My notes on setting up FreeBSD-3.4/KAME.v6.
If you plan to just REPLACE the /etc, then CHECK THE FSTAB [/etc/fstab]!!
DON'T INSTALL THE /HOME's UNTILL THE PASSWORDS ARE INSTALLED!!!
############################################################################
ftp://current.freebsd.org/pub/FreeBSD/snapshots/i386/3.4-20000311-STABLE/
If you can get a tared copy of the orignal /etc and put it into
the /usr/local/src.
If you can, copy the kernel config file. "uname -a" will tell you
which one it is. Copy it to /usr/local/src, and use it as a reff.
##### Components which need to be imported. ######
1. atmdriver-kame.tar.gz
2. mrt-current-src.tar.gz
3. etc.what.ever.tar.gz
4. ntp-4.0.99b.tar.gz
5. kame-20000103-freebsd34-snap.tgz
6. ucd-snmp-3.6.1.tar
7. t1.tar.gz
8. jdk [1.1.8] [/usr/ports/java/]
9. ssh-1.2.27 [ftp freebsd.org ssh-1.2.27.tar.gz in /usr/ports/distfiles.]
10. autoconf [ftp freebsd.org autoconf-2.13.tar.gz in /usr/ports/distfiles.]
11. rpm [ftp freebsd.org rpm-2.5.6.tgz in /usr/ports/distfiles.]
12. linux_base [ftp freebsd.org linux_base-6.1.tgz put in /usr/ports/distfiles.]
13. linux_base [/usr/ports/emulators/]
14. ftp://ftp.csl.sri.com/pub/anetd/]
15. XFree86 [/usr/ports/x11/]
####################################################################
1. Ftp from ftp.freebsd.org
/pub/FreeBSD/releases/i386/
Or helpmann.code-donkey.org/../../local/release,
and in the options portion of the disk setup type:
../../local/release/RELEASE [this is where the 3.4-20000311-STABLE is
located.]
You need to login as dartnoc.
Then ftp from freebsd.org:
A. linux_base-6.1.tgz, autoconf-2.13.tar.gz and rpm-2.5.6.tgz, ssh-1.2.27.tar.gz,
and place them into /usr/ports/distfiles.
2. .rhosts & /etc/hosts
In /root make a file <.rhosts> and put an entrie for
in it.
This is needed for
the rdist script to be effective. When you have created this
change the premissions to 600, so that only root has access to
file. eg. chmod 600 .rhosts.
Next, edit the /etc/hosts file.
Add:
8.245.76.130 helpmann.code-donkey.org helpmann
3. ssh & tcsh
Install ssh and tcsh from /usr/ports/security/ssh
and /usr/ports/shells/tcsh respectively -- you will need
to reboot to make them oprative.
Move tcsh to /bin and make a soft-link back to the orignal dir.
Also edit the /etc/shells to reflect this change.
You will need to edit make.conf and give premission to
download ssh.
In make.conf search for USA, and uncomment "YES".
#USA_RESIDENT= YES
4. rdist
Run the rdist script from helpmann.
/usr/dartnoc/dist/intel/passonlydist
5. Account, group and passwd infromation may be taken form
helpmann.code-donkey.org
Make sure that your account is in the wheel group, and that
"mail:*:6:" and "network:*:12:" are on indivadual lines.
6. /home
tar up the orignal /home and dump it into the new /usr/home.
You may need to make a soft-link to the /home. If you are also
going to download the tared home directories from
helpmann.code-donkey.org /usr/dartnoc/dist be sure to do this first,
or your env may change to what is in helpmanns home directories.
-check the premissions.
Add the entries for KAME-v6 into you PATH.
7. Build openssl and linux_base.
a. cd to /usr/ports/devel/autoconf make, make install
b. cd to /usr/ports/security/openssl make, make install
(This is so tcpdump can display encrpted text)
c. cd to /usr/ports/emulators/linux_base and run make, make install.
8. /etc/rc.conf & /usr/local/etc/rc.d/rc.local.sh
/etc/rc.conf. Check against the old one, and get any local info.
If running v6, you will need:
ipv6_enable="YES"
ipv6_gateway_enable="NO"
If there are addition bits that you need; check the
/etc/defaults/rc.conf, and copy the information to
/etc/rc.conf
The rc.local is now rc.local.sh and is in /usr/local/etc/rc.d/
You will need to make this file.
Make sure you have the premissions
set correctly If possable use the oringal
/etc/rc.local as a refernce.
In /etc/rc.conf, make sure to disable sourcerouting, enable TCP
extensions.
In the rc.local.sh add:
if [ -f /usr/local/v6/etc/rc.net6 ]; then
sh /usr/local/v6/etc/rc.net6
fi
also add to the rc.conf
tcp_extensions="YES"
linux_enable="YES"
At the end of the /usr/local/etc/rc.d/rc.local.sh
be sure to add:
## ABone anetd start up (kann@.xxx.xxx)
#
if [ -f /home/abocc/anetd/ad/ad.bsd44 ] ; then
echo -n 'start anetd:'
(cd /home/anpub/anetd/ad;su anpub -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/abocc/anetd/ad;su abocc -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/anee1/anetd/ad;su anee1 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/anee2/anetd/ad;su anee2 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/anee3/anetd/ad;su anee3 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/anee4/anetd/ad;su anee4 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
cd /home/anee5/anetd/ad;su anee5 -c "./ad.bsd44 -k >>/dev/null&")
fi
9. libcr
Run "ls -al" against /usr/lib/libcr* this should show
libdescrypt.a
libdescrypt.so.2.0
libdescrypt_p.a
10. resolv.conf
/etc/resolv.conf [check against the orignal one if poss.]
also add isiepc5.cairn.net to the resolv.conf
nameserver 140.173.167.2 #isipec5.cairn.net
11. /etc/copyfiles.sh & /etc/master.passwd.local
This is needed for any local passwds. They are passwds
which are NOT part of the CAIRN passwd distribution.
12. mrouted
Make sure mrouted is installed if needed. Use the old mrouted.conf
as a ref. if possable. The call for mrouted is placed into
/usr/local/etc/rc.d/rc.local.sh
###########################################################################
INSTALL KAME.v6 AT THIS POINT
###########################################################################
13. mrtd
mrtd can be down loaded from MERIT. Put the source code into
/usr/local/src
mrtd.conf if placed into /etc with a ref. in
/usr/local/etc/rc.d/rc.local.sh
You should use the orignal /etc/mrtd.conf as a refernce.
Make sure that the port info is in /etc/services
*** mrtd 5674/tcp #mrtd routing daemon
If you have to make an /etc/mrtd.conf file, be sure to add:
password mrtipv6
debug all /var/log/mrtd.log 5000000
!
to the top of the file. This will let you telnet to the
mrtd program and controll it.
e.g. telnet localhost mrtd
and the passwd is: mrtipv6
Untar the mrt-src file in /usr/local/src. Then [as root] run
make-sym-links
cd src.freebsd3.4
./configure
make
make install
14. copyfiles.sh & master.passwd.local
Copy copyfiles.sh & master.passwd.local to /etc [if they exist.]
These files are for copying any local passwd files in to the
/etc/master.passwd file.
15. namedb & named & hosts files
Tar and copy the /etc/namedb and /etc/named directories.
Keep up with the current ver. of BIND. Run "witch" against
the installed ver. of named and "grep" for ver..
An entrie in the /etc/rc.conf would look like this:
named_program="/usr/sbin/named"
named_flags="-b /etc/named/named.conf"
I had to edit the named.conf file and change the line from the
section.
named-xfer "/usr/misc/bind-current/src/bin/named-xfer/named-xfer";
to
named-xfer "/usr/libexec/named-xfer";
16. snmp
down load and untar the new "ucd-snmp-.tar in
/usr/local/src. Then follow the instructions and build it.
run ./configure
Check that config.h has made these changes:
#define SYSTEM_INCLUDE_FILE "s/generic"
has changed to:
#define SYSTEM_INCLUDE_FILE "s/freebsd3.h"
and that
#undef HAVE_NETINET_IN_H 1
has changed to:
#define HAVE_NETINET_IN_H 1
and try again.
run make
run make install.
17. ntp
Down load and untar the most reacent version of ntp in
/usr/local/src.
The currnet version is ntp-4.0.99b.
run ./configure
make check
make
make install
Add the files ntp.conf, ntp.keys and ntp.drift to /etc.
If the files do not exist in the original /etc, then you
can check either isipc, isiepc or udelpc's /etc files. Also
you can refernce
http://www.eecis.udel.edu/~ntp/
18. Follow the KAME instructions on instalation, and setup of binarys
---------- The currnet KAME-v6 SNAP KIT install is as follows. ----------
1. tared /usr/src and /usr/include
2. untared kame.snap in /usr/local/src
----If you did step 7 don't do this.---
2a. Installed openssl-0.9.4.tar.gz in
/usr/local/src [untared etc...]
Then cd to openssl-0.9.4
now run ./config
then
make, make test, make install.
---------------------------------------
3. view INSTALL
4. In /usr/local/src/kame run
make TARGET=freebsd3 prepare
5. cd /usr/local/src/kame/freebsd3
6. view INSTALL
7. cp /kernel /kernel.previous
8. cd /usr
mkdir include.clean
cd include.clean
(cd ../include; tar Bpcf - . ) | tar Bpxf -
9. From /usr/local/src/kame/freebsd3
cd sys/i386/conf
10. cp GENERIC.v6 CONFIGFILE [eg KAME-20000103-fbsd34-snap]
10a. Make sure the kernel configuration includes 4 bpfilters
pseudo-device bpfilter 4 #Berkeley packet filter
then
/usr/sbin/config CONFIGFILE
11. cd ../../compile/CONFIGFILE
then
make depend
make
make install
12. From /usr/local/src/kame/freebsd3 cd to the following directroies eaytest,
kmpstat and racoon. Edit the Makefile, and add what is below
if you do not the next step [make includes will not make]:
Userland 'make' fails. Need to edit _all_ Makefile's in
/usr/local/src/kame/freebsd3/usr.sbin/racoon/eaytest
/usr/local/src/kame/freebsd3/usr.sbin/racoon/kmpstat
/usr/local/src/kame/freebsd3/usr.sbin/racoon/racoon
directories, so the following lines:
-----------------
.if exists(/usr/local/lib/libcrypto.a)
LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref
DPADD+= /usr/local/lib/libcrypto.a /usr/local/lib/libRSAglue.a
.endif
----------------
Make sure they appear earlier than a statement like:
.include
Then add to the /usr/local/src/kame/freebsd3/usr.sbin/tcpdump/Makefile:
-lRSAglue -lrsaref
To the end of [with a space]
LDADD+= -L/usr/local/lib -lcrypto
so it looks like
LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref
Or apply the following patch to usr.sbin/tcpdump/Makefile
------------ CUT HERE -----------
*** usr.sbin/tcpdump/Makefile.orig Wed Dec 22 16:14:07 1999
--- usr.sbin/tcpdump/Makefile Wed Feb 9 14:18:33 2000
***************
*** 57,63 ****
CFLAGS+=-I/usr/local/ssl/include/openssl
! LDADD+= -L/usr/local/lib -lcrypto
DPADD+= /usr/local/lib/libcrypto.a
.endif
--- 57,63 ----
CFLAGS+=-I/usr/local/ssl/include/openssl
.endif
.endif
! LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref
DPADD+= /usr/local/lib/libcrypto.a
.endif
------------ CUT HERE -----------
12. Then as dartnoc [from /usr/local/src/kame/freebsd3> ]
I edited the Makefile and changed the make "includes" to "include" then
ran make include. I got back "Makefile is up to date." Then as root I ran
"make install-include" and it boomed. I then ran "make clean."
AMMENDED Dont do 12 as a normal user. Do it as root and it works.
So:
Then as root [from /usr/local/src/kame/freebsd3]
run "make includes"
then "make install-includes"
now run "make"
next "make install"
This will install necessary userland
tools into /usr/local/v6/{bin,sbin,whatever}. This should not replace
existing IPv4-only userland tools, so it is safe.
/usr/local/v6/bin /usr/local/v6/sbin
/usr/local/v6/bin:/usr/local/v6/sbin
Now type:
# makewhatis /usr/local/v6/man
13. Now Reboot.
14. Now go back and read the INSTALL file in freebsd3 to do the final config.
E-1. Most of configuration files are placed in /usr/local/v6/etc.
You may want to copy those foo.sample files into non-sample (foo),
edit as necessary. You may also want to invoke /usr/local/v6/etc/rc.net6
from /etc/rc.local, by adding the following into /etc/rc.local:
if [ -f /usr/local/v6/etc/rc.net6 ]; then
sh /usr/local/v6/etc/rc.net6
fi
E-2. If you would like to use IPv6-ready inetd, you will need to also invoke
/usr/local/v6/sbin/inet46d.
It can coexist with original /usr/sbin/inetd, but when each of them is
invoked, IPv4 connection accept is always treated by /usr/sbin/inetd.
When only /usr/local/v6/sbin/inet46d is invoked, it accept each of
IPv4 and IPv6 connection request.
Configuration file is placed in /usr/local/v6/etc/inet6d.conf, but with
enhanced syntax. Inet46d accepts either of IPv4 and IPv6 connection by
default, but you can configure it to accept only one of those protocols
by each daemon basis. Consult manpages for details.
E-4. There are batch of documents installed into /usr/local/v6/man
and /usr/local/v6/share/doc. Please read them as necessary.
If you wish to develop your own programs, we suggest you to read through
supplied documents, RFCs, and other documents to learn how.
----------------------End of KAME instalation.------------------------------
19. Make a symbloic link between /sys and /usr/local/src/kame/freebsd3/sys.
ln -s /usr/local/src/kame/freebsd3/sys /sys
20. ATM setup.
untar atmdriver-kame.tar.gz in /usr/local/src/
cd to /usr/local/src/atmdriver. cp or mv sys.tar to
/usr/local/src/kame/freebsd3/ and then untar sys.tar.
cd /usr/local/src/atmdriver
cp sys.tar /usr/local/src/kame/freebsd3/
cd /usr/local/src/kame/freebsd3/
tar -xvf sys.tar
[Ref. the README in /usr/local/src/atmdriver for the instructions.]
Now
cd /usr/local/src/kame/freebsd3/sys/conf
and then
cp files files.bk
cp options options.bk
Then you will need to use the patches files.diff, and
options.fbsd3x.diff. From /usr/local/src/kame/freebsd3/sys/conf
patch < files.diff
patch < options.fbsd3x.diff
At this point you you will need to edit the kernel
/usr/local/src/kame/freebsd3/sys/i386/conf/KAME-20000103-fbsd34-snap
[or what the currnet kernal name is.]
Add the following to the kernel
device en0 # FreeBSD PCI
device enp5 # To support 1 pvc on each ATM card
# (enp5 to support 6 PVCs each -
# the max allowed number for adaptec)
pseudo-device atm # FreeBSD only
options NATM # native atm
Then config, make depend, make, and install the new kernel.
If the config barffs, you may need to go to:
../../conf/options and remove the duplicate option INET6.
Once the kernel has been compiled. You need to copy, then
make and install the following directories:
atmrate, atminfo, atmconf, and atmstat.
Copy them from /usr/local/src/atmdriver to
/usr/local/src/kame/freebsd3/sbin useing the following commands
# cp -p -r atmrate /usr/local/src/kame/freebsd3/sbin
# cd /usr/local/src/kame/freebsd3/sbin/atmrate
# make
# make install
Do this for each of the directories.
21. T1 setup.
Untar the file t1.tar.gz [or equivalent] in /usr/local/src.
cd to t1 and:
First add the entrie for device nn0 to you kernel config. The
configuration
file is in /usr/local/src/kame/freebsd3/sys/i386/conf.
device nn0 at isa0 port 0x280 net irq 10 drq 6
Next apply the patch file files.i386.diff to
/usr/local/src/kame/freebsd3/sys/i386/conf/,
cp files.i386.diff /usr/local/src/kame/freebsd3/sys/i386/conf/
then
cp files.i386 files.i386.original
then
patch < files.i386.diff
Now copy if_nn.c and if_nnreg.h to /sys/i386/isa directory.
cd /usr/local/src/t1
cp if_nn.c /sys/i386/isa
cp if_nnreg.h /sys/i386/isa
Then configure, build and install the new kernel.
Now reboot and configure the interface.
22. KERNEL
be sure to add:
options MROUTING #Multicast
# options DDB #Enable the kernel debugger
# options DDB_UNATTENDED #Don't drop into DDB for a panic.
to the kernel
####### Additional information for a 3.4/KAME-v6 install #############
Add PIM setup. This is in mrtd...
check
####################################################################
23. Edit /usr/local/v6/etc/rc.net6 (which has a symbolic link /etc/rc.net6)
i) ip6router=YES
ii) run_route6d=NO
iii) Replace
[ -x $route6d ] && $route6d $route6dflags
with
if [ X"${run_route6d}" = X"YES" ]; then
[ -x $route6d ] && $route6d $route6dflags
fi
24. java, linux_base.
Install thease from /usr/ports/java and /usr/ports/emulators
25. anetd
[ftp://ftp.csl.sri.com/pub/anetd/] anetd-bsd44-ELF.tgz
After you've unpacked the new anetd under the abocc directory, you
would need to create symbolic links under ~abocc/anetd/ad directory as:
ln -s /usr/local/jdk1.1.8 jdk1.1.8
ln -s jdk1.1.8 jdk
Check the webb page on CAIRN for the correct link
26. POSIX -suff- add to kernel.
# POSIX P1003.1B
# Real time extensions added int the 1993 Posix
# P1003_1B: Infrastructure
# _KPOSIX_PRIORITY_SCHEDULING: Build in _POSIX_PRIORITY_SCHEDULING
# _KPOSIX_VERSION: Version kernel is built for
options "P1003_1B"
options "_KPOSIX_PRIORITY_SCHEDULING"
options "_KPOSIX_VERSION=199309L"
27. aliases
Check the /etc/aliases file
28. #########################################################################
GET A COPY OF THE /ETC OF THE ORIGINAL BOX JUST BEFORE YOU SEND
THE DISK OUT!
#############################################################################