Shurdix Installation Nano-HOWTO

Follow this HOWTO to get Shurdix installed. At the moment, only a typical configuration is handled. If you have different requirements, you may need to consult other parts of this wiki. Now that there is a separate shurdix:install, it is even more simple, so you may try to use the automatic install, and set the rest manually.

• one internal subnet, both public and private IPs allowed. Everything also works when you have more than 1 subnet. Max subnet number is unknown, most likely 254 (tested 6).
• private IPs are NAT-ed automatically
• max subnet size B-Class (16 or 255.255.0.0)
• User management, DNS and DHCP will be fully taken over by Shurdix
• User management data will be typed in the web interface
• Two ethernet network cards, eth0 external, eth1 internal.
• Bootable CD drive
• IDE hard disk (primary master), will be fully deleted (other media are also supported but not covered in this HOWTO)
• Netmask is a number between 0 and 32 (255.255.255.0 = 24, 255.255.0.0 = 16 etc)

1. plug network cable to the internet
2. download Shurdix 0.3 ISO image
3. put the CD into the drive and boot from it
4. on the bootprompt type (everything in one line):

   shurdix ETH0=ip_address/netmask GATEWAY=ip_address_of_gateway DNS1=primary_dns_of_provider DNS2=if_available_secondary_dns ROOTDEV=hda ROOTPW=new_root_passwort HOSTNAME=hostname INSTALL

   The network data can be temporary (e.g. if you want to connect it as an internal computer during the installation). Nevertheless, internet access is required during the installation, otherwise you have to copy the installation files manually.

5. wait for the boot process to finish, should take about a minute
6. change to the second console (Alt-F2) and login as root with the passwort you suplied as ROOTPW

7. echo firewall=1 >> /etc/sysconfig/services

   activates firewall.

8. echo CET-1CEST-2,M3.5.0/02:00,M10.5.0/03:00 > /mnt/ramdisk/TZ

   setup timezone (Central European Time with daylight savings, if you live in another zone, consult uclibc documentation).

9. rdate ntp1.fau.de;modprobe rtc;hwclock -wu

   set correct time.

10. if you want bandwidth management

    vi /etc/sysconfig/tc
    BW_IN=incoming_bandwidth
    BW_OUT=outgoing_bandwidth
    DEV_IN=eth1
    DEV_OUT=eth0
    

    Bandwidth should be an integer and is measured in kbit/s. For optimal performance, set incoming bandwidth to about 95% and outgoing to about 98% of real bandwidth.

11. vi /mnt/ramdisk/dnsmasq.conf
    interface=eth1
    bogus-priv
    filterwin2k
    cache-size=4096
    domain=localdomain
    dhcp-authoritative
    addn-hosts=/mnt/ramdisk/hosts
    dhcp-range=subnet,ip_range_from,ip_range_to,1h
    dhcp-leasefile=/tmp/dhcpleases
    dhcp-lease-max=max_lease_count
    conf-file=/mnt/ramdisk/um/macipmap.dat
    

    setup DNS/DHCP.

    • subnet represents the local subnet, like 192.168.0.0/24. If you have multiple subnets, you have to choose one of them (doesn’t matter which). dnsmasq at this time doesn’t support multiple subnets on the same interface.
    • ip_range_from and ip_range_to are the beginning and end of the range for dynamically assigned addresses (statically assigned IPs don’t have to fall in this range, it’s enough when they are inside the whole subnet.

12. echo "internal_ip router router.localdomain" > /mnt/ramdisk/hosts

    also belongs to DNS

13. if you want user management

    mkdir /mnt/ramdisk/um; touch /mnt/ramdisk/um/users.dat /mnt/ramdisk/um/macipmap.dat

    turns it on

14. vi /etc/sysconfig/network-scripts/eth0
    IP=external_ip/netmask
    ROUTE=route_command

    if required, setup external ip. ROUTE should be a command that “ip route” understands. Typically you just type “default via ip_address_of_isp’s_gateway”

15. vi /etc/sysconfig/network-scripts/eth1
    IP=internal_ip/netmask
    

    if required, setup external ip. For more details on configuring network devices see Network Interfaces

16. vi /mnt/ramdisk/resolv.conf

    setup parent DNS if required

17. vi /etc/sysconfig/dyndns
    HOST=hostname.dyndns.org
    LOGIN=my_login
    PASS=my password
    STATIC=1_or_0
    

    if required setup DynDNS client. For more details see dyndns

18. If required, add/change root password or logins for webinterface
19. Todo: ASPE (vulncheck.pl, aspe.smtp.pl)

20. service conf save

    save configuration.

21. eject cd and take it out

22. poweroff

    shutdown

23. insert network cables properly this time
24. Voilá!

Web interface is available over https://router/info/ . Please use https when handling non-public data. You can of course use the internal or exterlan ip or other fqnd the computer has instead of “router”.