# Home + Vpnd + 4 nic
# Nic 1) Default Gatway, Static 24.50.121.248/24
# Nic 2) Nat, 192.168.11.1/28, vpn, ports 23 81
# Nic 3) Nat, 192.168.11.17/28, vpn, ports 20 21 22 23 25 80 109 119 143
# Nic 3) Nat, 192.168.11.33/28, vpn
# untared and retared vpnd.bz2

modules.lst:
ip_masq_pptp
?ip_masq_ipsec
slhc
slip

modules:
slip.bz2:slip.o,slhc.o

syslinux.cfg:
append initrd=initrd.gz root=/dev/fd0 ether=0,0,eth0 ether=0,0,eth1 ether=0,0,eth2 ether=0,0,eth3

config:
OUTSIDE_DEV=eth0
OUTSIDE_IP=24.50.121.248
OUTSIDE_NETWORK=24.50.121.0
OUTSIDE_NETMASK=255.255.255.0
OUTSIDE_BROADCAST=24.50.121.255
INSIDE_DEV=eth1
INSIDE_IP=192.168.11.1
INSIDE_NETWORK=192.168.11.0
INSIDE_NETMASK=255.255.255.240
INSIDE_BROADCAST=192.168.11.15
INSIDE2_DEV=eth2
INSIDE2_IP=192.168.11.17
INSIDE2_NETWORK=192.168.11.16
INSIDE2_NETMASK=255.255.255.240
INSIDE2_BROADCAST=192.168.11.31
INSIDE3_DEV=eth3
INSIDE3_IP=192.168.11.33
INSIDE3_NETWORK=192.168.11.32
INSIDE3_NETMASK=255.255.255.240
INSIDE3_BROADCAST=192.168.11.47
DEFAULT_GATEWAY=24.50.121.1
NAME_SERVER_IP1=192.168.11.1
NAME_SERVER_IP2=24.48.64.2
DOMAIN=Kujawski.Com
HOSTNAME=trail
DHCP_DAEMON=y
DHCP_RANGE_START=192.168.11.6
DHCP_RANGE_END=192.168.11.9
DNSMASQ=y
SERIAL_CONSOLE=ttyS0
SYSLOG_FLAGS="-R 192.168.11.3"
VPNPORT=443
Eric_VPNPORT=444
Eric_OUTSIDE_IP=24.50.121.249
Eric_OUTSIDE_NETWORK=24.50.121.0
Eric_OUTSIDE_NETMASK=255.255.255.0
Eric_INSIDE_IP=192.168.2.1
Eric_INSIDE_NETWORK=192.168.2.0
Eric_INSIDE_NETMASK=255.255.255.240
Eric_INSIDE_BROADCAST=192.168.2.15


network.ini:
if [ -n "${INSIDE2_DEV}" ];
    then
    ifconfig ${INSIDE2_DEV} ${INSIDE2_IP} netmask ${INSIDE2_NETMASK} broadcast ${INSIDE2_BROADCAST}
    echo "${INSIDE2_IP}      ${HOSTNAME}.inside2" >> /etc/hosts
fi
if [ -n "${INSIDE3_DEV}" ];
    then
    ifconfig ${INSIDE3_DEV} ${INSIDE3_IP} netmask ${INSIDE3_NETMASK} broadcast ${INSIDE3_BROADCAST}
    echo "${INSIDE3_IP}      ${HOSTNAME}.inside3" >> /etc/hosts
fi

firewall.ini:
# Keep state.
iptables -A FORWARD -m state --state NEW -i ${INSIDE2_DEVICE} -j ACCEPT
iptables -A FORWARD -m state --state NEW -i ${INSIDE3_DEVICE} -j ACCEPT
# We don't like the NetBIOS and Samba leaking..
iptables -t nat -A PREROUTING -p TCP -i ${INSIDE2_DEVICE} --dport 135:139 -j DROP
iptables -t nat -A PREROUTING -p UDP -i ${INSIDE2_DEVICE} --dport 137:139 -j DROP
iptables -t nat -A PREROUTING -p TCP -i ${INSIDE3_DEVICE} --dport 135:139 -j DROP
iptables -t nat -A PREROUTING -p UDP -i ${INSIDE3_DEVICE} --dport 137:139 -j DROP
# And also, DHCP, but we can basically accept anything from the inside.
iptables -A INPUT -i ${INSIDE2_DEVICE} -j ACCEPT
iptables -A OUTPUT -o ${INSIDE2_DEVICE} -j ACCEPT
iptables -A INPUT -i ${INSIDE3_DEVICE} -j ACCEPT
iptables -A OUTPUT -o ${INSIDE3_DEVICE} -j ACCEPT





ipchains -P forward DENY
ipchains -A forward -j ACCEPT -s ${TKY_NET}/${TKY_MASK}
                              -d ${KOUBE_NET}/${KOUBE_MASK}
ipchains -A forward -j ACCEPT -s ${KOUBE_NET}/${KOUBE_MASK}
                              -d ${TKY_NET}/${TKY_MASK}
ipchains -A forward -j MASQ -i ${OUTSIDE_DEV} -l




packages/
#post-pts.ini
#ptsnt113.bz2
vpnd.bz2
post-vpnd.ini
vpnd.key

post-vpnd.ini:
#!/bin/sh
# post-vpnd.ini
# y-takami@r2i.co.jp
. /etc/config
cat > /etc/vpnd.conf << EOF
mode server
client ${Eric_OUTSIDE_IP} ${Eric_VPNPORT} 
server ${OUTSIDE_IP} ${VPNPORT} 
remote ${Eric_INSIDE_IP}
local ${INSIDE_IP}
autoroute
route1 ${Eric_INSIDE_NETWORK} ${Eric_INSIDE_NETMASK} ${Eric_INSIDE_IP}
keepalive 10
noanswer 3
keyfile /etc/vpnd.key
pidfile /var/run/vpnd.pid
randomdev /dev/urandom
mtu 1600
EOF
#/bin/mknod -m 644 /dev/random c 1 8
#/bin/mknod -m 644 /dev/urandom c 1 9
#/bin/chown root:root /dev/random /dev/urandom
#/bin/mknod -m 666 /dev/ptyp0 c 2 0
#/bin/chown root:root /dev/ptyp0
cp /mnt/tmp/packages/vpnd.key /etc
/bin/chmod 400 /etc/vpnd.key
/bin/vpnd