_CONSOLE_IF='0' # serial interface to use, 0 for ttyS0 (COM1)
SER_CONSOLE_RATE='9600' # baudrate for serial console
#------------------------------------------------------------------------------
# Debug Settings:
#------------------------------------------------------------------------------
DEBUG_STARTUP='no' # write an execution trace of the boot
#------------------------------------------------------------------------------
# Keyboard layout
#------------------------------------------------------------------------------
KEYBOARD_LOCALE='auto' # auto: use most common keyboard layout for
# the language specified in 'LOCALE'
#OPT_MAKEKBL='no' # set to 'yes' to make a new local keyboard
# layout map on the fli4l-router
#------------------------------------------------------------------------------
# Ethernet card drivers:
#------------------------------------------------------------------------------
#
# please see file base_nic.list in your config-dir or read the documentation
#
#
# If you need a dummy device, use 'dummy' as your NET_DRV
# and IP_NET_%_DEV='dummy<number>' as your device
#
#------------------------------------------------------------------------------
NET_DRV_N='1' # number of ethernet drivers to load, usually 1
NET_DRV_1='ne2k-pci' # 1st driver: name (e.g. NE2000 PCI clone)
NET_DRV_1_OPTION='' # 1st driver: additional option
NET_DRV_2='ne' # 2nd driver: name (e.g. NE2000 ISA clone)
NET_DRV_2_OPTION='io=0x320' # 2nd driver: additional option
#------------------------------------------------------------------------------
# Ether networks used with IP protocol:
#------------------------------------------------------------------------------
IP_NET_N='1' # number of IP ethernet networks, usually 1
IP_NET_1='192.168.6.1/24' # IP address of your n'th ethernet card and
# netmask in CIDR (no. of set bits)
IP_NET_1_DEV='eth0' # required: device name like ethX
#------------------------------------------------------------------------------
# Additional routes, optional
#------------------------------------------------------------------------------
IP_ROUTE_N='0' # number of additional routes
IP_ROUTE_1='192.168.7.0/24 192.168.6.99'
# network/netmaskbits gateway
IP_ROUTE_2='0.0.0.0/0 192.168.6.99'
# example for default-route
#------------------------------------------------------------------------------
# Packet filter configuration
#------------------------------------------------------------------------------
PF_INPUT_POLICY='REJECT' # be nice and use reject as policy
PF_INPUT_ACCEPT_DEF='yes' # use default rule set
PF_INPUT_LOG='no' # don't log at all
PF_INPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst of 5
# events
PF_INPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_INPUT_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_INPUT_N='1' # number of INPUT rules
PF_INPUT_1='IP_NET_1 ACCEPT' # allow all hosts in the local network to
# access the router
PF_INPUT_2='tmpl:samba DROP NOLOG'
# drop (or reject) samba access
PF_INPUT_2_COMMENT='no samba traffic allowed'
# without logging, otherwise the log file will
# be filled with useless entries
PF_FORWARD_POLICY='REJECT' # be nice and use reject as policy
PF_FORWARD_ACCEPT_DEF='yes' # use default rule set
PF_FORWARD_LOG='no' # don't log at all
PF_FORWARD_LOG_LIMIT='3/minute:5'
# log 3 events per minute; allow a burst of 5
# events
PF_FORWARD_REJ_LIMIT='1/second:5'
# reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_FORWARD_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_FORWARD_N='2' # number of FORWARD rules
PF_FORWARD_1='tmpl:samba DROP' # drop samba traffic if it tries to leave the
# subnet
PF_FORWARD_2='IP_NET_1 ACCEPT' # accept everything else
PF_OUTPUT_POLICY='ACCEPT' # default policy for outgoing packets
PF_OUTPUT_ACCEPT_DEF='yes' # use default rule set
PF_OUTPUT_LOG='no' # don't log at all
PF_OUTPUT_LOG_LIMIT='3/minute:5'
# log 3 events per minute; allow a burst of 5
# events
PF_OUTPUT_REJ_LIMIT='1/second:5'
# reject 1 connection per second; allow a burst
# of 5 events; otherwise drop packet
PF_OUTPUT_UDP_REJ_LIMIT='1/second:5'
# reject 1 udp packet per second; allow a burst
# of 5 events; otherwise drop packet
PF_OUTPUT_N='0' # number of OUTPUT rules
PF_POSTROUTING_N='1' # number of POSTROUTING rules
PF_POSTROUTING_1='IP_NET_1 MASQUERADE'
# masquerade traffic leaving the subnet
PF_PREROUTING_N='0' # number of PREROUTING rules
PF_PREROUTING_1='1.2.3.4 dynamic:22 DNAT:@client2'
# forward ssh connections coming from 1.2.3.4
# to client2
PF_PREROUTING_CT_ACCEPT_DEF='yes'
# use default rule set
PF_PREROUTING_CT_N='1' # number of conntrack PREROUTING rules
PF_PREROUTING_CT_1='tmpl:ftp IP_NET_1 HELPER:ftp'
# associate FTP conntrack helper for active FTP
# forwarded from within the LAN
PF_PREROUTING_CT_2='tmpl:ftp any dynamic HELPER:ftp'
# associate FTP conntrack helper for active FTP
# forwarded to the router's external IP
PF_OUTPUT_CT_ACCEPT_DEF='yes' # use default rule set
PF_OUTPUT_CT_N='0' # number of conntrack OUTPUT rules
PF_OUTPUT_CT_1='tmpl:ftp HELPER:ftp'
# associate FTP conntrack helper for outgoing
# active FTP on the router (this rule is added
# automatically by the tools package if
# OPT_FTP='yes' and FTP_PF_ENABLE_ACTIVE='yes')
PF_USR_CHAIN_N='0' # number of user-defined rules
#------------------------------------------------------------------------------
# Domain configuration:
# settings for DNS, DHCP server and HOSTS -> see package DNS_DHCP
#------------------------------------------------------------------------------
DOMAIN_NAME='lan.fli4l' # your domain name
DNS_FORWARDERS='194.8.57.8' # DNS servers of your provider,
# e.g. ns.n-ix.net
# optional configuration for the host-entry of the router in /etc/hosts
#HOSTNAME_IP='IP_NET_1_IPADDR' # IP to bind to HOSTNAME
#HOSTNAME_ALIAS_N='0' # how many ALIAS names for the router
#HOSTNAME_ALIAS_1='router.lan.fli4l'
# first ALIAS name
#HOSTNAME_ALIAS_2='gateway.my.lan'
# secound ALIAS name
#------------------------------------------------------------------------------
# imond configuration:
#------------------------------------------------------------------------------
START_IMOND='no' # start imond: yes or no
IMOND_PORT='5000' # port (tcp), don't open it to the outside
IMOND_PASS='' # imond-password, may be empty
IMOND_ADMIN_PASS='' # imond-admin-password, may be empty
IMOND_LED='' # tty for led: com1 - com4 or empty
IMOND_BEEP='no' # beep if connection is going up/down
IMOND_LOG='no' # log /var/log/imond.log: yes or no
IMOND_LOGDIR='auto' # log-directory, e.g. /var/log or auto for
# saving in auto-detected savedir
IMOND_ENABLE='yes' # accept "enable/disable" command
IMOND_DIAL='yes' # accept "dial/hangup" command
IMOND_ROUTE='yes' # accept "route" command
IMOND_REBOOT='yes' # accept "reboot" command
#------------------------------------------------------------------------------
# Generic circuit configuration:
#------------------------------------------------------------------------------
IP_DYN_ADDR='yes' # use dyn. IP addresses (most providers do)
DIALMODE='auto' # standard dialmode: auto, manual, or off
#------------------------------------------------------------------------------
# optional package: syslogd
#------------------------------------------------------------------------------
#OPT_SYSLOGD='no' # start syslogd: yes or no
#SYSLOGD_RECEIVER='yes' # receive messages from network
SYSLOGD_DEST_N='1' # number of destinations
SYSLOGD_DEST_1='*.* /dev/console'
# n'th prio & destination of syslog msgs
SYSLOGD_DEST_2='*.* @192.168.6.2'
# example: loghost 192.168.6.2
SYSLOGD_DEST_3='kern.info /var/log/dial.log'
# example: log infos to file
SYSLOGD_ROTATE='no' # rotate syslog-files once every day
SYSLOGD_ROTATE_DIR='/data/syslog'
# move rotated files to ....
SYSLOGD_ROTATE_MAX='5' # max number of rotated syslog-files
#------------------------------------------------------------------------------
# Optional package: klogd
#------------------------------------------------------------------------------
#OPT_KLOGD='no' # start klogd: yes or no
#------------------------------------------------------------------------------
# Optional package: logip
#------------------------------------------------------------------------------
#OPT_LOGIP='no' # logip: yes or no
LOGIP_LOGDIR='auto' # log-directory, e.g. /boot or auto-detected
#------------------------------------------------------------------------------
# Optional package: y2k correction
#------------------------------------------------------------------------------
#OPT_Y2K='no' # y2k correction: yes or no
Y2K_DAYS='0' # correct hardware y2k-bug: add x days
#------------------------------------------------------------------------------
# Optional package: PNP
#------------------------------------------------------------------------------
#OPT_PNP='no' # install isapnp tools: yes or no
Ce fichier est enregistré sous le format DOS. Cela signifie, qu'à l'extrémité de chaque ligne, il y a un retour chariot (CR). J'ai décidé d'utiliser ce format car la plupart des éditeurs Unix ne rencontreront aucun problème avec. Le bloc-notes de Windows, ne peut pas manipuler ces fichiers sans CRs !
Si vous avez, des problèmes avec votre éditeur Unix/Linux favori, vous pouvez employer la commande suivante avant d'éditer le fichier au format Unix :
sh unix/dtou config/base.txt
Lors de la création du support de boot, il n'y a aucune importance si le fichier contient ou pas des CRs en fin de lignes. Lorsque le fichier sera écrit sur le support de boot ou sur le disque dur, tout les CRs et tous les commentaires, seront complètement ignorés.
Maintenant nous pouvons commencer ...