Open Source & Linux Lab

It's better when it's simple

User Tools

Site Tools


etc:users:jcmvbkbc:livecd-router

LiveCD Wi-Fi router

Сделано по мотивам старой песни “хочу чтобы работало искаропки”.

Внешний интерфейс – eth0, внутренний – wlan0.

То что помечено FILL IN YOURS – заменить соответствующим образом.

Сборка: sudo livecd-creator –config=livecd-fedora-minimal-cui.ks

Сам ks:

lang en_US.UTF-8
keyboard us
timezone Europe/Moscow --utc
auth --useshadow --enablemd5
#selinux --disabled
#firewall --disabled
part / --size 1024

repo --name=e11 --baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/11/Everything/i386/os/
repo --name=u11 --baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/11/i386/

#%packages --excludedocs --nobase
%packages
glibc
initscripts
chkconfig
system-config-firewall-tui

bash
kernel
passwd
authconfig

rt73usb-firmware
iwl3945-firmware

# cyrillic console
kbd

#X11
#xorg-x11-drivers
#xorg-x11-xinit

#window manager
#metacity

#xterm
#system-config-display

#fonts
#liberation-fonts

#debugging
rpm
yum
strace
vim-minimal
#fedora-logos

#tools
screen
iperf

#networking
iptables
net-tools
dhcp
wireless-tools
tcpdump
wireshark
iw

tree
openssh-clients
openssh-server

%end


%post
cat > /etc/rc.d/init.d/fedora-live << EOF
#!/bin/bash
#
# live: Init script for live image
#
# chkconfig: 345 00 99
# description: Init script for live image.

. /etc/init.d/functions

if ! strstr "\`cat /proc/cmdline\`" liveimg || [ "\$1" != "start" ] || [ -e /.liveimg-configured ] ; then
    exit 0
fi

exists() {
    which \$1 >/dev/null 2>&1 || return
    \$*
}

touch /.liveimg-configured

# mount live image
if [ -b /dev/live ]; then
   mkdir -p /mnt/live
   mount -o ro /dev/live /mnt/live
fi

# read some variables out of /proc/cmdline
for o in \`cat /proc/cmdline\` ; do
    case \$o in
    ks=*)
        ks="\${o#ks=}"
        ;;
    xdriver=*)
        xdriver="--set-driver=\${o#xdriver=}"
        ;;
    esac
done


# if liveinst or textinst is given, start anaconda
if strstr "\`cat /proc/cmdline\`" liveinst ; then
   /usr/sbin/liveinst \$ks
fi
if strstr "\`cat /proc/cmdline\`" textinst ; then
   /usr/sbin/liveinst --text \$ks
fi

# enable swaps unless requested otherwise
swaps=\`blkid -t TYPE=swap -o device\`
if ! strstr "\`cat /proc/cmdline\`" noswap -a [ -n "\$swaps" ] ; then
  for s in \$swaps ; do
    action "Enabling swap partition \$s" swapon \$s
  done
fi

# configure X, allowing user to override xdriver
exists system-config-display --noui --reconfig --set-depth=24 \$xdriver

# turn off firstboot for livecd boots
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot

# don't start yum-updatesd for livecd boots
chkconfig --level 345 yum-updatesd off 2>/dev/null

# don't start cron/at as they tend to spawn things which are
# disk intensive that are painful on a live image
chkconfig --level 345 crond off 2>/dev/null
chkconfig --level 345 atd off 2>/dev/null
chkconfig --level 345 anacron off 2>/dev/null
chkconfig --level 345 readahead_early off 2>/dev/null
chkconfig --level 345 readahead_later off 2>/dev/null

# Stopgap fix for RH #217966; should be fixed in HAL instead
touch /media/.hal-mtab

# workaround clock syncing on shutdown that we don't want (#297421)
sed -i -e 's/hwclock/no-such-hwclock/g' /etc/rc.d/init.d/halt
EOF


cat > /etc/resolv.conf << EOF
nameserver ******** FILL IN YOURS ********
EOF

cat > /etc/sysconfig/network << EOF
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=porky.metropolis
EOF

cat > /etc/sysconfig/network-scripts/ifcfg-eth0 << EOF
DEVICE=eth0
BOOTPROTO=none
IPADDR=******** FILL IN YOURS ********
IPV6INIT=no
NETMASK=******** FILL IN YOURS ********
ONBOOT=yes
GATEWAY=******** FILL IN YOURS ********
MACADDR=******** FILL IN YOURS ********
EOF

cat > /etc/sysconfig/network-scripts/ifcfg-wlan0 << EOF
DEVICE=wlan0
BOOTPROTO=none
IPADDR=192.168.4.1
IPV6INIT=no
NETMASK=255.255.255.0
ONBOOT=yes

ESSID='octofox home'
CHANNEL=2
MODE=Ad-Hoc
TYPE=Wireless
PEERDNS=yes
USERCTL=no
RATE=54Mb
EOF

cat > /etc/sysconfig/network-scripts/keys-wlan0 << EOF
KEY=s:******** FILL IN YOURS ********
EOF

cat > /etc/dhcp/dhcpd.conf << EOF
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#
ddns-update-style interim;
ignore client-updates;

subnet 192.168.4.0 netmask 255.255.255.0 {

# --- default gateway
        option routers                  192.168.4.1;
        option subnet-mask              255.255.255.0;
        option broadcast-address        192.168.4.255;

        option domain-name-servers      ******** FILL IN YOURS ********;

#       option time-offset              -18000; # Eastern Standard Time
#       option ntp-servers              192.168.4.1;

        range dynamic-bootp 192.168.4.128 192.168.4.254;
        default-lease-time 21600;
        max-lease-time 43200;
}
EOF

sed -i /etc/sysctl.conf -e 's/^net\.ipv4\.ip_forward.*$/net.ipv4.ip_forward = 1/'

cat > /etc/sysconfig/iptables << EOF
# Generated by iptables-save v1.3.5 on Tue Jun 12 01:20:54 2007
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [63194978:62962866872]
:block - [0:0]
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -i eth0 -m state --state INVALID,NEW -j DROP
-A INPUT -j block
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -i eth0 -m state --state INVALID,NEW -j DROP
-A FORWARD -j block
-A block -m state --state RELATED,ESTABLISHED -j ACCEPT
-A block -i ! eth0 -m state --state NEW -j ACCEPT
-A block -j DROP
COMMIT
# Completed on Tue Jun 12 01:20:54 2007
# Generated by iptables-save v1.3.5 on Tue Jun 12 01:20:54 2007
*nat
:PREROUTING ACCEPT [5084348:492168658]
:POSTROUTING ACCEPT [47968:9209464]
:OUTPUT ACCEPT [542333:65881197]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Jun 12 01:20:54 2007
EOF

/usr/sbin/useradd porky
mkdir -p ~porky/.ssh
cat > ~porky/.ssh/authorized_keys << EOF
******** FILL IN YOURS ********
EOF
chmod -R go= ~porky/.ssh
chown -R porky:porky ~porky/.ssh

sed -i /etc/shadow -e 's!^porky:.*$!porky:******** FILL IN YOURS ********!'
sed -i /etc/shadow -e 's!^root:.*$!root:******** FILL IN YOURS ********!'

/sbin/chkconfig network on
/sbin/chkconfig dhcpd on
/sbin/chkconfig exim off

/sbin/restorecon /etc/resolv.conf

chmod 755 /etc/rc.d/init.d/fedora-live
/sbin/restorecon /etc/rc.d/init.d/fedora-live
/sbin/chkconfig --add fedora-live

# save a little bit of space at least...
rm -f /boot/initrd*
# make sure there aren't core files lying around
rm -f /core*

%end
etc/users/jcmvbkbc/livecd-router.txt · Last modified: 2016/08/08 20:53 by kel