root/floppyfw-3.0/scripts/config

#
# Configuration for floppyfw

# $Id: config,v 1.12 2005/09/24 17:50:01 thomasez Exp $

#
# Fill in the blanks.
#

# For configuring of modules to use, 
# this includes the network interfaces: /modules.lst

# For configuring firewall rules and incoming traffic: /firewall.ini
# For configuring extra network interfaces you may use netwirk.ini

# Serial console is set in syslinux.cfg (or isolinux.cfg for CD's)

# The default internal network is 10.42.42.* with 10.42.42.1
# As the floppyfw internal address (and default gateway for all
# internal machines). To change this go down to the INSIDE section.

#=============================================================================
#
# Basic configuration:
#

# Select the type of your OUTSIDE connection:

# CONNECT_TYPE=PPP      # if you use a modem

# CONNECT_TYPE=PPPoE    # if you use some type of DSL that uses PPPoE
                        # (Most of them do)
CONNECT_TYPE=DHCP       # For getting the IP address by DHCP, often used 
                        # on cable modems.

DHCP_USE_LAST_ADDR=y    # I'll make this new feature a default yes.
                        # Reason is simple; I Want it and I presume
                        # most others want it aswell.
                        # Since it tries to store the address on the
                        # root / source media, this only works with a 
                        # writeable source.

# CONNECT_TYPE=STATIC   # For the good old LAN/WAN connections with
                        # static IP addresses on the outside.
                        # (setup of the interface is done further down 
                        # in this file)

# CONNECT_TYPE=EXTERNAL # is a hook for booting a external startup
                        # script from a package.
                        # the external script has to be in /etc/ext-up.init

#
# Some connection methods wants a userid and password, PPP and PPPoE 
# is the typical but also the EXTERNAL option may want it.
# This is also where you can put the hostname/user id that some DHCP servers
# and ISPs require.
#
USER_IDENT=
USER_PASSWORD=

#
# Use a DHCP server on the inside network. (This will turn on DNSMASQ aswell)
# (Dnsmasq is a dns cache.)
#
DHCP_SERVER=n

#
# Floppyfw now has a login prompt.
# Default, for now, is a login prompt and no password..
# You have to "login" as root.
#
# Password can be created in many ways. You have two (three) options, 
# DES_PASSWORD will accept a crypted string 
# PASSWORD will accept a string (the specific root password, 
#          minimum 5 characters, maximum 8.). 

# This will give you "ffw" as login password.
# DES_PASSWORD=nCLm5JgCK0G5U 
PASSWORD=


# 
# Done! Your floppyfw should already work by now.
# Save this file and give it a first shot !
# Beneath are options for setting up more advanced stuff
# (including static network settings and ppp)

#=============================================================================
#
# Wonder shaper. http://lartc.org/wondershaper/
# 
# Set this to "y" if you want wonder shaper to run at startup.
WONDER_SHAPER=n

# This requires you to set the download and upload speed. 

# The speed you are receiving data (downlink), in Kbit:
DOWNLOAD_SPEED=2048

# The speed you are sending data (uplink), in Kbit:
UPLOAD_SPEED=256

#====================================
#
# VoIP Subsection of Wonder shaper (Disabled if WONDER_SHAPER=n)
#
# If you have a IP-Phone, set this to the IP address of the phone
# or the machine running the phone software and Wondershaper will be
# even better. If left blank will remove the VoIP RT10 Class completely.
PHONE_IP=

# PHONE_IP VoIP Class 10 RTP data - set to desired rate (90000 recommended)
# If left blank will remove the VoIP RT10 Class completely.
RT10=90000

# To forward RTP or SIP ports, set the appropriate FORWARD_XXX=y
# Note that forwarding udp ports will have security implications.
# VOIP rtp data ports - LOwest and HIghest port number in range 
# get from your VoIP provider
LO_RTPPORT=
HI_RTPPORT=
FORWARD_RTP=n

# INT - SIP priority ports - space separated if > 1
# get from your VoIP provider - normally "5060" or "5060 5061"
INTPORTS=""
FORWARD_SIP=n

#
#=============================================================================
#

#
# Physical device layout:
#
# In the files /etc/outside.info and /etc/inside.info you will see 
# OUTSIDE_DEVICE and INSIDE_DEVICE, those are the logical devices used by
# firewall.init and friends..
#
# If you have only one network card you can set INSIDE_DEV to eth0:0
# and it will use ip aliasing to make it all work.
#
# You can also use device.VLAN-ID to automatically set it as a VLAN.
#
OUTSIDE_DEV=eth0 
INSIDE_DEV=eth1

#-----------------------------------------------------------------------------
#
# INSIDE settings:
#
# 
# Your inside network, this has 10.42.42.* set as default, this is 
# addresses assigned for internal networks according to RFC 1918.
#
# Network and broadcast address will be automatically configured.
#
INSIDE_IP=10.42.42.1
INSIDE_NETMASK=255.255.255.0

# 
# If you use the internal DHCP server and change the IP address and range
# above you should also set the dhcp address range.
#
DHCP_RANGE_START=10.42.42.100  
DHCP_RANGE_END=10.42.42.200

#-----------------------------------------------------------------------------

#
# OUTSIDE settings if you are using the STATIC connection option:
#
# Network and broadcast address will be automatically configured.
#
OUTSIDE_IP=
OUTSIDE_NETMASK=

#
# Misc
# These are not nescessary to set if you are using DHCP.
# (The DOMAIN field might be useful to change)
#
DEFAULT_GATEWAY=

# Name servers can be a list, separated by a space. like "1.1.1.1 1.1.1.2"
OUTSIDE_NAMESERVERS=""

# MAC address for outside nic
# Some ISPs uses bootp style dhcp tables and some just remembers the last
# used MAC address. this allows you to swap nics
# OUTSIDE_MAC=00:00:e8:48:6c:cb

#-----------------------------------------------------------------------------

#
# DMZ settings. 
#
# You can also fine tune the firewall settings in dmz-fw.ini
#
# This can also be set up as the device/LAN for an open WLAN.
# As with the other interfaces, you can use device.VLAN-ID to automatically
# set it as a VLAN.
#
# Please note that enabling this automatically opens up for DNS requests to
# the floppyfw from DMZ.
#

USE_DMZ=n
DMZ_DOMAIN=
DMZ_DEV=eth2
DMZ_IP=10.42.69.1
DMZ_NETMASK=255.255.255.0
DMZ_DHCP_SERVER=n
DMZ_DHCP_RANGE_START=10.42.69.100
DMZ_DHCP_RANGE_END=10.42.69.200

#
# This switch will turn on or off NAT to the outside network.
#

DMZ_USE_NAT=y

# What traffic do you want to allow from DMZ to OUTSIDE?
# Specifying "all" will allow all traffic, "none" will block all. TCP based
# protocols can be specified in a comma separated list like this:
# DMZ_ALLOW_TO_OUTSIDE="ssh,www,https,ftp,domain,pop3,pop3s,imap3,imaps"
DMZ_ALLOW_TO_OUTSIDE="all"

# What traffic do you want to allow from DMZ to INSIDE?
# Specifying "all" will allow all traffic, "none" will block all. TCP based
# protocols can be specified in a comma separated list like this:
# DMZ_ALLOW_TO_INSIDE="ssh,ftp"
DMZ_ALLOW_TO_INSIDE="none"

# What traffic do you want to allow from INSIDE to DMZ?
# Specifying "all" will allow all traffic, "none" will block all. TCP based
# protocols can be specified in a comma separated list like this:
# DMZ_ALLOW_FROM_INSIDE="ssh,ftp,http,https,smtp"
DMZ_ALLOW_FROM_INSIDE="all"

# This is to set a traffic shaping rule to restrict the bandwidth.
# DMZ_RESTRICT_KBITS=64

#-----------------------------------------------------------------------------

# PPP settings:
#
# Change the following only if you are using PPP or PPPoE.
#

# 
# Phone number:
TELEPHONE=

# Serial Port COM1 is /dev/tts/0, COM2 is /dev/tts/1 etc.
SERIAL_PORT=/dev/tts/1
PORT_SPEED=57600
PPP_CONNECT_TIMEOUT=60
PPP_CONNECT_POLL=3

# For exotic modems: The default values should work for most modems.
MODEM_INIT="AT&F"

# USEPEERDNS used to be here. it's now deprecated, or basically, it's 
# being turned on permanently.
# *but*, you can override it using the OUTSIDE_NAMESERVERS option you will 
# find further up in this config file. The ip-up script will create an 
# /etc/resolv.conf file with the OUTSIDE_NAMESERVERS as the first available
# name servers (if any are set) and then the LCP given addresses.

# Change the DEMAND variable to either:
# 'no' for "always on" connection
# N where N is the number of idle seconds before we disconnect
#DEMAND=600
DEMAND=no

# A debug option for debugging PPPoE, it will log to the specified file.
# This must NOT be used during normal use, it'll fill up the ramdisk.. 
# PPPOE_DEBUG=/tmp/pppoe.log

#-----------------------------------------------------------------------------

# 
# Defaults and switches:
#

HOSTNAME=floppyfw
# Set this if you don't want your outside DHCP server decide.
# DOMAIN=floppyfwsecured.local

#
# dnsmasq accepts DNS queries of inside machines and
# either answers them from a small, local, cache
# or forwards them to a real, recursive, DNS server.
#
# It loads the contents of /etc/hosts into the cache at startup so that
# local hostnames which do not appear in the global DNS can be resolved.
#
DNSMASQ=n

#
# And for the logging the scripts use:
# Default works for most purposes.
#
DEBUG_LOG="/dev/vc/3"

# 
# Turning on syslogd and klogd. 
# This is a nice thing but will eat CPU which is why it is turned 
# off by default.
# The firewall.ini file is where you can turn on logging of rejected packages.
#
USE_SYSLOG=n

# Uncomment to log to /dev/vc/4 instead of /var/log/messages
# which aren't exactly a good idea on a ramdisk.
SYSLOG_TTY="-O $DEBUG_LOG"
# Or the another virtual console than the other messages:
# SYSLOG_TTY="-O /dev/vc/4"

# Uncomment to log to network. host:port
# SYSLOG_NET="-R 10.42.42.42:514"

# Uncomment to not print a mark
# SYSLOG_MARK="-m 0"

[ "$SYSLOG_TTY" -a "$SYSLOG_NET" ] && SYSLOG_BOTH="-L"
SYSLOG_FLAGS="$SYSLOG_MARK $SYSLOG_TTY $SYSLOG_NET $SYSLOG_BOTH"

# 
# Time zone.
# This is a string which will be put in /etc/TZ 
#
TIMEZONE=

#
# At the bottom (almost) because this is a feature that should not be 
# widely used but it will be useful for some people, escpecially
# people using some irc servers demanding a result.
# 
# This is a fake ident daemon, you can set the userid it shall answer
# and floppyfw will automagically start the fake identd with this user
# as the response.
#
# This will have security implications since you are running a listening 
# daemon (server) on the outside network interface. do this ONLY 
# if you really need it.
#
#FAKEIDENT=

#
# Reserve this amount of RAM after all packages are unpacked. 
# This is the amount used to calculate the value of 
# /proc/sys/net/ipv4/ip_conntrack_max in firewall.ini(t)
RESERVE_MB=1

# If you want to use a second device (floppy disk, or whatever),
# enter a device name like "/dev/fd1"
# Otherwise enter "n"
#SECOND_DEVICE="/dev/floppy/1"
SECOND_DEVICE=n
# And, you should be able to use a CD as the second device, so, we need to
# set the file system. vfat for a floppy and iso9660 for a CD.
SECOND_DEVICE_FS=vfat