Samsung PC680-ZA Wartungshandbuch

fli4l – flexible internet router for linuxVersion 3.10.1The fli4l-Teamemail: [email protected] 27, 2015

1. Documentation of the base package– Remotely accessible imond server daemon for monitoring and controlling Least CostRouting– Remotely accessible te

4. PackagesDNS_REBINDOK_N='8'DNS_REBINDOK_1_DOMAIN='rfc-ignorant.org'DNS_REBINDOK_2_DOMAIN='spamhaus.org'DNS_REBINDOK_3_

4. PackagesDHCP_RANGE_x_START sets the first IP-Address that can be used.DHCP_RANGE_x_END sets the last assignable IP-Address. Both variables DHCP_RANG

4. PackagesNot allowed DHCP-clientsDHCP_DENY_MAC_N Number of MAC-Addresses of hosts which should be rejeced.DHCP_DENY_MAC_x MAC-Address of the host wh

4. Packages• relay with two interfaces• interface to the clients: eth0, 192.168.6.1• interface to the DHCP-server: eth1, 192.168.7.1• DHCP-server: 192

4. PackagesYADIFA_ALLOW_QUERY_NYADIFA_ALLOW_QUERY_x Sets the IP addresses and nets that are allowed to access YAD-IFA. This setting will be used by YA

4. Packages4.6.1. General Configuration VariablesThe packages all use the same configuration variables, they differ only by the package nameprefixes. As a

4. PackagesPPPOE_USER='111111111111222222#[email protected]'Infos on user ID’s for other providers are found in the FAQ:• http://extern.fli4l

4. PackagesExample (read as one long line):PPPOE_TIMES='Mo-Fr:09-18:0.049:NMo-Fr:18-09:0.044:YSa-Su:00-24:0.039:Y'Important: Times used in *

4. Packages• small mails can be sent but big mails can’t,• ssh works, scp hangs after initial connecting.To work around this problems fli4l manipulates

4. PackagesPPPOE_ETH Name of the ethernet interface’eth0’ first ethernet card’eth1’ second ethernet card... ...Default setting: PPPOE_ETH='eth1&ap

1. Documentation of the base package– Execution of user-defined commands on incoming phone calls (e.g. to perform In-ternet dial-up)– Support for IP al

4. Packagesit is not possible to provide them with the DSL package. It is essential to download thesedrivers before from http://www.fli4l.de/download/

4. PackagesIP_NET_N='1' # Only *one* card with IP-address!IP_NET_1xxx='...' # the usual parametersPPTP_ETH is set to ’eth1’ for th

4. Packages4.6.5. OPT_POESTATUS - PPPoE-Status-Monitor On fli4l-ConsolePPPoE-Status-Monitor for DSL Connections was developed by Thorsten Pohlmann.With

4. PackagesProvider DynDNS.orgDYNDNS_x_PROVIDER DYNDNSHomepage http://dyn.com/Provider DynDNS.org (custom)DYNDNS_x_PROVIDER DYNDNSCHomepage http://dyn

4. PackagesProvider OVH.DEDYNDNS_x_PROVIDER OVHDEHomepage http://www.ovh.de/Provider PHPDYNDYNDNS_x_PROVIDER PHPDYNHomepage http://www.webnmail.de/php

4. Packagescan be guided by the table above to find a host name which fulfills the requirements and meetsthe personal taste.For the configuration you wil

4. PackagesDYNDNS_1_CIRCUIT='1 2 3' # Only ISDN: Circuits 1 to 3orDYNDNS_1_CIRCUIT='pppoe' # Only DSL: pppoe-CircuitorDYNDNS_1_CIR

4. PackagesDYNDNS_LOOKUP_NAMES The IP should only be updated if it really changed. Manyfli4l routers don’t have a permanent data storage like a harddis

4. Packages• xxx will be executed Monday to Friday from 7AM to 8PM Uhr every full hour.EASYCRON_1_COMMAND = 'xxx'EASYCRON_1_TIME = '0 7

4. PackagesHD-Installation In Six Simple Steps1. create a bootable fli4l medium with package BASE and OPT_HDINSTALL. This medium mustbe able to perform

2. Setup and Configuration2.1. Unpacking the archivesUnder Linux:tar xvfz fli4l-3.10.1.tar.gzIf this does not work, try the following:gzip -d < fli4

4. PackagesBOOT_TYPE set according to type of bootmedia for the installationMOUNT_BOOT='rw' necessary to copy new archives (*.img) to the ha

4. Packages4.9.2. OPT_MOUNT - Automatic Mounting Of FilesystemsOPT_MOUNT mounts data partitions created during installation to /data, file system check

4. PackagesEXTMOUNT_x_OPTIONS Specify special options to be passed to the ’mount’ commandhere.Example:EXTMOUNT_1_VOLUMEID='sda2' # deviceEXT

4. PackagesHDDRV_x_OPTION With HDDRV_x_OPTION additional options can be passed that some driversneed for proper operation (for example an IO-address).

4. PackagesHTTPD_LISTENIP The web server usually binds to a so-called wildcard address in orderto be accessed on any router interface. Set the web ser

4. PackagesRange “status” Everything in menu ’Status’.view User can access all menu items.dial User can dial and hang up connections.boot User can reb

4. PackagesOAC_INPUT (optional)Provides protection against circumvention via proxy.OAC_INPUT=’default’ blocks default ports for Privoxy, Squid, Tor, S

4. Packages4.11. HWSUPP - Hardware support4.11.1. DescriptionThis package supplies the support for special hardware components.Supported are:• Tempera

4. Packages4.11.2. Configuration of the HWSUPP packageThe configuration is made, as for all fli4l packages, by adjusting the filepath/fli4l-3.10.1/ config

4. Packages• conservativeThe CPU frequency will be adjusted depending on the current CPU usage. Thefrequency is changed step by step.• powersaveThe CP

2. Setup and Configuration– img/kernel Linux kernel– img/boot*.msg bootscreen texts• Additional packages:– opt/*.txt These ones describe which files wil

4. PackagesHWSUPP_LED_x_PARAM Defines parameters for the selected LED information.Depending on the selection in in HWSUPP_LED_x, in HWSUPP_LED_x_PARAM

4. PackagesHWSUPP_BUTTON_x Defines the action which should be executed on button press.The following actions are supported:• reset - restart the fli4l r

4. Packages4.11.3. Expert settingsThe following settings should only be touched if you know exactly• which hardware you have,• which additional driver

4. PackagesVPN_CARD_TYPE This configuration variable defines the type of the VPN accelerator.The following values are supported:• hifn7751 - Soekris vpn

4. PackagesSuch a reduction is only allowed once to avoid ambiguities. The address 2001:0:0:1:2:0:0:3can thus either be shortened to 2001::1:2:0:0:3 o

4. PackagesImportant: If the subnet is connected to a tunnel (see IPV6_NET_x_TUNNEL below) thenonly the part of the router address is specified here th

4. Packagesaddresses which will not work if the host part is not 64 bits. If the self-configuration failsthe subnet prefix should be checked for incorre

4. PackagesIPV6_TUNNEL_x_TYPE This variable determines the type of the tunnel. Currently, thevalues “raw”, “static”, “sixxs” for dynamic heartbeat-tun

4. PackagesIPV6_TUNNEL_x_REMOTEV4 This variable contains the remote IPv4-address of the tun-nel. Usually this value is given to you by the tunnel prov

4. PackagesIPV6_TUNNEL_x_PASSWORD This variable contains the password for the username above.It can’t contain spaces.Example: IPV6_TUNNEL_1_PASSWORD=&

2. Setup and Configuration2.2.2. Configuration via a special configuration fileDue to the module concept of fli4l, the configuration is distributed across d

4. PackagesPF6_INPUT_POLICY This variable sets the default strategy for all incoming packets forthe router (INPUT-Chain). Possible values are “REJECT”

4. PackagesPF6_INPUT_N This variable contains the number of IPv6-firewall rules for incoming packets(INPUT-Chain). Per default two rules are activated:

4. PackagesPF6_FORWARD_LOG_LIMIT This variable configures the log limit for the FORWARD-chain of the IPv6-firewall to keep it readable. For a detailed d

4. Packagesall packages). For a more detailed description see the documentation of the VariablePF_OUTPUT_POLICY.Default setting: PF6_OUTPUT_POLICY=&ap

4. Packages• All IPv6 address strings (including IP_NET_x etc.) must be enclosed in square brack-ets if followed by a port or a port range.Examples:PF

4. PackagesPF6_PREROUTING_N This variable contains the number of IPv6 firewall rules for forward-ing to a different destination (PREROUTING chain). For

4. Packagesparameter lc-default-route (y/n). fli4l (res. imond) will trigger a connection to the internetprovider and assure that all packets leaving t

4. PackagesTyp Karte Needed parameters6 ELSA PCC/PCF cards io or nothing for autodetect (the iobaseis required only if you have more thanone ELSA card

4. PackagesTyp Karte Needed parametersType-numbers for Capi-drivers:100 Generic CAPI device without ISDNfunctionality,i.e. AVM Fritz!DSL SLno paramete

4. Packages“cat /proc/pci” as “tiger” or similar.To use ISDN types 104 to 114 the matching drivers have to be downloaded from http://www.fli4l.de/down

2. Setup and ConfigurationBefore you try the more advanced installation procedures you should make yourself comfort-able with fli4l by setting up a mini

4. PackagesImportant: If calls should be logged with telmond don’t set this value lower than 2otherwise telmond would lack informations for logging.De

4. PackagesIf fli4l is simply used as an internet gateway only one circuit is needed. Exception: fli4l’sleast-cost features should be used. In this case

4. PackagesISDN_CIRC_x_TYPE ISDN_CIRC_x_TYPE specifies the type of connection x. Possible valuesare:’raw’ RAW-IP’ppp’ Sync-PPPIn most cases PPP is used

4. Packages• ISDN_CIRC_1_BANDWIDTH=’10000 30’This is intended to add a second channel after 30 seconds if 10000 B/s were reachedduring that timespan.

4. PackagesISDN_CIRC_x_FRAMECOMP (EXPERIMENTAL) This parameter is only used ifOPT_ISDN_COMP is set to ’yes’. It handles frame compression.The followin

4. PackagesISDN_CIRC_%_ROUTE_N='2'ISDN_CIRC_%_ROUTE_1='192.168.8.0/24'ISDN_CIRC_%_ROUTE_2='192.168.9.0/24'All nets must

4. Packages• ISDN_CIRC_x_CALLBACK=’out’:In this case ISDN_CIRC_x_CBDELAY is the ringing timespan for the other party untilfli4l waits for callback. ISD

4. PackagesISDN_CIRC_x_CHARGEINT Set charge interval in seconds which will be used for calculat-ing online costs.Most providers charge by minute inter

4. PackagesImportant: timespans specified in ISDN_CIRC_x_TIMES have to cover the whole week.Without that no valid configuration can be generated.If time

4. PackagesTELMOND_MSN_N If certain calls should only be visible on some client PC’s imonc a filtercan be set to achieve that MSNs are only protocolled

2. Setup and Configurationis the smallest, such that running the router with very low memory is possible in the majorityof cases.You can find further in

4. PackagesIn the first case the command sequence “sleep 5; imonc dial” is executed if caller withid 0987654321 calls MSN 1234567. Two commands are exe

4. Packagesthe routers via network as if it was installed locally. This is similar to the package “mtgcapri”.The difference is that only Windows system

4. Packages4.14. OpenVPN - VPN SupportAs of version 2.1.5 package OpenVPN is part of fli4l.Important: For using OpenVPN over the Internet a flatrate or

4. Packagesto be different. Thus it is not possible to connect two nets over a tunnel that both useIP range 192.168.6.0/24.transport net The transport

4. PackagesOPENVPN_x_REMOTE_HOST_N Default: OPENVPN_x_REMOTE_HOST_N=’0’Using dynamic DNS services is not alsways 100% reliable. You may simply use two

4. PackagesOpenVPN needs a keyfile for encrypting an OpenVPN connection. This keyfile can begenerated unter Windows or Linux by OpenVPN itself. Beginner

4. PackagesFigure 4.2.: fli4l config directory with OpenVPN *.secret filesOPENVPN_x_BRIDGE Default: OPENVPN_x_BRIDGE=”Holds the name of the bridge this O

4. Packages• IP address may not be used for any local network device.• IP address may not belong to any network routed by IP_ROUTE_x.• IP address may

4. PackagesOPENVPN_x_ROUTE_N Default: OPENVPN_x_ROUTE_N=”This setting is only valid if OPENVPN_x_TYPE (Page 165) is set to ’tunnel’ for this Open-VPN

4. Packagesan additional DNS server) it will be assumed that a DNS server is listening on the IP of theother end of the tunnel (see OPENVPN_x_REMOTE_V

3. Base configurationSince fli4l 2.0 the distribution is designed to be modular and consists of multiple packageswhich have to be downloaded separately.

4. PackagesThis setting will cause OpenVPN to automatically generate keyfiles on boot of the fli4lrouter. An OpenVPN connection won’t be started then. F

4. PackagesOPENVPN_DEFAULT_PF_FORWARD_POLICY Default: OPENVPN_DEFAULT_PF_FORWARD_POLICY=’REJECT’This setting equals ’PF_FORWARD_POLICY=’ (Page 54) in

4. PackagesThis start an OpenVPN tunnel running in background. Instead of name.conf use thename of your configuration file in directory /etc/openvpn.OPE

4. PackagesOPENVPN_DEFAULT_SHAPER Default: OPENVPN_DEFAULT_SHAPER=”Restricts outgoing bandwidth of the tunnel to the specified value of bytes per secon

4. PackagesOPENVPN_x_COMPRESS Default see: OPENVPN_DEFAULT_COMPRESSSee OPENVPN_DEFAULT_COMPRESS (Page 169). In contradiction to the default setting th

4. PackagesOPENVPN_x_VERBOSE Default see: OPENVPN_DEFAULT_VERBOSESee OPENVPN_DEFAULT_VERBOSE (Page 172). In contradiction to the default setting thiss

4. PackagesOPENVPN_x_PF_FORWARD_LOG Default see: OPENVPN_DEFAULT_PF_FORWARD_LOGSee OPENVPN_DEFAULT_PF_FORWARD_LOG (Page 170). In contradiction to the

4. PackagesOPENVPN_x_MSSFIX Default see: OPENVPN_DEFAULT_MSSFIXSee OPENVPN_DEFAULT_MSSFIX (Page 172). In contradiction to the default setting thissett

4. PackagesFigure 4.3.: Connection OverviewSymbol Descriptionrestart OpenVPN process and try to connect.stop OpenVPN process.reset connection.reset co

4. PackagesFigure 4.4.: Detail view of a connection (Keymanagement)Log: last 20 lines of the connection logfile. If more lines should be displayed ente

3. Base configurationTable 3.1.: Overview of additional packagesArchive to download Packagefli4l-3.10.1 BASE, required!kernel_3_14 Kernel 3.14.z, recom

4. PackagesSupport informations: Shows all informations relevant when problems occur. You maycopy&paste these informations i.e. for a post on the

4. PackagesOPENVPN_DEFAULT_TUN_MTU='1500'OPENVPN_DEFAULT_MSSFIX='1300'OPENVPN_DEFAULT_FRAGMENT='1300'For fli4l versions p

4. PackagesOpenVPN Option Peter MariaOPENVPN_2_NAME ’bridge’ ’bridge’OPENVPN_2_REMOTE_HOST ’10.1.0.1’ ’10.2.0.1’OPENVPN_2_REMOTE_PORT ’10005’ ’10006’O

4. Packagesis edited. Unfortunately the tun/tap driver for Windows is not as flexible as its Unix pendant.Point-to-Point addresses for VPN IP have to b

4. Packagescable nets. DNSMASQ DHCP server’s settings have to be changed to achieve that. Packageadvanced_networking will be needed as well. Settings

4. Packageshttp://wiki.freifunk.net/OpenVPNhttp://w3.linux-magazine.com/issue/24/Charly.pdfhttp://w3.linux-magazine.com/issue/25/WirelessLAN_Intro.pdf

4. PackagesPPP_NETWORK PPP_NETMASK PPP_NETWORK holds the network used and variable PPP_-NETMASK the netmask. These two variables are used by the extra

4. Packages#! /bin/shdev='/dev/ttyS0' # COM1, for COM2: ttyS1speed='38400' # speedoptions='defaultroute crtscts' # optio

4. PackagesPRIVOXY_x_LISTEN Specify IP addresses or symbolic names including portnumber of theinterface here on which Privoxy should listen to clients

4. PackagesPRIVOXY_x_CONFIG This option enables interactive configuration editing for proxy usersusing Privoxy’s web interface. For further details ple

3. Base configuration####-----------------------------------------------------------------------------## Creation: 26.06.2001 fm## Last Update: $Id: ba

4. PackagesTOR_LISTEN_x Specify IP addresses or symbolic names including portnumber of the inter-face here on which Tor should listen to clients. It i

4. Packages4.17.3. OPT_SS5 - Ein Socks4/5 ProxyFor some programs a Socks proxy may be needed. SS5 provides this functionality.http://ss5.sourceforge.n

4. PackagesTRANSPROXY_ALLOW_NTRANSPROXY_ALLOW_x List of nets and/or IP addresses for which the packet filter hasto be opened. It should cover the nets

4. PackagesSoftware:• Package: advanced_networking• Package: dhcp_client (for the use of ID8)The following describes adapting the config files base.txt,

4. PackagesVDSL modem fli4l router IPTV-STB interfaceLAN interfaceFigure 4.6.: fli4l in an IPTV configurationA note for those using only ’normal DSL’, ie

4. PackagesOPT_DHCP_CLIENT='yes'DHCP_CLIENT_TYPE='dhcpcd'DHCP_CLIENT_INTERFACES='IP_NET_3_DEV' # listen on interface eth

4. PackagesIt is important to change the MAC addresses for eth1.7 and eth1.8 to be different from eth1’sone, otherwise - depending on the VDSL net dist

4. PackagesIGMPPROXY_DEBUG By specifying ’yes’ here messages of the IGMP proxy are sent tosyslog.IGMPPROXY_DEBUG2 By specifying ’yes’ here the log lev

4. PackagesIGMPPROXY_WLIST_N With this parameter the number of whitelists for IGMP reportsis determined.IGMPPROXY_WHLIST_NET_x :Using IGMPv3 all addre

4. PackagesHint: Despite to earlier versions of the documentation the rules were restrictedto the nets really needed. If IPTV does not work as exepect

Contents1. Documentation of the base package 91.1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92. Setup

3. Base configurationCONSOLE_BLANK_TIME='' # time in minutes (1-60) to blank# console; '0' = never, '' = system defaultBE

4. PackagesSTUNNEL_x_NAME The name of each tunnel. Must be unique for all configured tunnels.Example: STUNNEL_1_NAME='imond'STUNNEL_x_CLIENT

4. Packagesan IPv6 address using STUNNEL_1_ACCEPT='IPV6_NET_2_IPADDR:443' or vice versa byusing (STUNNEL_1_ACCEPT_IPV4='no' and IP

4. Packagescan only be reached through a dynamic DNS name and the address behind the namechanges frequently, or if an active dialin when starting “stu

4. Packagescertificate. This setting ensures that really only a fixed and known peer may connect(server tunnel) or a connection to only a known peer (cl

4. PackagesSTUNNEL_1_CERT_VERIFY='both'STUNNEL_2_NAME='remote-imond2'STUNNEL_2_CLIENT='yes'STUNNEL_2_ACCEPT='any:50

4. PackagesA modem manages a packet queue where packets are stored that exceed the available band-width. With DSL modems for example these queues are

4. PackagesQOS_INTERNET_DEFAULT_DOWN='0'Example:Two classes have been created and a filter puts all packets for a certain IP address intothe

4. PackagesThree subclasses of our parent class above where QOS_CLASS_x_MINBANDWIDTH- and QOS_-CLASS_x_MAXBANDWIDTH settings look like this:QOS_CLASS_

4. PackagesQOS_CLASS_2_PRIO='1'QOS_CLASS_3_MINBANDWIDTH='40Kibit/s'QOS_CLASS_3_PARENT='1'QOS_CLASS_3_MAXBANDWIDTH='

4. PackagesQOS_FILTER_x_CLASS='25'By QOS_CLASS_x_DIRECTION it is set if a class belongs to up- or downstream. If a filteris set then queueing

3. Base configurationIP_ROUTE_2='0.0.0.0/0 192.168.6.99'# example for default-route#---------------------------------------------------------

4. PackagesQOS_FILTER_x_PORT Ports and port ranges can be set here, separated by spaces andcombined in any manner. If this variable is empty traffic on

4. PackagesThis is extremely important with asymetric connections (up- and downstream band-widths differ) like used in most DSL lines. Those most likel

4. PackagesDSCP* Differentiated Services Code PointDSCP is a marking according to RFC 2474. This process has replaced TOSmarking mostly since 1998.Filt

4. Packageso123F1 F2 F3Figure 4.7.: Example 1OPT_QOS='yes'QOS_INTERNET_DEV_N='1'QOS_INTERNET_DEV_1='ppp0'QOS_INTERNET_BA

4. PackagesQOS_FILTER_1_OPTION=''QOS_FILTER_2_CLASS='2'QOS_FILTER_2_IP_INTERN='192.168.0.3'QOS_FILTER_2_IP_EXTERN='

4. PackagesConfiguration looks like this:2 classes for 2 PCs getting 1/2 interface bandwidth each with 2 classes for a port getting2/3 and the rest get

4. PackagesQOS_FILTER_1_IP_INTERN='192.168.0.2'QOS_FILTER_1_IP_EXTERN=''QOS_FILTER_1_PORT='80'QOS_FILTER_1_PORT_TYPE=&ap

4. PackagesF8o213 4 5 6F1 F2F3 F4 F5 F6F7level 2level 3level 1level 0Figure 4.9.: Example 3is for a second client PC divided in 2/3 http and 1/3 for t

4. PackagesFor upstream class number two should be the default class. The network device eth0 is setto 10Mibit/s.QOS_CLASS_N='2'QOS_CLASS_1_

4. Packages4.19. SSHD - Secure Shell, Secure CopyA secure shell enables you to open an encrypted connection with the fli4l router. By usingsecure copy

3. Base configuration# reject 1 udp packet per second; allow a burst# of 5 events; otherwise drop packetPF_OUTPUT_N='0' # number of OUTPUT ru

4. PackagesFigure 4.10.: Directory structure of fli4l220

4. PackagesIf you created a new host key set SSHD_CREATEHOSTKEYS back to ’no’ to avoid creatinganother host key on every reboot.If you log in to your

4. Packagesssh client. The public part of the key will be needed on the fli4l router and is provided toit by SSHD_PUBLIC_KEY_x or SSHD_PUBLIC_KEYFILE_x

4. PackagesIf dbclient’s known hosts should be saved permanently the file known_hosts from thedirectory /.ssh on the router has to be copied to config/e

4. PackagesOPT_FTP FTP-ClientThe ftp program can connect fli4l to a FTP server to move files between the two of them.FTP_PF_ENABLE_ACTIVE The setting FT

4. PackagesOPT_NTTCP Network checksThe program NTTCP can check network speed. On one side a server is started and onthe other side the client.Start th

4. PackagesOPT_RTMON Installs a tool that will track changes in routing tables. Primary used fordebugging.OPT_SOCAT The program “socat” is more or les

4. PackagesDriver: 'unknown'ISA bridge: Advanced Micro Devices [AMD] CS5536 [Geode companion] ISA (rev 03)Driver: 'unknown'IDE int

4. PackagesOPT_MTOOLS mtools provide some DOS-like commands for simpler handling of DOS media(copying, formatting, a.s.o.).Exact syntax of the command

4. PackagesDial-in data of some german providersProvider APN Username PasswordT-Mobile internet.t-mobile arbitrary arbitraryVodafone web.vodafone.de a

3. Base configurationIMOND_PORT='5000' # port (tcp), don't open it to the outsideIMOND_PASS='' # imond-password, may be emptyI

4. PackagesUMTS_FILTER Default setting: UMTS_FILTER=’yes’fli4l automatically hangs up if no traffic is going over the ppp0 interface in the hanguptimeout

4. PackagesttyUSB0 for usbstickttyS2 for pcmciattyACM0 for usbphoneUMTS_CTRL (optional)Some adapter have more interfaces for modem control. If only on

4. Packages• empeg - USB Empeg Mark I/II• ftdi_sio - USB FTDI Serial Converter• io_edgeport - Edgeport USB Serial• io_ti - Edgeport USB Serial• ipaq -

4. Packages4.22.3. Mounting Of USB DevicesPlugged USB devices will be detected automatically but must be mounted and unmounted ’byhand’. When plugging

4. Packageserrors. Either the computer does not start at all (it even can’t be switched on) or the WLANcard is not found on PCI scan.WLAN cards are ad

4. PackagesWLAN_x_NOESSID Deactivates sending ESSID during beacon frames. Only valid withhostap_* driver and Firmware = 1.6.3 in WLAN_MODE=’master’Thi

4. PackagesXXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XX 128 Bit Hex-Key (X=0-F)XXXX-XXXX-XX 64 Bit Hex-Key (X=0-F)s: 5 characters 64 Bits: 6-13 characters 128 Bit

4. PackagesWLAN_x_WPA_DEBUG In case of problems with WPA set this variable to ’yes’ for thedaemon to provide more verbose output for debugging.WLAN_x_

4. PackagesIf the file is deactivated WPS clients using it can not connect to the Access Point anymore.WPS-Clients connected with deactivated file are n

4. PackagesWLAN_1_WPA_TYPE='2' # WPA 2WLAN_1_WPA_ENCRYPTION='CCMP'WLAN_1_WPA_PSK='your best passphrase choice ever (16-63 cha

3. Base configuration#------------------------------------------------------------------------------# Optional package: PNP#---------------------------

4. Packagesof them.The base device’s name is still wlan0, the next in VAP mode will be wlan0v2 a.s.o. Forbinding to a bridge please use WLAN_x_BRIDGE=

4. Packages• The programs perl and pythonIn the following, characters printed bold represent keyboard input, the -character standsfor the Enter key on

4. PackagesUnder the Buildroot directory ˜/.fbr/fbr-<branch>-<arch>/buildroot the following di-rectories are of interest:Directory Content

4. PackagesVariable DescriptionFBR_ARCH This variable specifies the processor architecture for whichthe FBR (or FBR packages) should be built. If it is

4. Packagesremove all artifacts that have been generated during the last FBR build. You will have toconfirm this action.17This is also useful to free u

4. Packagesa crash a memory dump is generated in /var/log/dumps/core.<PID>. “PID” is the processID of the crashed process. You may analyze the s

4. Packages[New LWP 2241][New LWP 2237][New LWP 2234][New LWP 2253][New LWP 2254][New LWP 2258][New LWP 2260]Failed to read a valid object file image

4. Packages717 rrd_file->pos += count;718 return count; /* mimmic write() semantics */719 #else720 ssize_t _sz = write(rrd_simple_file->fd, buf,

4. Packagesand libraries should be identified that use libm (Library with mathematical functions) usefbr-make links-against libm.so.0 because libm.so.0

4. PackagesReconfiguration Of The uClibc LibraryWith fbr-make uclibc-menuconfig the funcionality of the uClibc library in use may bechanged. On success

3. Base configurationhd Choose this to boot from a hard disk. You will find more information in the Docu-mentation (Page 118) of the HD package.cd Choos

4. Packagesthe changes to the SVN repository will be merged and the problem of lost configuration doesnot occur.) However, your own FBR packages may be

5. Creating the fli4l Archives/Boot mediaIf all configuration is completed, the fli4l archives/boot media may be created as either bootableCompact-Flash,

5. Creating the fli4l Archives/Boot mediaUsage: mkfli4l.sh [options] [config-dir]-c, --clean cleanup the build-directory-b, --build <dir> set bui

5. Creating the fli4l Archives/Boot mediaare using this script at your own risk. The necessary fli4l files will be copied onto the specifiedpartition. At

5. Creating the fli4l Archives/Boot media5.2. Creating the fli4l Archives/Boot media under WindowsUtilize the tool ‘AutoIt3’ (http://www.autoitscript.co

5. Creating the fli4l Archives/Boot mediaconfig-dir sets other config-directory - default is "config"*** Remote-Update options--remoteupdate

5. Creating the fli4l Archives/Boot mediafli4l-x.y.z\config.cdfli4l-x.y.z\config.hdfli4l-x.y.z\config.hd-create5.2.3. Configuration dialog – General Pre

5. Creating the fli4l Archives/Boot mediaUsing the button Current settings in mkfli4l.txt buffer the current settings can bestored in mkfli4l.txt.5.2.4. C

5. Creating the fli4l Archives/Boot media5.2.5. Configuration dialog – Settings for HD pre-installFigure 5.3.: Settings for HD pre-installIn this dialog

5. Creating the fli4l Archives/Boot media5.3. Control file mkfli4l.txtSince fli4l-Version 2.1.9 the control file config /mkfli4l.txt exists. This file can e

3. Base configurationThis variable controls how LONG the syslinux boot loader should wait until the defaultinstallation is booted automatically.The OPT

5. Creating the fli4l Archives/Boot mediaREMOTEREMOUNT Default: REMOTEREMOUNT=’no’Possible values are ’yes’ or ’no’. If ’yes’ is set, a boot device &qu

6. Connecting PCs in the LANFor every host in the LAN you will have to set up:1. IP address (see IP address)2. Name of the host plus desired domain na

6. Connecting PCs in the LANPropertiesExtended. . .DNSAdd DNS-SuffixType “lan.fli4l” (or the domain set up – without “”!) Click OK.6.2.2. NT 4.0StartSett

6. Connecting PCs in the LANInternetprotocol (TCP/IP)PropertiesAdvanced. . .DNSDNS-Suffix for this connectionSpecify “lan.fli4l” (resp. the domain you us

6. Connecting PCs in the LANhere (the Ethernet interface’s one) – for example 192.168.6.4, depending on the IP addressthat has been specified in the fil

7. Client/Server interface imond7.1. imon-Server imondimond is a network-capable server program that responds to certain queries or accepts com-mands

7. Client/Server interface imondAdmin commandsaddlink ci-index Add channel to the circuit (channel bundling)adjust-time seconds Increments the date on

7. Client/Server interface imondUser commandschannels Shows the number of available ISDN channelscharge #channel-id Shows the online fee for a specific

7. Client/Server interface imondUsing the imond command “timetable” you can have a look at it.Here an example:Supposing 3 circuits are defined:CIRCUIT_

7. Client/Server interface imond4 AOL yes ippp1 0.0190 1805 AOL no ippp1 0.0490 1806 AOL no ippp1 0.0190 1807 AOL no ippp1 0.0490 1808 Firma no isdn2

3. Base configurationCOMP_TYPE_ROOTFS Default setting: COMP_TYPE_ROOTFS=’xz’This variable selects the compression method to be used for the RootFS arch

7. Client/Server interface imondGot everything?Using the command “route”, the LC routing can be enabled or disabled. If a positive circuitindex is spe

7. Client/Server interface imondLight Green : Online and traffic on the channelDark Green : Online and (nearly) no traffic on the channelimonc shows a beh

7. Client/Server interface imondthe commands there another one exists: timesync. If used imonc will synchronize theclock of the client with the router

7. Client/Server interface imondeach available channel which is online at the moment). This is of interest in case that severaldifferent connections ex

7. Client/Server interface imond– Start with Windows: Specify here if the client should start automatically withsystem start. Provide necessary start-

7. Client/Server interface imond– Logfile: The file name you can specify here is used to save the call list locally onthe computer. This menu item is on

7. Client/Server interface imondAs of version 1.5.2: on the page Names it is also possible to synchronize the local phonebook with the router’s one (s

7. Client/Server interface imond∗ Start E-Mail-Client: Should the E-Mail-Client bes tarted automatically if newE-Mails were found?∗ E-Mail-Client: Spe

7. Client/Server interface imond– Colors: Define the main colors for the Traffic Information window. It should betaken into account that the DSL channel

7. Client/Server interface imondIn the call overview you may right click on the number or MSN to copy it to the phone bookand assign a name to it ther

3. Base configurationTable 3.2.: Automtically generated maximum number of simultaneous connectionsRAM in MiB simultaneous connections16 102424 128032 2

7. Client/Server interface imond7.2.8. E-Mail PageThis page is shown only if at least one POP3-E-Mail-account is configured and activated inthe config d

7. Client/Server interface imond7.2.10. Error, Syslog and Firewall PagesThose pages are only visible if entries are present in the respective logs and

7. Client/Server interface imond• Default-Route-Circuits• ISDN channelsStatus : Calling/Online/OfflineName : Phone number of the peer or the circuit-nam

7. Client/Server interface imond9 – remove channel Removes the second ISDN channel. See also “add channel”.Apart from that, the same annotations as fo

8. Documentation for Developers8.1. Common RulesIn order to include a new package in the OPT database on the fli4l homepage some rules mustbe obeyed. P

8. Documentation for Developers8.3. Module ConceptAs of version 2.0 fli4l is split into modules (packages), i.e.• fli4l-3.10.1 — The Base Package• dns-d

8. Documentation for DevelopersTable 8.1.: Parameters for mkfli4lOption Meaning-c, - -config Declaration of the directory mkfli4l will scan for package

8. Documentation for Developers8.3.3. Configuration of PackagesThe user’s changes to the package’s configuration are made in the file config/<PACKAGE&

8. Documentation for Developers1. The first column contains the name of a variable which triggers inclusion of the filereferenced in the third column de

8. Documentation for DevelopersTable 8.2.: Options for FilesOption Meaning Default Valuetype= Type of the Entry:local Filesystem Objectfile Filedir Dir

3. Base configuration3.3. Console settingsCONSOLE_BLANK_TIME Defaut Setting: CONSOLE_BLANK_TIME=”Typically, the Linux kernel activates the console’s sc

8. Documentation for Developers• copy file if PCMCIA_PCIC='i82365', set uid/gid to root and the rights to 644 (rw-r--r--)pcmcia_pcic i82365 f

8. Documentation for DevelopersFiles adapted by ConfigurationIn some situations it is desired to replace original files with configuration-specific files f

8. Documentation for DevelopersIf a variable does not depend on any OPT variables, it is considered active. If it isdepending on an OPT variable, it i

8. Documentation for DevelopersRE:yes|no.This is useful if a test is performed only once and is relatively easy. For more details seethe next chapter.

8. Documentation for Developersbe referenced in the file check/<PACKAGE>.txt. check/base.exp for example at themoment contains definitions for the

8. Documentation for DevelopersExpansion of Existing Regular ExpressionsIf an optional package adds an additional value for a variable which will be e

8. Documentation for DevelopersExtending Regular Expressions Depending on other VariablesAlternatively, you may also use arbitrary values of variables

8. Documentation for Developers• an empty pair of brackets stands for an “empty” expression• an expression in square brackets “[ ]” (see below)• a dot

8. Documentation for DevelopersIPADDR: Let’s have a look at an example with an IP4-address. An ipv4 address consists offour “Octets”, divided by dots

8. Documentation for Developers./i586-linux-regexp -c ../check IPADDR 192.168.0.256using predefined regular expression from base.expadding IPADDR=&apo

Contents4. Packages 734.1. Tools In The Package ’Base’ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734.1.1. OPT_SYSLOGD – Logging system

3. Base configuration3.4. Hints To Identify Problems And Errorsfli4l logs all output produced while booting into the file (/var/tmp/boot.log). After the

8. Documentation for DevelopersData TypesConcerning data types please note that variables, based on the associated regular expressionare permanently a

8. Documentation for DevelopersThen the character strings are rewritten as follows, if variable substitution is active in thiscontext:"My router

8. Documentation for DevelopersDefinition of a Service with an associated Version Number: providesFor instance, an OPT may declare that it provides a P

8. Documentation for DevelopersCommunication with the User: warning, error, fatal_errorUsing these three functions users may be warned, signalized an

8. Documentation for Developersset s="a"set v1="$s" # v1="a"set s="b"set v2="$s" # v2="b"i

8. Documentation for Developersthe following output is printed:Warning: Rule 1/1: ACCEPTWarning: Rule 1/2: REJECTWarning: Rule 2/1: DROPAlternatively,

8. Documentation for DevelopersThe example checks whether a file exists in the current configuration directory.If OPENVPN_1_SECRET='test' is s

8. Documentation for DevelopersThe RegEx has (only) matched with “/bin/” (only this part of the line is contained in thevariable FGREP_MATCH_1). The fi

8. Documentation for DevelopersIf the elements generated by such a split should be in a numeric context (e.g. as indices) thishas to be specified when

8. Documentation for Developersif (opt_sshd)thenforeach pkf in sshd_public_keyfile_%dostat("$config_dir/etc/ssh/$pkf", publickeyfile)if(publ

3. Base configurationThe device denotes the terminal used for program input/output. Possible devices are termi-nals tty1-tty4 or serial terminals ttyS0

8. Documentation for Developersassociated with this array. The control variable takes the values of the respective arrayvariables. It should be noted

8. Documentation for DevelopersExpressionsExpressions link values and operators to a new value. Such a value can be an normal variable,an array elemen

8. Documentation for DevelopersMatch-OperatorWith the match operator =~ you can check whether a regular expression matches the value of avariable. Fur

8. Documentation for Developers• the variable is active (if it depends on an OPT it has to be set to “yes”),• the variable was referenced in an opt/&l

8. Documentation for Developers8.3.8. Support for Different Kernel Version LinesDifferent kernel version lines often differ in some details:• changed dri

8. Documentation for DevelopersThe entire text documentation may not contain any tabs and has to have a line feed no laterthan after 79 characters. Th

8. Documentation for DevelopersLATEX-BasicsLATEX is, just like HTML, “Tag-based” , only that the tags are called “commands” and havethis format: \comm

8. Documentation for Developers8.3.14. More FilesAll files, which will be copied to the router have to be stored under opt/etc/ and opt/files/.Be under

8. Documentation for Developers#--------------------------------------------------------------------# /etc/rc.d/rc500.dummy - start my cool dummy serv

8. Documentation for Developersthe first argument of the begin_script-call (Page 319)). If no suitable medium should exist(which may well be), /var/lib

3. Base configuration• Copy the keyboard layout map you have just created to your fli4l directory underopt/etc/ locale .map. If you now set KEYBOARD_LOC

8. Documentation for DevelopersLOG_BOOT_SEQ Setting this variable to “yes” will cause bootlogd to log all console outputduring boot to the file /var/tm

8. Documentation for Developers8.5. Using The Packet Filter8.5.1. Adding Own Chains And RulesA set of routines is provided to manipulate the packet fil

8. Documentation for Developersreject: This variable contains the chain to which is branched when a packet is rejected.After callingget_count <chai

8. Documentation for Developers# extension is availablefoo_p=yes# the actual extension, adding matches to match_optdo_foo(){param=$1get_negation $para

8. Documentation for Developershttpd-menu.sh add [-p <priority>] <link> <name> [section] [realm]Thus, an entry with the name <nam

8. Documentation for Developers8.6.4. Construction of a CGI scriptThe headersAll web server scripts are simple shell scripts (interpreter as e.g. Perl

8. Documentation for DevelopersThe Function show_html_headerThe show_html_header function expects a string as a parameter. This string represents thet

8. Documentation for DevelopersThe Function show_tab_headerFor good looking content of your generated webpage generated by the CGI you may use thecgi-

8. Documentation for DevelopersMulti-Language CapabilitiesThe helper script cgi-helper furthermore contains functions to create multi-langual CGIscrip

8. Documentation for DevelopersThe Function show_warnThis funtion displays a warning message in a yellow box. It expects two parameters: a titleand a

3. Base configurationNo space is allowed before or after the comma!This does not work with all network adapter drivers. Some of them need to be loadedt

8. Documentation for Developers8.6.5. MiscellaneousThis and that (yes, also important!):• mini_httpd does not protect subdirectories with a password.

8. Documentation for Developers8.7.2. Start And Stop ScriptsScripts intended to be executed on system boot are located in the directories opt/etc/boot

8. Documentation for DevelopersNumber Task000-099 Base system (hardware, time zone, file system)100-199 Kernel modules (drivers)200-299 External connec

8. Documentation for Developersassignments should be used. A path under /var/run/ makes sense for transient data,while for persistent data it is advis

8. Documentation for DevelopersImportant: The module has to exist exactly by this name, no aliases may be used. Whenusing an alias do_modprobe will be

8. Documentation for DevelopersMiscellaneousmk_writable <File>: Ensures that the given file is writable. If the file is located on a volumemounted

8. Documentation for DevelopersImportant: Since no separate process is created for these scripts, they may not invoke“exit” as well!Hint: If a script

8. Documentation for Developers• configuration variables are stored for later use(opt/etc/rc.d/rc999.template)• stored configuration variables are proce

8. Documentation for Developers2. DNS configuration• etc/resolv.conf• etc/dnsmasq.conf• etc/dnsmasq_dhcp.conf• etc/resolv.dnsmasq3. Hosts-File• etc/hos

8. Documentation for Developersexpand-hostsfilterwin2kconf-file=/etc/dnsmasq_dhcp.conf8.10.3. Hosts FileThis file contains a mapping of host names to I

3. Base configurationNET_DRV_1='wd'NET_DRV_1_OPTION='io=0x270'NET_DRV_2='ne2k'NET_DRV_2_OPTION='io=0x240'You ca

A. Appendix to basepackageA.1. Null Modem CableFor using the otional package PPP (Page 185) a null modem cable is needed.It needs at least three wires

A. Appendix to basepackageAs a cable to the terminal or PC with terminal emulation a Null Modem Cable (Page 340)is used. Using a standard null modem c

A. Appendix to basepackagecat /proc/interruptsshows the interrupts used by the drivers – not those used by the hardware!More interesting files under /p

A. Appendix to basepackageA.9. CreditsIn this part of the documentation all people are honored that contribute or have contributedto the development o

A. Appendix to basepackageWeiler, Marcel (Qualitätsmanagement)email: -The fli4l-Test- and Translation-team consists of (in alphabetical order):Bußmann,

A. Appendix to basepackageA.9.3. Developer- and Testteam (inactive)Arndt, Kai-Christian (USB)Behrends, Arno (Support)Bork, Thomas (lpdsrv)Bauer, Jürge

A. Appendix to basepackageBebensee, NorbertBecker, HeikoBehrends, ArnoBöhm, StefanBrederlow, RalfGroot, Vincent deHahn, OlafHogrefe, PaulHolpert, Chri

A. Appendix to basepackageA.10. FeedbackCritics, feedback and cooperation are always welcome.The primary point of contact are the fli4l-Newsgroups. Tho

B. Appendixes to optional packagesB.1. CHRONY - Inform other applications about timewarpsIf chrony notes that the clock is significantly away from the

B. Appendixes to optional packages## Expression: outbound and not icmp[0] != 8 and not tcp[13] & 4 != 0#(000) ldb [0](001) jeq #0x0 jt 17 jf 2(002

3. Base configurationKernel Bus NET_DRV_x Adapter family3.14v n vnx x x x pci cassini Sun Cassini(+) ethernetx x x x usb catc CATC EL1210A NetMate USBE

B. Appendixes to optional packagesThese variables can be put in curly brackets to be cleary distinguishable from normal text,$ip i.e. becomes ${ip}. I

B. Appendixes to optional packagescheck/dyndns.expIn this file the provider name has to be added at the end of the long line starting withDYNPROVIDER =

B. Appendixes to optional packagesparameter custom is optional. By using it you can set environment variables needed for thecommand used. If more than

B. Appendixes to optional packages• wrong disk is configured for the installation• Controller is not supported by fli4l. Some controllers may need speci

B. Appendixes to optional packagesB.6. HTTPDB.6.1. Additional SettingsThese variables are not present in the configuration and thus have to be added to

B. Appendixes to optional packagesgeneric-pcPC keyboard LEDs:• keyboard::scroll• keyboard::caps• keyboard::numgeneric-acpiPC keyboard LEDs, like gener

B. Appendixes to optional packagespcengines-apu• gpio::252pcengines-wrap• gpio::40soekris-net5501• gpio::25The button is named ’Reset’ on the soekris

B. Appendixes to optional packagesHWSUPP_LED_2='wlan'HWSUPP_LED_2_DEVICE='apu::2'HWSUPP_LED_2_WLAN='wlan0'HWSUPP_LED_3=&

B. Appendixes to optional packages1. ...2. ...3. ...4. ...The first sequence is displayed while processing rc002.* to rc250.*(1 * blink - pause),for rc

B. Appendixes to optional packagesmust be entered in HWSUPP_LED_\${i}_PARAM"fifidonefiLED DisplayThe command /usr/bin/hwsupp_setled <LED> &

3. Base configurationKernel Bus NET_DRV_x Adapter family3.14v n vnx x x x pci igb Intel(R) Gigabit Ethernet Networkx x x x pci igbvf Intel(R) Gigabit V

B. Appendixes to optional packagesParameter checkThe parameters which can be entered in HWSUPP_BUTTON_x_PARAM will be checked usingcheck/myopt.ext .Ex

B. Appendixes to optional packagesB.11.2. Tunnel ConfigurationPreparationAt first you have to apply for the tunnel. This happens after registration via

B. Appendixes to optional packagesIn addition the username and password have to be specified in the tunnel configuration invariables IPV6_TUNNEL_1_USERI

B. Appendixes to optional packagesestablished fully by SixXS yet. In the second case you should wait for some time because theconfiguration on the PoPs

B. Appendixes to optional packagesLong story short: The subnet must be made smaller. It has to become a /64 subnet forauto-configuration to work proper

B. Appendixes to optional packagesThe last two settings are not absolutely necessary for a working IPv6 subnet but are veryhelpful. They serve to spre

B. Appendixes to optional packagesThis allows to notice that a packet first reaches fli4l (first line), then the other end of thetunnel (second row) and

B. Appendixes to optional packages• remote IP will be set to 0.0.0.0 if nothing else is specified. Hence the routes configuredby the kernel while initia

B. Appendixes to optional packagesB.12.2. Error Messages Of The ISDN-Subsystem (i4l-Documentation)Following is an excerpt from the Isdn4Linux Document

B. Appendixes to optional packages39 Bearer capability not authorised.3A Bearer capability not presently available.3F Service or option not available,

3. Base configurationKernel Bus NET_DRV_x Adapter family3.14v n vnx x x x usb r8152 Realtek RTL8152/RTL8153 BasedUSB Ethernet Adaptersx x x x pci r8169

B. Appendixes to optional packagesGT MAX HSUPA GX0301 yes PCMCIA, USBfor the four Cardbus-adapters set PCMCIA_PCIC='yenta_socket'Icon 225 (G

B. Appendixes to optional packagesyou can activate the modem interface via the command:chat -e -t 1 '' "AT_OIFC=3,1,1,0" OK >/d

B. Appendixes to optional packagesPF_OUTPUT_N (Page 56) INPUT_ACCEPT_PORT_NPF_OUTPUT_POLICY (Page 55) INPUT_ACCEPT_PORT_xPF_OUTPUT_REJ_LIMIT (Page 56)

B. Appendixes to optional packagesYADIFA_USE_DNSMASQ_ZONE_DELEGATION(Page ??)Package DSLNew variables Obsolete variablesFRITZDSL_FILTER_EXPR (Page 107

B. Appendixes to optional packagesNew variables Obsolete variablesIPV6_NET_x_ADVERTISE_PREF_LIFETIME(Page ??)IPV6_NET_x_ADVERTISE_VALID_LIFETIME(Page

B. Appendixes to optional packagesPackage PCMCIANew variables Obsolete variablesPCMCIA_CARDMGR_OPTSPCMCIA_CORE_OPTSPCMCIA_PCIC_EXTERNPackage PROXYNew

B. Appendixes to optional packagesPackage TOOLSNew variables Obsolete variablesFTP_PF_ENABLE_ACTIVE (Page 224) OPT_ARPOPT_ATH_INFO (Page 227) OPT_BCRE

List of Figures3.1. Packet Filter Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433.2. Directory Structure fli4l . . . . .

List of Tables3.1. Overview of additional packages . . . . . . . . . . . . . . . . . . . . . . . . . . 183.2. Automtically generated maximum number of

Indexbase.txt, 18BCRELAY_N, 78BCRELAY_x_IF_N, 78BCRELAY_x_IF_x, 78BEEP, 29BONDING_DEV_N, 79BONDING_DEV_x_ARP_INTERVAL,82BONDING_DEV_x_ARP_IP_-TARGET_N

3. Base configurationKernel Bus NET_DRV_x Adapter family3.14v n vnx x x x pci vxge Neterion’s X3100 Series 10GbEPCIe I/OVirtualized ServerAdapterx x x

IndexDHCP_CLIENT_x_ROUTE, 92DHCP_CLIENT_x_STARTDELAY, 93DHCP_CLIENT_x_USEPEERDNS, 93DHCP_CLIENT_x_WAIT, 93DHCP_DENY_MAC_N, 102DHCP_DENY_MAC_x, 102DHCP

IndexDNS_ZONE_DELEGATION_x_-NETWORK, 98DNS_ZONE_DELEGATION_x_-UPSTREAM_SERVER_x, 98DNS_ZONE_DELEGATION_x_-UPSTREAM_SERVER_x_IP,98DNS_ZONE_DELEGATION_x

IndexHOST_x_PXE_FILENAME, 102HOST_x_PXE_OPTIONS, 102HOST_x_PXE_SERVERIP, 102HOST_x_PXE_SERVERNAME, 102HOSTNAME, 24HOSTNAME_ALIAS_N, 69HOSTNAME_ALIAS_x

IndexIPV6_TUNNEL_x_MTU, 138IPV6_TUNNEL_x_PASSWORD, 138IPV6_TUNNEL_x_PREFIX, 137IPV6_TUNNEL_x_REMOTEV4, 137IPV6_TUNNEL_x_REMOTEV6, 138IPV6_TUNNEL_x_TIM

IndexOPENVPN_DEFAULT_FRAGMENT,172OPENVPN_DEFAULT_KEYSIZE, 170OPENVPN_DEFAULT_LINK_MTU,172OPENVPN_DEFAULT_-MANAGEMENT_LOG_-CACHE, 172OPENVPN_DEFAULT_MS

IndexOPENVPN_x_PF_PREROUTING_x,176OPENVPN_x_PING, 174OPENVPN_x_PING_RESTART, 174OPENVPN_x_PROTOCOL, 174OPENVPN_x_REMOTE_HOST, 163OPENVPN_x_REMOTE_HOST

IndexOPT_SERIAL, 376OPT_SFTPSERVER, 223OPT_SHRED, 228OPT_SIPPROXY, 192OPT_SOCAT, 226OPT_SS5, 191OPT_SSH_CLIENT, 222OPT_SSHD, 219OPT_STRACE, 228OPT_STU

IndexPF_FORWARD_N, 55PF_FORWARD_POLICY, 54PF_FORWARD_REJ_LIMIT, 55PF_FORWARD_UDP_REJ_LIMIT, 55PF_FORWARD_x, 55PF_FORWARD_x_COMMENT, 55PF_INPUT_ACCEPT_

IndexPPTP_FILTER, 107PPTP_FILTER_EXPR, 107PPTP_HUP_TIMEOUT, 106PPTP_MODEM_TYPE, 111PPTP_NAME, 105PPTP_PASS, 105PPTP_TIMES, 106PPTP_USEPEERDNS, 105PPTP

IndexSYSLOGD_DEST_x, 73SYSLOGD_RECEIVER, 73SYSLOGD_ROTATE, 74SYSLOGD_ROTATE_AT_-SHUTDOWN, 75SYSLOGD_ROTATE_DIR, 74SYSLOGD_ROTATE_MAX, 75TELMOND_CAPI_C

3. Base configurationKernel Bus NET_DRV_x Adapter family3.14 3.16v n vn v n vnx x x x usb mwifiex_usb Marvell WiFi-Ex USB Driver version1.0x x x x pci m

IndexWLAN_x_ENC_x, 235WLAN_x_ESSID, 234WLAN_x_MAC, 234WLAN_x_MAC_OVERRIDE, 234WLAN_x_MODE, 234WLAN_x_NOESSID, 234WLAN_x_PSKFILE, 237WLAN_x_RATE, 235WL

Contents4.9.5. OPT_RECOVER – Emergency Option . . . . . . . . . . . . . . . . . . 1224.9.6. OPT_HDDRV - Additional Drivers For Harddisk Controllers .

3. Base configurationyou want the router to receive its IP address dynamically via a DHCP-client it is possibleto set this variable to ’dhcp’.The follo

3. Base configurationIP_NET_x_MAC Default Setting: IP_NET_1_MAC=”Optional: MAC address of the network adapter.With this variable you are able to change

3. Base configurationIn this case, network is the network address, /netmaskbits the net mask using theCIDR (Page 40) notation and gateway the address o

3. Base configurationFigure 3.1.: Packet Filter Structure43

3. Base configuration• source (source address, source port or both)• destination (destination address, destination port or both)• protocol• interface o

3. Base configurationAction chain(s) MeaningDNAT PREROUTING Replace destination address and destinationport of the packet by the address specified as ap

3. Base configurationExpression Meaningport[-port] a port resp. a port rangeIP_NET_x_IPADDR the IP address of the x router’s interfaceIP_NET_x the x ro

3. Base configurationInterface ConstraintsA rule can be restricted concerning the Interface on which a packet was received resp. will betransmitted. Th

3. Base configurationState MeaningINVALID The packet does not belong to a know connection.ESTABLISHED The packet belongs to a connection, where packets

3. Base configurationFor which services rules are predefined (e.g. templates exist) can be seen in the templatefile at opt/etc/fwrules.tmpl/templates. A

Contents4.18.2. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2124.19. SSHD - Secure Shell, Secure Copy . . . . . . .

3. Base configurationTemplate Protocol Port(s)proxmox tcp 5900proxmox tcp 3128rdp tcp 3389rsync tcp 873samba tcp 139samba tcp 445samba udp 137-138sip t

3. Base configurationInstead of using an IP address we use an entry from the HOST_%_NAME-array. dynamic tells thefli4l to forward all ports from the int

3. Base configurationprot:tcp 22prot:tcp 2553prot:udp 137-138prot:tcp 139prot:tcp 445Every time you use the template vpn_friends rules will be created

3. Base configurationPF_INPUT_ACCEPT_DEF If this variable is set to ‘yes’ default rules will be generatedneeded for the correct function of the router.

3. Base configurationPF_INPUT_ICMP_ECHO_REQ_LIMIT Defines how often fli4l should react to a ICMP-Echo-request.The frequency is described as n/time units

3. Base configurationPF_FORWARD_LOG Defines if rejected packets should be logged by the kernel. Log outputcan be directed to the syslog deamon by activa

3. Base configurationPF_OUTPUT_LOG Defines if rejected packets should be logged by the kernel. Log outputcan be directed to the syslog deamon by activat

3. Base configurationThe NAT-Chains (Network Address Translation)Packets still can be changed after the routing decision. For example they may get a ne

3. Base configurationREDIRECT behaves like DNAT, with the exception that the target-IP-address is always set to127.0.0.1 thus delivering the packet loc

3. Base configurationPF_FORWARD_POLICY='REJECT'PF_FORWARD_ACCEPT_DEF='yes'PF_FORWARD_LOG='no'PF_FORWARD_N='2'PF

Contents6. Connecting PCs in the LAN 2616.1. IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2616.2. Host and

3. Base configurationPF_FORWARD_POLICY='REJECT'PF_FORWARD_ACCEPT_DEF='yes'PF_FORWARD_LOG='no'PF_FORWARD_N='2'PF

3. Base configurationBlacklists, WhitelistsBlacklists (a machine in this list is forbidden to do something) and Whitelists (a machine inthis list is al

3. Base configurationPF_FORWARD_POLICY='REJECT'PF_FORWARD_ACCEPT_DEF='yes'PF_FORWARD_LOG='no'PF_FORWARD_N='2'PF

3. Base configurationPF_POSTROUTING_N='3'PF_POSTROUTING_1'IP_NET_1 IP_NET_2 ACCEPT BIDIRECTIONAL'PF_POSTROUTING_2='IP_NET_1 MA

3. Base configurationPort ForwardingPort forwarding can be accomplished with the PREROUTING-rules like this (TARGET refers to theoriginal target addres

3. Base configurationPF_POSTROUTING_x='any @proxy:3128 SNAT:IP_NET_1_IPADDR'# change all packets to port 3128 in a way as if they came from#

3. Base configurationYou may continue here forever. . .3.10.7. DMZ – Demilitarized Zonefli4l may also serve to build a DMZ. As this is only another addi

3. Base configurationBy this rule it is expressed that all FTP connections coming from the DSL interface (pppoe)are associated to the conntrack helper.

3. Base configurationPF_PREROUTING_CT_N PF_PREROUTING_CT_x PF_PREROUTING_CT_x_COMMENTList of rules that describe which incoming packets are associated

3. Base configurationare set to ‘yes’, you need to fill this variable with a valid DNS server address as otherwiseno DNS resolution will be possible dir

Contents8.3.13. Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3168.3.14. More Files . . . . . . . . . . . . . . . . .

3. Base configurationcontrol whether providing the user password is sufficient to execute the control commandslike Dial, Hangup, Reboot, or Changing the

3. Base configurationTable 3.10.: Structure of Imond log filesEntry MeaningCircuit the name of the circuit for which the entry has been createdStart tim

3. Base configurationDIALMODE fli4l’s default dial mode is ‘auto’, i.e. fli4l dials automatically if an IP packet hasto be routed to an IP address outsid

4. PackagesBesides the BASE installation there are also packages. Each package contains one or more“OPTs”1which can be installed in addition to the ba

4. PackagesIf you have a so-called “log host” in your network you can redirect the Syslog messagesto that host if you supply its IP address.Beispiel:S

4. PackagesSYSLOGD_ROTATE_DIR The optional variable SYSLOGD_ROTATE_DIR lets you specify thedirectory where the archived Syslog files should be stored.

4. PackagesY2K_DAYS – add N days to the system dateBecause the BIOS date differs from the actual one by exactly 2191 days, the settingY2K_DAYS='21

4. Packages1) – Here, you can choose the I/O „BASE“ address. This address must lie between theminimum and maximum address and conform to the „base ali

4. PackagesVery unusual problems can appear especially using EBTables without perfectly knowing thediverse operational modes of layer 2 and 3. Some fil

4. PackagesOPT_BONDING_DEV Default: OPT_BONDING_DEV=’no’’yes’ activates the bonding package, ’no’ deativates the bonding package completely.BONDING_DE

ContentsA.9.4. Sponsors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345A.10.Feedback . . . . . . . . . . . . . . . . . . .

4. Packagesbalance-alb Adaptive load balancing: includes both balance-tlb, and inbound load bal-ancing (rlb) for IPV4 traffic and needs no special requi

4. PackagesThis setting is optional and can also be completely omitted.A bonding device defaults to the MAC address of the first physical device which

4. PackagesBONDING_DEV_x_PRIMARY Default: BONDING_DEV_x_PRIMARY=”This setting is optional and can also be completely omitted.Specify primary output de

4. Packagesto work with VLANs should ensure that the respective Linux NIC drivers support VLANscorrectly.OPT_VLAN_DEV Default: OPT_VLAN_DEV=’no’’yes’

4. PackagesDEV_MTU_N='1'DEV_MTU_1='eth0 1496'4.2.5. BRIDGE - Ethernet Bridging for fli4lThis is a full-fledged ethernet-bridge using

4. PackagesBRIDGE_DEV_x_DEVNAME Default: BRIDGE_DEV_x_DEVNAME=”Each bridge device needs a name in the form of ’br number ’. number can be anumber betw

4. PackagesBRIDGE_DEV_x_PRIORITY Default: BRIDGE_DEV_x_PRIORITY=”This setting is optional and can also be completely omitted.Only valid if BRIDGE_DEV_

4. PackagesBRIDGE_DEV_x_DEV_x_PATHCOST Default: BRIDGE_DEV_x_DEV_x_PATHCOST=’100’This setting is optional and can also be completely omitted.Only vali

4. Packagesebtables.post in the directory config/ebtables. Ebtables.pre will get executed before and ebta-bles.post after configuring the netfilter. Plea

4. PackagesFurther informations about ethtool can be found here: http://linux.die.net/man/8/ethtool4.2.9. ExampleFor understanding a simple example is

1. Documentation of the base package1.1. Introductionfli4l is a Linux-based router, capable of handling ISDN, DSL, UMTS, and ethernet connections,with

4. PackagesBRIDGE_DEV_2_DEV_1='bond0.22'BRIDGE_DEV_2_DEV_2='eth3'BRIDGE_DEV_3_NAME='_VLAN33_'BRIDGE_DEV_3_DEVNAME='

4. PackagesOnly time servers in the internet which are reachable by the default route (0.0.0.0/0) can beused, because only the default route changes c

4. Packages4.3.2. SupportSupport is only given in the fli4l Newsgroups (Page 92).4.3.3. LiteratureHomepage of chrony: http://chrony.tuxfamily.org/NTP:

4. PackagesDefault Setting: DHCP_CLIENT_x_ROUTE=’default’DHCP_CLIENT_x_USEPEERDNS If this variable is set to ’yes’ and the device has a default-route

4. PackagesIP4 – IP address (ipv4) of the n’th hostIP6 – IP address (ipv6) of the n’th host (optional). If you use “auto”, then the addresswill be com

4. PackagesGeneral DNS-optionsDNS_BIND_INTERFACES If you choose ‘yes’ here, dnsmasq does not listen on all IP-addresses and only binds and listens to

4. PackagesDNS_REDIRECT_N='1'DNS_REDIRECT_1='yourdom.dyndns.org'DNS_REDIRECT_1_IP='192.168.6.200'This redirects a query

4. Packagessimply be switched off, so that the polling software has to deal with hosts not respondinganyway.DNS_SUPPORT_IPV6 (optional)Setting this opt

4. PackagesExample: DNS_AUTHORITATIVE_IPADDR='IP_NET_2_IPADDR'DNS_ZONE_NETWORK_N DNS_ZONE_NETWORK_x Specify the network addresseshere for wh

4. PackagesISDN_CIRC_1_ROUTE='0.0.0.0'ISDN_CIRC_2_ROUTE='0.0.0.0'We set a default route on both circuits and switch the route with