My notes on setting up FreeBSD-3.4/KAME.v6.


If you plan to just REPLACE the /etc, then CHECK THE FSTAB [/etc/fstab]!!

DON'T INSTALL THE /HOME's UNTILL THE PASSWORDS ARE INSTALLED!!!
############################################################################


ftp://current.freebsd.org/pub/FreeBSD/snapshots/i386/3.4-20000311-STABLE/

If you can get a tared copy of the orignal /etc and put it into the /usr/local/src.

If you can, copy the kernel config file. "uname -a" will tell you which one it is. Copy it to /usr/local/src, and use it as a reff.


##### Components which need to be imported. ######

  • 1. atmdriver-kame.tar.gz
  • 2. mrt-current-src.tar.gz
  • 3. etc.what.ever.tar.gz
  • 4. ntp-4.0.99b.tar.gz
  • 5. kame-20000103-freebsd34-snap.tgz
  • 6. ucd-snmp-3.6.1.tar
  • 7. t1.tar.gz
  • 8. jdk [1.1.8] [/usr/ports/java/]
  • 9. ssh-1.2.27 [ftp freebsd.org ssh-1.2.27.tar.gz in /usr/ports/distfiles.]
  • 10. autoconf [ftp freebsd.org autoconf-2.13.tar.gz in /usr/ports/distfiles.]
  • 11. rpm [ftp freebsd.org rpm-2.5.6.tgz in /usr/ports/distfiles.]
  • 12. linux_base [ftp freebsd.org linux_base-6.1.tgz put in /usr/ports/distfiles.]
  • 13. linux_base [/usr/ports/emulators/]
  • 14. ftp://ftp.csl.sri.com/pub/anetd/]
  • 15. XFree86 [/usr/ports/x11/]


    ####################################################################

  • 1. Ftp from ftp.freebsd.org /pub/FreeBSD/releases/i386/
    Or helpmann.code-donkey.org/../../local/release, and in the options portion of the disk setup type:
    ../../local/release/RELEASE [this is where the 3.4-20000311-STABLE is located.]
    You need to login as dartnoc.

    Then ftp from freebsd.org:
    A. linux_base-6.1.tgz, autoconf-2.13.tar.gz and rpm-2.5.6.tgz, ssh-1.2.27.tar.gz, and place them into /usr/ports/distfiles.

  • 2. .rhosts & /etc/hosts
    In /root make a file <.rhosts> and put an entrie for in it.
    This is needed for the rdist script to be effective. When you have created this change the premissions to 600, so that only root has access to file. eg. chmod 600 .rhosts.
    Next, edit the /etc/hosts file.
    Add: 8.245.76.130 helpmann.code-donkey.org helpmann

  • 3. ssh & tcsh
    Install ssh and tcsh from /usr/ports/security/ssh and /usr/ports/shells/tcsh respectively -- you will need to reboot to make them oprative.
    Move tcsh to /bin and make a soft-link back to the orignal dir. Also edit the /etc/shells to reflect this change. You will need to edit make.conf and give premission to download ssh.
    In make.conf search for USA, and uncomment "YES".
    #USA_RESIDENT= YES

  • 4. rdist
    Run the rdist script from helpmann.
    /usr/dartnoc/dist/intel/passonlydist

  • 5. Account, group and passwd infromation may be taken form
    helpmann.code-donkey.org
    Make sure that your account is in the wheel group, and that "mail:*:6:" and "network:*:12:" are on indivadual lines.

  • 6. /home
    tar up the orignal /home and dump it into the new /usr/home. You may need to make a soft-link to the /home. If you are also going to download the tared home directories from helpmann.code-donkey.org /usr/dartnoc/dist be sure to do this first, or your env may change to what is in helpmanns home directories.
    -check the premissions.
    Add the entries for KAME-v6 into you PATH.

  • 7. Build openssl and linux_base.
    a. cd to /usr/ports/devel/autoconf make, make install
    b. cd to /usr/ports/security/openssl make, make install (This is so tcpdump can display encrpted text)
    c. cd to /usr/ports/emulators/linux_base and run make, make install.

  • 8. /etc/rc.conf & /usr/local/etc/rc.d/rc.local.sh
    /etc/rc.conf. Check against the old one, and get any local info.
    If running v6, you will need:
    ipv6_enable="YES"
    ipv6_gateway_enable="NO"
    If there are addition bits that you need; check the /etc/defaults/rc.conf, and copy the information to /etc/rc.conf

    The rc.local is now rc.local.sh and is in /usr/local/etc/rc.d/ You will need to make this file.
    Make sure you have the premissions set correctly If possable use the oringal /etc/rc.local as a refernce.
    In /etc/rc.conf, make sure to disable sourcerouting, enable TCP extensions.

    In the rc.local.sh add:
    if [ -f /usr/local/v6/etc/rc.net6 ]; then
    sh /usr/local/v6/etc/rc.net6
    fi

    also add to the rc.conf
    tcp_extensions="YES"
    linux_enable="YES"

    At the end of the /usr/local/etc/rc.d/rc.local.sh be sure to add:

    ## ABone anetd start up (kann@.xxx.xxx)
    #
    if [ -f /home/abocc/anetd/ad/ad.bsd44 ] ; then
    echo -n 'start anetd:'
    (cd /home/anpub/anetd/ad;su anpub -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/abocc/anetd/ad;su abocc -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/anee1/anetd/ad;su anee1 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/anee2/anetd/ad;su anee2 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/anee3/anetd/ad;su anee3 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/anee4/anetd/ad;su anee4 -c "./ad.bsd44 -k >>/dev/null&";sleep 3;\
    cd /home/anee5/anetd/ad;su anee5 -c "./ad.bsd44 -k >>/dev/null&")
    fi

  • 9. libcr
    Run "ls -al" against /usr/lib/libcr* this should show
    libdescrypt.a
    libdescrypt.so.2.0
    libdescrypt_p.a

  • 10. resolv.conf
    /etc/resolv.conf [check against the orignal one if poss.] also add isiepc5.cairn.net to the resolv.conf
    nameserver 140.173.167.2 #isipec5.cairn.net

  • 11. /etc/copyfiles.sh & /etc/master.passwd.local
    This is needed for any local passwds. They are passwds which are NOT part of the CAIRN passwd distribution.

  • 12. mrouted
    Make sure mrouted is installed if needed. Use the old mrouted.conf as a ref. if possable. The call for mrouted is placed into
    /usr/local/etc/rc.d/rc.local.sh
    ###########################################################################
    INSTALL KAME.v6 AT THIS POINT ###########################################################################
  • 13. mrtd
    mrtd can be down loaded from MERIT. Put the source code into
    /usr/local/src
    mrtd.conf if placed into /etc with a ref. in
    /usr/local/etc/rc.d/rc.local.sh
    You should use the orignal /etc/mrtd.conf as a refernce. Make sure that the port info is in /etc/services
    *** mrtd 5674/tcp #mrtd routing daemon
    If you have to make an /etc/mrtd.conf file, be sure to add:

    password mrtipv6
    debug all /var/log/mrtd.log 5000000
    !

    to the top of the file. This will let you telnet to the mrtd program and controll it.
    e.g. telnet localhost mrtd and the passwd is: mrtipv6
    Untar the mrt-src file in /usr/local/src. Then [as root] run make-sym-links
    cd src.freebsd3.4
    ./configure
    make
    make install

  • 14. copyfiles.sh & master.passwd.local
    Copy copyfiles.sh & master.passwd.local to /etc [if they exist.]
    These files are for copying any local passwd files in to the
    /etc/master.passwd file.

  • 15. namedb & named & hosts files Tar and copy the /etc/namedb and /etc/named directories. Keep up with the current ver. of BIND. Run "witch" against the installed ver. of named and "grep" for ver.. An entrie in the /etc/rc.conf would look like this:
    named_program="/usr/sbin/named"
    named_flags="-b /etc/named/named.conf"
    I had to edit the named.conf file and change the line from the section.
    named-xfer "/usr/misc/bind-current/src/bin/named-xfer/named-xfer";
    to
    named-xfer "/usr/libexec/named-xfer";


    16. snmp
    down load and untar the new "ucd-snmp-.tar in /usr/local/src. Then follow the instructions and build it.
    run ./configure

    Check that config.h has made these changes:

    #define SYSTEM_INCLUDE_FILE "s/generic"
    has changed to:
    #define SYSTEM_INCLUDE_FILE "s/freebsd3.h"
    and that
    #undef HAVE_NETINET_IN_H 1
    has changed to:
    #define HAVE_NETINET_IN_H 1
    and try again.
    run make
    run make install.


    17. ntp
    Down load and untar the most reacent version of ntp in
    /usr/local/src.
    The currnet version is ntp-4.0.99b.
    run ./configure
    make check
    make
    make install

    Add the files ntp.conf, ntp.keys and ntp.drift to /etc. If the files do not exist in the original /etc, then you can check either isipc, isiepc or udelpc's /etc files. Also you can refernce
    http://www.eecis.udel.edu/~ntp/


    18. Follow the KAME instructions on instalation, and setup of binarys

    ---------- The currnet KAME-v6 SNAP KIT install is as follows. ----------

    1. tared /usr/src and /usr/include

    2. untared kame.snap in /usr/local/src
    ----If you did step 7 don't do this.---
    2a. Installed openssl-0.9.4.tar.gz in
    /usr/local/src [untared etc...]
    Then cd to openssl-0.9.4
    now run ./config
    then
    make, make test, make install.
    ---------------------------------------

    3. view INSTALL

    4. In /usr/local/src/kame run
    make TARGET=freebsd3 prepare

    5. cd /usr/local/src/kame/freebsd3
    6. view INSTALL

    7. cp /kernel /kernel.previous

    8. cd /usr
    mkdir include.clean
    cd include.clean
    (cd ../include; tar Bpcf - . ) | tar Bpxf -

    9. From /usr/local/src/kame/freebsd3
    cd sys/i386/conf

    10. cp GENERIC.v6 CONFIGFILE [eg KAME-20000103-fbsd34-snap]

    10a. Make sure the kernel configuration includes 4 bpfilters

    pseudo-device bpfilter 4 #Berkeley packet filter

    then
    /usr/sbin/config CONFIGFILE

    11. cd ../../compile/CONFIGFILE
    then
    make depend
    make
    make install


    12. From /usr/local/src/kame/freebsd3 cd to the following directroies eaytest, kmpstat and racoon. Edit the Makefile, and add what is below if you do not the next step [make includes will not make]:

    Userland 'make' fails. Need to edit _all_ Makefile's in
    /usr/local/src/kame/freebsd3/usr.sbin/racoon/eaytest
    /usr/local/src/kame/freebsd3/usr.sbin/racoon/kmpstat
    /usr/local/src/kame/freebsd3/usr.sbin/racoon/racoon
    directories, so the following lines:
    -----------------
    .if exists(/usr/local/lib/libcrypto.a)
    LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref
    DPADD+= /usr/local/lib/libcrypto.a /usr/local/lib/libRSAglue.a
    .endif
    ----------------

    Make sure they appear earlier than a statement like:
    .include
    Then add to the /usr/local/src/kame/freebsd3/usr.sbin/tcpdump/Makefile:
    -lRSAglue -lrsaref

    To the end of [with a space]
    LDADD+= -L/usr/local/lib -lcrypto
    so it looks like
    LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref

    Or apply the following patch to usr.sbin/tcpdump/Makefile
    ------------ CUT HERE -----------
    *** usr.sbin/tcpdump/Makefile.orig Wed Dec 22 16:14:07 1999
    --- usr.sbin/tcpdump/Makefile Wed Feb 9 14:18:33 2000
    ***************
    *** 57,63 ****
    CFLAGS+=-I/usr/local/ssl/include/openssl

    ! LDADD+= -L/usr/local/lib -lcrypto
    DPADD+= /usr/local/lib/libcrypto.a
    .endif

    --- 57,63 ----
    CFLAGS+=-I/usr/local/ssl/include/openssl
    .endif
    .endif
    ! LDADD+= -L/usr/local/lib -lcrypto -lRSAglue -lrsaref
    DPADD+= /usr/local/lib/libcrypto.a
    .endif
    ------------ CUT HERE -----------


    12. Then as dartnoc [from /usr/local/src/kame/freebsd3> ]
    I edited the Makefile and changed the make "includes" to "include" then ran make include. I got back "Makefile is up to date." Then as root I ran "make install-include" and it boomed. I then ran "make clean."

    AMMENDED Dont do 12 as a normal user. Do it as root and it works.
    So:
    Then as root [from /usr/local/src/kame/freebsd3]
    run "make includes"
    then "make install-includes"
    now run "make"
    next "make install"

    This will install necessary userland tools into /usr/local/v6/{bin,sbin,whatever}. This should not replace existing IPv4-only userland tools, so it is safe.

    /usr/local/v6/bin /usr/local/v6/sbin
    /usr/local/v6/bin:/usr/local/v6/sbin

    Now type:
    # makewhatis /usr/local/v6/man

    13. Now Reboot.

    14. Now go back and read the INSTALL file in freebsd3 to do the final config.

    E-1. Most of configuration files are placed in /usr/local/v6/etc.
    You may want to copy those foo.sample files into non-sample (foo), edit as necessary. You may also want to invoke /usr/local/v6/etc/rc.net6 from /etc/rc.local, by adding the following into /etc/rc.local:
    if [ -f /usr/local/v6/etc/rc.net6 ]; then
    sh /usr/local/v6/etc/rc.net6
    fi
    E-2. If you would like to use IPv6-ready inetd, you will need to also invoke /usr/local/v6/sbin/inet46d.
    It can coexist with original /usr/sbin/inetd, but when each of them is invoked, IPv4 connection accept is always treated by /usr/sbin/inetd. When only /usr/local/v6/sbin/inet46d is invoked, it accept each of IPv4 and IPv6 connection request.
    Configuration file is placed in /usr/local/v6/etc/inet6d.conf, but with enhanced syntax. Inet46d accepts either of IPv4 and IPv6 connection by default, but you can configure it to accept only one of those protocols by each daemon basis. Consult manpages for details.

    E-4. There are batch of documents installed into /usr/local/v6/man and /usr/local/v6/share/doc. Please read them as necessary. If you wish to develop your own programs, we suggest you to read through supplied documents, RFCs, and other documents to learn how.
    ----------------------End of KAME instalation.------------------------------

    19. Make a symbloic link between /sys and /usr/local/src/kame/freebsd3/sys.
    ln -s /usr/local/src/kame/freebsd3/sys /sys

    20. ATM setup.
    untar atmdriver-kame.tar.gz in /usr/local/src/
    cd to /usr/local/src/atmdriver. cp or mv sys.tar to
    /usr/local/src/kame/freebsd3/ and then untar sys.tar.

    cd /usr/local/src/atmdriver
    cp sys.tar /usr/local/src/kame/freebsd3/
    cd /usr/local/src/kame/freebsd3/
    tar -xvf sys.tar

    [Ref. the README in /usr/local/src/atmdriver for the instructions.]

    Now

    cd /usr/local/src/kame/freebsd3/sys/conf
    and then
    cp files files.bk
    cp options options.bk

    Then you will need to use the patches files.diff, and
    options.fbsd3x.diff. From /usr/local/src/kame/freebsd3/sys/conf
    patch < files.diff
    patch < options.fbsd3x.diff

    At this point you you will need to edit the kernel
    /usr/local/src/kame/freebsd3/sys/i386/conf/KAME-20000103-fbsd34-snap
    [or what the currnet kernal name is.]
    Add the following to the kernel

    device en0 # FreeBSD PCI
    device enp5 # To support 1 pvc on each ATM card
    # (enp5 to support 6 PVCs each -
    # the max allowed number for adaptec)
    pseudo-device atm # FreeBSD only
    options NATM # native atm

    Then config, make depend, make, and install the new kernel.

    If the config barffs, you may need to go to:
    ../../conf/options and remove the duplicate option INET6.

    Once the kernel has been compiled. You need to copy, then
    make and install the following directories:
    atmrate, atminfo, atmconf, and atmstat.
    Copy them from /usr/local/src/atmdriver to
    /usr/local/src/kame/freebsd3/sbin useing the following commands

    # cp -p -r atmrate /usr/local/src/kame/freebsd3/sbin
    # cd /usr/local/src/kame/freebsd3/sbin/atmrate
    # make
    # make install

    Do this for each of the directories.

    21. T1 setup.
    Untar the file t1.tar.gz [or equivalent] in /usr/local/src.
    cd to t1 and:
    First add the entrie for device nn0 to you kernel config. The
    configuration
    file is in /usr/local/src/kame/freebsd3/sys/i386/conf.

    device nn0 at isa0 port 0x280 net irq 10 drq 6

    Next apply the patch file files.i386.diff to
    /usr/local/src/kame/freebsd3/sys/i386/conf/,

    cp files.i386.diff /usr/local/src/kame/freebsd3/sys/i386/conf/
    then
    cp files.i386 files.i386.original
    then

    patch < files.i386.diff

    Now copy if_nn.c and if_nnreg.h to /sys/i386/isa directory.

    cd /usr/local/src/t1
    cp if_nn.c /sys/i386/isa
    cp if_nnreg.h /sys/i386/isa

    Then configure, build and install the new kernel.
    Now reboot and configure the interface.

    22. KERNEL
    be sure to add:
    options MROUTING #Multicast
    # options DDB #Enable the kernel debugger
    # options DDB_UNATTENDED #Don't drop into DDB for a panic.
    to the kernel


    ####### Additional information for a 3.4/KAME-v6 install #############

    Add PIM setup. This is in mrtd... check
    ####################################################################

    23. Edit /usr/local/v6/etc/rc.net6 (which has a symbolic link /etc/rc.net6)

    i) ip6router=YES
    ii) run_route6d=NO
    iii) Replace
    [ -x $route6d ] && $route6d $route6dflags
    with
    if [ X"${run_route6d}" = X"YES" ]; then
    [ -x $route6d ] && $route6d $route6dflags
    fi

    24. java, linux_base.
    Install thease from /usr/ports/java and /usr/ports/emulators

    25. anetd
    [ftp://ftp.csl.sri.com/pub/anetd/] anetd-bsd44-ELF.tgz
    After you've unpacked the new anetd under the abocc directory, you would need to create symbolic links under ~abocc/anetd/ad directory as:

    ln -s /usr/local/jdk1.1.8 jdk1.1.8
    ln -s jdk1.1.8 jdk

    Check the webb page on CAIRN for the correct link


    26. POSIX -suff- add to kernel.
    # POSIX P1003.1B

    # Real time extensions added int the 1993 Posix
    # P1003_1B: Infrastructure
    # _KPOSIX_PRIORITY_SCHEDULING: Build in _POSIX_PRIORITY_SCHEDULING
    # _KPOSIX_VERSION: Version kernel is built for

    options "P1003_1B"
    options "_KPOSIX_PRIORITY_SCHEDULING"
    options "_KPOSIX_VERSION=199309L"

    27. aliases
    Check the /etc/aliases file

    28. #########################################################################

    GET A COPY OF THE /ETC OF THE ORIGINAL BOX JUST BEFORE YOU SEND THE DISK OUT!
    #############################################################################