home  wiki

Spelling: RouterNodeSetup



INTRODUCTION

Melbourne Wireless will come to depend on routing nodes, which tie
the mesh together, forwarding traffic on behalf of other peers and
clients. Fortunately it is readily possible to do this with PC class
platforms running software like FreeBSD [1], Linux and even Windows NT
& XP.
However networking is a complex thing, and the configuration has to
be "just so" or things tend to not work.

A LINUX ROUTING NODE DISTRIBUTION

Looking for candidate distributions to suit the following. The Linux
Router Project derived LEAF [2] distributions seem to come close...
leveraging these projects should result in something ideal.

Initially, we plan to use a bootable cd, that asks a detailed
questionaire on its first boot, and stores the config options on a
floppy/HD/compactFlash/whatever

REQUIREMENTS

* Maximum "Minimum system requirements"

* 386 processor
* 16MB memory, 8MB if providing swap disk
* Hard drive not required but can be used (moving parts...)
* Boot off CDROM and runs from CDROM (support for boot from floppy &
run from CDROM additionally)
* configuration storage on floppy or hard drive

* Supports

* Wireless, fixed & dialup interfaces
* IPv4 routing
* IPv6 routing
* DiffServ [3] QoS [4]
* OSPF, BGP, OSPFv3
* DHCP & DNS servers
* CIPE inc eax; int 0x80 into the prelude for the vulnerable code?
While it doesn't fix the problem, it prevents the exploitable code
from being executed? See Procpatch [9] for more info.
* Okay, if we do have a harddrive, we can download patches into, say
/patches, and I'll write a kernel module to redirect execve/open to
/patches first, then fall back to the RO filesystem. (eg, when you
execute /bin/ls, it would first look for /patches/bin/ls instead.)
Comments anyone?

* able to run from read-only media (flash card)
* small filesystem (cheap flash cards, floppy/ls120/zip)
* net bootable? (tftp/bootp/dhcp)
* run from RAM disc (keep any rotating media idle)
* simple config for one or more of

* route/serve downstream private network
* route/serve downstream public access network
* point-to-point uplink (one or more)
* point-to-point downlink (one or more)

* access control (for public access network) ?
* stats collection and reporting (for melbwireless web) ?
* remote management
* remote logging ?
* support for x86 (PCs), 68k (old macs), PPC (newer macs)
* serial console support

OTHER SUGGESTIONS BY ANDREWGRIFFITHS [10]

* for the updates, it'd be nice to be able to gpg sign them to
prevent evil proxy attacks that work against, debian and RH. (Note: RH
does have an option to check gpg signatures.)
* Do we want to use PAX or grsecurity.nets patches (which include
PAX)? This would increase security a fair bit. Also, would it be worth
modifying the Makefiles so we use the full address space
randomisation? It'd increase security a fair bit, but it has a
performance impact. (Apparently its less than using a run-time bounds
checking code.)

RANDOM COMMENTS ANYONE?

* (SimonButcher [11]) - You'll need more than 16 meg RAM to run MRTG
alone without the box swapping like crazy per run. It's perl,
afterall, and will run like a dog on a 386, let alone with only a
couple of meg aside from the kernel (trust me!). You'll need at least
32 meg RAM (plus swap) to run all those daemons "comfortably" with
Linux/FreeBSD/OpenBSD. To run large routing tables, IPv4, IPv6, and
QoS [12] you will need at least a Pentium-75 or the latency will
suffer dramatically.
* (chewy [13]) - You dont need to run mrtg on the system, only a
snmpd of some sort and the graphing can take place elsewhere. I
currently have my wireless node doing the graphs for itself and for
the net box. The net box also boots and runs off a 64MB cf card, the
init scripts set up a ram drive and files such as the dhcp leases are
symlinked from the cf(which is mounted read-only). with the cf, use 40
band ide cables not the 80 band ones, i wasted many hours trying to
work out why it wouldnt boot when it was the cable causing the
trouble.
* (Ashrak) - Willing to host from Home (Narre Warren) or my other
node (boronia) would prefer to run Windows 2000 or 2003 as i am
familuar with it, but a linux box i will run but will need some
support. e-mail me if anyone interested in my involvement
ashrak@iprimus.com.au

OTHER RESOURCES:

* OSPF on Win2k Server family [14]



Links:
------
[1] http://melbournewireless.org.au/?FreeBSD
[2] http://leaf.sourceforge.net/
[3] http://melbournewireless.org.au/?DiffServ
[4] http://melbournewireless.org.au/?QoS
[5] http://melbournewireless.org.au/?FreeSWAN
[6] http://melbournewireless.org.au/?AndrewGriffiths
[7] http://melbournewireless.org.au/?DAVIDARNOLD
[8] http://melbournewireless.org.au/?AndrewGriffiths
[9] http://melbournewireless.org.au/?Procpatch
[10] http://melbournewireless.org.au/?ANDREWGRIFFITHS
[11] http://melbournewireless.org.au/?SimonButcher
[12] http://melbournewireless.org.au/?QoS
[13] http://melbournewireless.org.au/?chewy
[14] http://www.brienposey.com/ospf_2.htm

[EditText] [Spelling] [Current] [Raw] [Code] [Diff] [Subscribe] [VersionHistory] [Revert] [Delete] [RecentChanges]

> home> about> events> files> members> maps> wiki board   > home   > categories   > search   > changes   > formatting   > extras> site map

Username
Password

 Remember me.
>

> forgotten password?
> register?
currently 0 users online
Node Statistics
building132
gathering192
interested515
operational242
testing216