root/floppyfw/files/config

Revision 249, 10.2 KB (checked in by root, 4 years ago)

Big sync, adding stuff from 3.0 and some other smallies.
Line 
1#
2# Configuration for floppyfw
3
4# $Id: config,v 1.12 2005/09/24 17:50:01 thomasez Exp $
5
6#
7# Fill in the blanks.
8#
9
10# For configuring of modules to use,
11# this includes the network interfaces: /modules.lst
12
13# For configuring firewall rules and incoming traffic: /firewall.ini
14# For configuring extra network interfaces you may use netwirk.ini
15
16# Serial console is set in syslinux.cfg (or isolinux.cfg for CD's)
17
18# The default internal network is 10.42.42.* with 10.42.42.1
19# As the floppyfw internal address (and default gateway for all
20# internal machines). To change this go down to the INSIDE section.
21
22#=============================================================================
23#
24# Basic configuration:
25#
26
27# Select the type of your OUTSIDE connection:
28
29# CONNECT_TYPE=PPP      # if you use a modem
30
31# CONNECT_TYPE=PPPoE    # if you use some type of DSL that uses PPPoE
32                        # (Most of them do)
33CONNECT_TYPE=DHCP       # For getting the IP address by DHCP, often used
34                        # on cable modems.
35# CONNECT_TYPE=STATIC   # For the good old LAN/WAN connections with
36                        # static IP addresses on the outside.
37                        # (setup of the interface is done further down
38                        # in this file)
39
40# CONNECT_TYPE=EXTERNAL # is a hook for booting a external startup
41                        # script from a package.
42                        # the external script has to be in /etc/ext-up.init
43
44#
45# Some connection methods wants a userid and password, PPP and PPPoE
46# is the typical but also the EXTERNAL option may want it.
47# This is also where you can put the hostname/user id that some DHCP servers
48# and ISPs require.
49#
50USER_IDENT=
51USER_PASSWORD=
52
53#
54# Use a DHCP server on the inside network. (This will turn on DNSMASQ aswell)
55# (Dnsmasq is a dns cache.)
56#
57DHCP_SERVER=n
58
59#
60# Floppyfw now has a login prompt.
61# Default, for now, is a login prompt and no password..
62# You have to "login" as root.
63#
64# Password can be created in many ways. You have two (three) options,
65# DES_PASSWORD will accept a crypted string
66# PASSWORD will accept a string (the specific root password,
67#          minimum 5 characters, maximum 8.).
68
69# This will give you "ffw" as login password.
70# DES_PASSWORD=nCLm5JgCK0G5U
71PASSWORD=
72
73
74#
75# Done! Your floppyfw should already work by now.
76# Save this file and give it a first shot !
77# Beneath are options for setting up more advanced stuff
78# (including static network settings and ppp)
79
80#=============================================================================
81#
82# Wonder shaper. http://lartc.org/wondershaper/
83#
84# Set this to "y" if you want wonder shaper to run at startup.
85WONDER_SHAPER=n
86
87# This requires you to set the download and upload speed.
88
89# The speed you are receiving data (downlink), in Kbit:
90DOWNLOAD_SPEED=2048
91
92# The speed you are sending data (uplink), in Kbit:
93UPLOAD_SPEED=256
94
95#====================================
96#
97# VoIP Subsection of Wonder shaper (Disabled if WONDER_SHAPER=n)
98#
99# If you have a IP-Phone, set this to the IP address of the phone
100# or the machine running the phone software and Wondershaper will be
101# even better. If left blank will remove the VoIP RT10 Class completely.
102PHONE_IP=
103
104# PHONE_IP VoIP Class 10 RTP data - set to desired rate (90000 recommended)
105# If left blank will remove the VoIP RT10 Class completely.
106RT10=90000
107
108# To forward RTP or SIP ports, set the appropriate FORWARD_XXX=y
109# Note that forwarding udp ports will have security implications.
110# VOIP rtp data ports - LOwest and HIghest port number in range
111# get from your VoIP provider
112LO_RTPPORT=
113HI_RTPPORT=
114FORWARD_RTP=n
115
116# INT - SIP priority ports - space separated if > 1
117# get from your VoIP provider - normally "5060" or "5060 5061"
118INTPORTS=""
119FORWARD_SIP=n
120
121#
122#=============================================================================
123#
124
125#
126# Physical device layout:
127#
128# In the files /etc/outside.info and /etc/inside.info you will see
129# OUTSIDE_DEVICE and INSIDE_DEVICE, those are the logical devices used by
130# firewall.init and friends..
131#
132# If you have only one network card you can set INSIDE_DEV to eth0:0
133# and it will use ip aliasing to make it all work.
134#
135OUTSIDE_DEV=eth0
136INSIDE_DEV=eth1
137
138#-----------------------------------------------------------------------------
139#
140# INSIDE settings:
141#
142#
143# Your inside network, this has 10.42.42.* set as default, this is
144# addresses assigned for internal networks according to RFC 1918.
145#
146# Network and broadcast address will be automatically configured.
147#
148INSIDE_IP=10.42.42.1
149INSIDE_NETMASK=255.255.255.0
150
151#
152# If you use the internal DHCP server and change the IP address and range
153# above you should also set the dhcp address range.
154#
155DHCP_RANGE_START=10.42.42.100 
156DHCP_RANGE_END=10.42.42.200
157
158#-----------------------------------------------------------------------------
159
160#
161# OUTSIDE settings if you are using the STATIC connection option:
162#
163# Network and broadcast address will be automatically configured.
164#
165OUTSIDE_IP=
166OUTSIDE_NETMASK=
167
168#
169# Misc
170# These are not nescessary to set if you are using DHCP.
171# (The DOMAIN field might be useful to change)
172#
173DEFAULT_GATEWAY=
174
175# Name servers can be a list, separated by a space. like "1.1.1.1 1.1.1.2"
176OUTSIDE_NAMESERVERS=""
177
178# MAC address for outside nic
179# Some ISPs uses bootp style dhcp tables and some just remembers the last
180# used MAC address. this allows you to swap nics
181# OUTSIDE_MAC=00:00:e8:48:6c:cb
182
183#-----------------------------------------------------------------------------
184
185#
186# DMZ settings.
187#
188# This is just to set up the network, you have to edit firewall.ini to
189# be able to do anything useful with this.
190#
191# This can also be set up as the device/LAN for an open WLAN.
192#
193# Please note that enabling this automatically opens up for DNS requests to
194# the floppyfw from DMZ.
195#
196
197USE_DMZ=n
198DMZ_DEV=eth2
199DMZ_IP=10.42.69.1
200DMZ_NETMASK=255.255.255.0
201DMZ_DHCP_SERVER=n
202DMZ_DHCP_RANGE_START=10.42.69.100
203DMZ_DHCP_RANGE_END=10.42.69.200
204
205#
206# This switch will turn on or off NAT to the outside network.
207#
208
209DMZ_USE_NAT=y
210
211# What traffic do you want to allow from DMZ to OUTSIDE?
212# Specifying "all" will allow all traffic, "none" will block all. TCP based
213# protocols can be specified in a comma separated list like this:
214# DMZ_ALLOW_TO_OUTSIDE="ssh,www,https,ftp,domain,pop3,pop3s,imap3,imaps"
215DMZ_ALLOW_TO_OUTSIDE="all"
216
217# What traffic do you want to allow from DMZ to INSIDE?
218# Specifying "all" will allow all traffic, "none" will block all. TCP based
219# protocols can be specified in a comma separated list like this:
220# DMZ_ALLOW_TO_INSIDE="ssh,ftp"
221DMZ_ALLOW_TO_INSIDE="none"
222
223# What traffic do you want to allow from INSIDE to DMZ?
224# Specifying "all" will allow all traffic, "none" will block all. TCP based
225# protocols can be specified in a comma separated list like this:
226# DMZ_ALLOW_FROM_INSIDE="ssh,ftp,http,https,smtp"
227DMZ_ALLOW_FROM_INSIDE="all"
228
229# This is to set a traffic shaping rule to restrict the bandwidth.
230# DMZ_RESTRICT_KBITS=64
231
232#-----------------------------------------------------------------------------
233
234# PPP settings:
235#
236# Change the following only if you are using PPP or PPPoE.
237#
238
239#
240# Phone number:
241TELEPHONE=
242
243# Serial Port COM1 is /dev/tts/0, COM2 is /dev/tts/1 etc.
244SERIAL_PORT=/dev/tts/1
245PORT_SPEED=57600
246PPP_CONNECT_TIMEOUT=60
247PPP_CONNECT_POLL=3
248
249# For exotic modems: The default values should work for most modems.
250MODEM_INIT="AT&F"
251
252# USEPEERDNS used to be here. it's now deprecated, or basically, it's
253# being turned on permanently.
254# *but*, you can override it using the OUTSIDE_NAMESERVERS option you will
255# find further up in this config file. The ip-up script will create an
256# /etc/resolv.conf file with the OUTSIDE_NAMESERVERS as the first available
257# name servers (if any are set) and then the LCP given addresses.
258
259# Change the DEMAND variable to either:
260# 'no' for "always on" connection
261# N where N is the number of idle seconds before we disconnect
262#DEMAND=600
263DEMAND=no
264
265# A debug option for debugging PPPoE, it will log to the specified file.
266# This must NOT be used during normal use, it'll fill up the ramdisk..
267# PPPOE_DEBUG=/tmp/pppoe.log
268
269#-----------------------------------------------------------------------------
270
271#
272# Defaults and switches:
273#
274
275HOSTNAME=floppyfw
276DOMAIN=floppyfwsecured.com
277
278#
279# dnsmasq accepts DNS queries of inside machines and
280# either answers them from a small, local, cache
281# or forwards them to a real, recursive, DNS server.
282#
283# It loads the contents of /etc/hosts into the cache at startup so that
284# local hostnames which do not appear in the global DNS can be resolved.
285#
286DNSMASQ=n
287
288#
289# And for the logging the scripts use:
290# Default works for most purposes.
291#
292DEBUG_LOG="/dev/vc/3"
293
294#
295# Turning on syslogd and klogd.
296# This is a nice thing but will eat CPU which is why it is turned
297# off by default.
298# The firewall.ini file is where you can turn on logging of rejected packages.
299#
300USE_SYSLOG=n
301
302# Uncomment to log to /dev/vc/4 instead of /var/log/messages
303# which aren't exactly a good idea on a ramdisk.
304SYSLOG_TTY="-O $DEBUG_LOG"
305# Or the another virtual console than the other messages:
306# SYSLOG_TTY="-O /dev/vc/4"
307
308# Uncomment to log to network. host:port
309# SYSLOG_NET="-R 10.42.42.42:514"
310
311# Uncomment to not print a mark
312# SYSLOG_MARK="-m 0"
313
314[ "$SYSLOG_TTY" -a "$SYSLOG_NET" ] && SYSLOG_BOTH="-L"
315SYSLOG_FLAGS="$SYSLOG_MARK $SYSLOG_TTY $SYSLOG_NET $SYSLOG_BOTH"
316
317#
318# Time zone.
319# This is a string which will be put in /etc/TZ
320#
321TIMEZONE=
322
323#
324# At the bottom (almost) because this is a feature that should not be
325# widely used but it will be useful for some people, escpecially
326# people using some irc servers demanding a result.
327#
328# This is a fake ident daemon, you can set the userid it shall answer
329# and floppyfw will automagically start the fake identd with this user
330# as the response.
331#
332# This will have security implications since you are running a listening
333# daemon (server) on the outside network interface. do this ONLY
334# if you really need it.
335#
336#FAKEIDENT=
337
338#
339# Reserve this amount of RAM after all packages are unpacked.
340# This is the amount used to calculate the value of
341# /proc/sys/net/ipv4/ip_conntrack_max in firewall.ini(t)
342RESERVE_MB=1
343
344# If you want to use a second device (floppy disk, or whatever),
345# enter a device name like "/dev/fd1"
346# Otherwise enter "n"
347#SECOND_DEVICE="/dev/floppy/1"
348SECOND_DEVICE=n
349# And, you should be able to use a CD as the second device, so, we need to
350# set the file system. vfat for a floppy and iso9660 for a CD.
351SECOND_DEVICE_FS=vfat
Note: See TracBrowser for help on using the browser.