port-cobalt: Compiling kernel wiht ipnat support

Subject: Compiling kernel wiht ipnat support
To: None <port-cobalt@NetBSD.ORG>
From: Andreas Fuchs <fox@tcnet.ch>
List: port-cobalt
Date: 01/11/2004 14:22:54
This is a multi-part message in MIME format.

------=_NextPart_000_0016_01C3D84E.6757EC90
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

i'm still trying to compile a kernel with ip nat support
what i did so far you can see i the attached file

i recompiled a kernel with the following options 

	options         GATEWAY
	options         IPSEC
	options         IPFILTER_LOG
	pseudo-device   ipfilter
	pseudo-device   pppoe

the kernel is up and running, then i did
	cd /dev
	sh MAKEDEV ipl

i'm stuck now when i try to run ipnat i get the following error message:
	ioctl(SIOCGNATS): Operation not supported by device

what am i missing ? are the settings in MAKEDEV wrong ?

please help

Andreas


------=_NextPart_000_0016_01C3D84E.6757EC90
Content-Type: text/plain;
	name="Qube2 NetBSD install.txt"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
	filename="Qube2 NetBSD install.txt"

HOWTO install NetBSD 1.6.1 on a Cobalt Qube2

I try to write a guide how to get NetBSD running on a Cobalt Qube2
And how to configure the Qube as a gateway to an ADSL moden
I'm not native english speaker so sorry for the "writing style"

10.1.2004 Andreas Fuchs, fox@tcnet.ch
	  	portions from Daniel Ouellet and many others on the
		port-cobalt@NetBSD.ORG mailing list

		speciall thank to Dennis Chernoivanov for the great
		recovery cd image

- Get the rescue-cd image from:
	ftp://ftp.netbsd.org/pub/NetBSD/arch/cobalt/restore-cd/1.6.1

- Burn this iso image to a cd
- Boot a machine which has network connection to your Qube2 with this CD
- follow the instructions and whatch the display on the Qube2

	make shure you have only one dhcp server in your network,
	otherwise the Qube might pick up a wrong ip-address or just not install

- the qube will reboot when finnish and display his ip-address
- telnet to your Qube

- set a root password
	passwd

- if you disable dhclient do not forget to configure an ip-address!
	edit /etc/ifconfig.tlp0
		inet 192.168.1.3 netmask 255.255.255.0

	Above, your network card may be different, but look your dmesg to be =
safe.
	Mine is tlp0 and tlp1

- edit /etc/hosts
	ip-address	hostname	hostname.yourdomain.ch

- add at least one nameserver to /etc/resolv.conf
	search yourdomain.ch
	nameserver a.b.c.d
	nameserver d.e.f.g

- configure /etc/rc.conf to something like
	hostname=3D"qube"
	defaultroute=3D192.168.1.1
	#
	dhclient=3DNO
	nfs_client=3DNO
	paneld=3DYES
	inetd=3DNO
	sshd=3DYES


- either give root access to ssh (change /etc/ssh/sshd_config) or better =
add a second user
	useradd -m nerd
	passwd nerd

- start/stop services
	/etc/rc.d/sshd start
	/etc/rc.d/dhclient stop
	/etc/rc.d/inetd stop

- test your ssh connection NOW, to make shure that you have access to =
the box after reboot

- reboot and have fun


- to get some more software
	setenv PKG_PATH ftp://ftp.netbsd.org/pub/NetBSD/packages/1.6/cobalt/All
	pkg_add -v the_package

  i do
	pkg_add -v bash; usermod -c "" -s /usr/pkg/bin/bash root; =
/usr/pkg/bin/bash
	export =
PKG_PATH=3Dftp://ftp.netbsd.org/pub/NetBSD/packages/1.6/cobalt/All
	pkg_add -v apache

  look at the above directory to see what else is available
  =20

- to get other tools and application install which are not available as =
pkg, install pkgsrc
	setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	setenv CVS_RSH ssh
	cd /usr
	cvs checkout -P pkgsrc
  this will take some time, depending on your internet speed...

  then install
	cd /usr/pkgsrc/pkgtools/pkg_install; make install
	cd /usr/pkgsrc/security/audit-packages; make install
	/usr/pkg/sbin/download-vulnerability-list

	and i install:
	cd /usr/pkgsrc/sysutils/adjustkernel; make install
	echo ACCEPTABLE_LICENSES+=3Dfee-based-commercial-use >> /etc/mk.conf
	cd /usr/pkgsrc/security/openssl; make install=09
	cd /usr/pkgsrc/net/wget; make install	=09

	and some other usefull stuf, for more info
	http://www.netbsd.org/Documentation/software/packages.html#using-pkgsrc


- to later update pkgsrc info run:
	setenv CVSROOT anoncvs@anoncvs.NetBSD.org:/cvsroot
	setenv CVS_RSH ssh
	cd /usr/pkgsrc
	cvs -q update -dP
	/usr/pkg/sbin/download-vulnerability-list


- to compile your own kernel get the src tarball from
	cd /
	wget =
ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-1.6.1/source/sets/syssrc.tgz
	tar -xvzf syssrc.tgz
	cd /sys/arch/cobalt/conf
 =20
  if you have some card in the pci slot run
	adjustkernel -file GENERIC -outfile QUBE2IPF
  otherwise you can just copy
	cp GENERIC QUBE2IPF

  edit QUBE2IPF, i set the following options=20

	lcd0		at mainbus?			if it's not already there

	options         GATEWAY
	options         IPSEC
	options         IPFILTER_LOG
	pseudo-device   ipfilter
	pseudo-device   pppoe

  if you wish you can disable scsi to make the kernel smaller=20
	#options        SCSIVERBOSE
	#ahc*           at pci? dev ? function ?
	#scsibus*       at ahc?
	#sd*            at scsibus? target ? lun ?
	#st*            at scsibus? target ? lun ?


 then run
	wget http://only.mawhrin.net/~cdi/netbsd/cobalt/hd44780.diff.gz
	gzip -d hd44780.diff.gz
	cd /sys
	patch -p1 < /sys/arch/cobalt/conf/hd44780.diff
	cd -=09

  and finally
	config QUBE2IPF

	cd ../compile/QUBE2IPF
	make depend
	make
=09
  if you got no error you have a new kernel! (will it boot? let's try)

	mv /netbsd /netbsd.orig
	cp netbsd /
=09
  here are some more details
	http://www.netbsd.org/Documentation/kernel/#how_to_build_a_kernel
	http://www.netbsd.org/guide/en/chap-kernel.html

- if boot fails, you have to a) start at top or b) connect a serial =
cable to the Qube
  if you can login run:
	mount -u -o rw /
	cp /netbsd.orig /netbsd
	reboot
=09
   if the system does not boot at all try:
   Press the SPACE bar on system init, you'll get a prompt: Cobalt:
	bfd /boot/boot.gz nbsd=3Dwd0a:netbsd.orig	will boot the original kernel


##STUFF BEYOND THIS LINE IS NOT WORKING YET, EVERY HELP WELCOME !
#################################################################

- if ipfilter is enabled in kernel you can use
	/etc/rc.d/ipfilter start
	/etc/rc.d/ipnat start
	/etc/rc.d/ipmon start
   to enable the permanently
	add this to /etc/rc.conf
	ipfilter=3DYES
	ipnat=3DYES
	ipmon=3DYES

  here just a standart configure for nat where ethernet tpl0 (primary) =
is the internal
  and tpl1 (secondary) is the externel network interface and we do a 1 =
to many nat
	map pppoe0 192.168.1.0/24 -> 0/32 portmap tcp/udp 40000:60000
	map pppoe0 192.168.1.0/24 -> 0/32


- changing prompt for bash
	if you are using bash as shell you can add this to /etc/profile

        set -p
        if test "$UID" =3D 0 ; then
            PS1=3D"\h:\w # "
        else
            PS1=3D"\u@\h:\w> "
        fi

- to get apache running i had to
=09
=09


------=_NextPart_000_0016_01C3D84E.6757EC90--