boa/ 0040775 0025617 0025617 00000000000 07550506117 007777 5 ustar jkm jkm boa/cgi-bin/ 0040775 0025617 0025617 00000000000 07550506117 011307 5 ustar jkm jkm boa/cgi-bin/showconf 0100775 0025617 0025617 00000000060 07533205001 013041 0 ustar jkm jkm #!/bin/sh
echo ; echo
cat /flash/etc/sipo.conf
boa/cgi-bin/showstats 0100775 0025617 0025617 00000000314 07533207043 013264 0 ustar jkm jkm #!/bin/sh
echo ; echo
echo Interfaces
ip addr
echo
ip -s link
echo ; echo Routing table
ip ro
echo ; echo Neighbor info
ip nei
echo ; echo Memory info
cat /proc/meminfo
echo ; echo Kernel log
dmesg
boa/www/ 0040775 0025617 0025617 00000000000 07550506117 010623 5 ustar jkm jkm boa/www/index.html 0100664 0025617 0025617 00000000324 07533207043 012611 0 ustar jkm jkm
SIPO
SIPO
boa/www/readme.txt 0100664 0025617 0025617 00000000056 07506154531 012617 0 ustar jkm jkm Hello! This is an example WWW root directory.
etc/ 0040775 0025617 0025617 00000000000 07550506117 010011 5 ustar jkm jkm etc/bootrc 0100755 0025617 0025617 00000002160 07550271537 011226 0 ustar jkm jkm #!/bin/sh
# Entry point to configurable startup - called from /etc/bootrc after file
# systems have been mounted and network interfaces renamed
# Read in configuration
. /flash/etc/sipo.conf
# do not allow forwarding before all setup has been completed
echo 0 > /proc/sys/net/ipv4/ip_forward
# setup network interface
ip addr add 127.0.0.1/8 dev lo
ip link set dev lo up
set_interface()
{
if [ -z "$2" ]; then
return
fi
echo "Setting up interface '$1' - '$2'"
if [ "$2" = "dhcp" ]; then
udhcpc -i "$1" -s /flash/etc/udhcp/udhcpc-script -b
else
ip addr add "$2" dev "$1"
ip link set dev "$1" up
fi
}
set_interface public "$PUBLIC"
set_interface private "$PRIVATE"
set_interface dmz "$DMZ"
if [ -n "$DEFAULTGW" ]; then
ip ro add default via "$DEFAULTGW"
fi
if [ -n "$REMOTE_SYSLOG" ]; then
syslogd -R "$REMOTE_SYSLOG"
if [ "$USE_KLOGD" = "yes" ]; then
klogd
fi
fi
# Execute additional startup scripts (if present)
for i in /flash/etc/bootrc-extra-*; do
if [ -x "$i" ]; then
"$i"
fi
done
if [ "$IP_FORWARD" = "yes" ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
etc/resolv.conf 0100664 0025617 0025617 00000000126 07506156655 012177 0 ustar jkm jkm # FIX: setup DNS servers here or use DHCP to update this file
# nameserver 127.0.0.1
etc/sipo.conf 0100664 0025617 0025617 00000000732 07533204644 011632 0 ustar jkm jkm # GPL SIPO configuration
# Network interfaces
# static address: IP addr/prefix len, e.g., 192.168.1.254/24
# get with DHCP: dhcp
# not in use: leave empty
PUBLIC=dhcp
DMZ=192.168.1.6/24
PRIVATE=
# Default GW IP address. Leave empty if not set (e.g., to use the router
# information from DHCP server).
DEFAULTGW=
# IP address for remove syslog server
REMOTE_SYSLOG=
# Log kernel messages to remote syslog (yes/no)
USE_KLOGD=no
IP_FORWARD=yes
ALLOW_SSH_FROM_PUBLIC=yes
etc/bootrc-extra-iptables 0100775 0025617 0025617 00000001054 07550061167 014147 0 ustar jkm jkm #!/bin/sh
. /flash/etc/sipo.conf
for i in ip_tables ip_conntrack iptable_filter iptable_nat ip_conntrack_ftp \
ip_nat_ftp ipt_state ipt_LOG ipt_MASQUERADE; do
insmod $i >> /tmp/boot.log
done
iptables-restore < /flash/etc/iptables.conf
if [ "$ALLOW_SSH_FROM_PUBLIC" = "yes" ]; then
iptables -I INPUT -i public -p tcp --dport 22 -j ACCEPT
fi
for i in public private dmz; do
if [ -d /proc/sys/net/ipv4/conf/$i ]; then
echo 1 > /proc/sys/net/ipv4/conf/$i/log_martians
echo 1 > /proc/sys/net/ipv4/conf/$i/rp_filter
fi
done
etc/iptables.conf 0100664 0025617 0025617 00000002240 07550061167 012457 0 ustar jkm jkm # iptables filter setup
#
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o public -j MASQUERADE
COMMIT
#
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
#
# create dynacl chain for fwauth use
-N dynacl
-A dynacl -j LOG --log-prefix "DROP(in-dynacl): "
-A dynacl -j DROP
#
# allow outgoing connection to public interface
-A INPUT -i public -m state --state ESTABLISHED,RELATED -j ACCEPT
# use fwauth controlled ACL for SSH access
-A INPUT -i public -p tcp --dport 22 -j dynacl
# allow incoming ping for diagnostics purposes
-A INPUT -i public -p icmp --icmp-type echo-request -j ACCEPT
# drop any other connection attempt incoming from public interface
-A INPUT -i public -j LOG --log-prefix "DROP(in-public): "
-A INPUT -i public -j DROP
#
# allow only outgoing connection using NAPT for forwarded packets
-A FORWARD -o private -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -o private -j LOG --log-prefix "DROP(NAPT,establ): "
-A FORWARD -o private -j DROP
-A FORWARD -i private -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -j LOG --log-prefix "DROP(unknown): "
-A FORWARD -j DROP
COMMIT
etc/boa.conf 0100664 0025617 0025617 00000016432 07533204710 011417 0 ustar jkm jkm # Boa v0.94 configuration file
# File format has not changed from 0.93
# File format has changed little from 0.92
# version changes are noted in the comments
#
# The Boa configuration file is parsed with a lex/yacc or flex/bison
# generated parser. If it reports an error, the line number will be
# provided; it should be easy to spot. The syntax of each of these
# rules is very simple, and they can occur in any order. Where possible
# these directives mimic those of NCSA httpd 1.3; I saw no reason to
# introduce gratuitous differences.
# $Id: boa.conf,v 1.2 2002/08/28 17:35:04 jkm Exp $
# The "ServerRoot" is not in this configuration file. It can be compiled
# into the server (see defines.h) or specified on the command line with
# the -c option, for example:
#
# boa -c /usr/local/boa
# Port: The port Boa runs on. The default port for http servers is 80.
# If it is less than 1024, the server must be started as root.
Port 80
# Listen: the Internet address to bind(2) to. If you leave it out,
# it takes the behavior before 0.93.17.2, which is to bind to all
# addresses (INADDR_ANY). You only get one "Listen" directive,
# if you want service on multiple IP addresses, you have three choices:
# 1. Run boa without a "Listen" directive
# a. All addresses are treated the same; makes sense if the addresses
# are localhost, ppp, and eth0.
# b. Use the VirtualHost directive below to point requests to different
# files. Should be good for a very large number of addresses (web
# hosting clients).
# 2. Run one copy of boa per IP address, each has its own configuration
# with a "Listen" directive. No big deal up to a few tens of addresses.
# Nice separation between clients.
# The name you provide gets run through inet_aton(3), so you have to use dotted
# quad notation. This configuration is too important to trust some DNS.
#Listen 192.68.0.5
# User: The name or UID the server should run as.
# Group: The group name or GID the server should run as.
User nobody
Group nogroup
# ServerAdmin: The email address where server problems should be sent.
# Note: this is not currently used, except as an environment variable
# for CGIs.
#ServerAdmin root@localhost
# ErrorLog: The location of the error log file. If this does not start
# with /, it is considered relative to the server root.
# Set to /dev/null if you don't want errors logged.
# If unset, defaults to /dev/stderr
# ErrorLog /var/log/boa/error_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
# is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
# process if the receiving end of a pipe stops reading."
#ErrorLog "|/usr/sbin/cronolog --symlink=/var/log/boa/error_log /var/log/boa/error-%Y%m%d.log"
# AccessLog: The location of the access log file. If this does not
# start with /, it is considered relative to the server root.
# Comment out or set to /dev/null (less effective) to disable
# Access logging.
# AccessLog /var/log/boa/access_log
# Please NOTE: Sending the logs to a pipe ('|'), as shown below,
# is somewhat experimental and might fail under heavy load.
# "Usual libc implementations of printf will stall the whole
# process if the receiving end of a pipe stops reading."
#AccessLog "|/usr/sbin/cronolog --symlink=/var/log/boa/access_log /var/log/boa/access-%Y%m%d.log"
# UseLocaltime: Logical switch. Uncomment to use localtime
# instead of UTC time
#UseLocaltime
# VerboseCGILogs: this is just a logical switch.
# It simply notes the start and stop times of cgis in the error log
# Comment out to disable.
#VerboseCGILogs
# ServerName: the name of this server that should be sent back to
# clients if different than that returned by gethostname + gethostbyname
#ServerName www.your.org.here
ServerName localhost
# VirtualHost: a logical switch.
# Comment out to disable.
# Given DocumentRoot /var/www, requests on interface 'A' or IP 'IP-A'
# become /var/www/IP-A.
# Example: http://localhost/ becomes /var/www/127.0.0.1
#
# Not used until version 0.93.17.2. This "feature" also breaks commonlog
# output rules, it prepends the interface number to each access_log line.
# You are expected to fix that problem with a postprocessing script.
#VirtualHost
# DocumentRoot: The root directory of the HTML documents.
# Comment out to disable server non user files.
DocumentRoot /flash/boa/www
# UserDir: The name of the directory which is appended onto a user's home
# directory if a ~user request is recieved.
UserDir public_html
# DirectoryIndex: Name of the file to use as a pre-written HTML
# directory index. Please MAKE AND USE THESE FILES. On the
# fly creation of directory indexes can be _slow_.
# Comment out to always use DirectoryMaker
DirectoryIndex index.html
# DirectoryMaker: Name of program used to create a directory listing.
# Comment out to disable directory listings. If both this and
# DirectoryIndex are commented out, accessing a directory will give
# an error (though accessing files in the directory are still ok).
DirectoryMaker /bin/boa_indexer
# DirectoryCache: If DirectoryIndex doesn't exist, and DirectoryMaker
# has been commented out, the the on-the-fly indexing of Boa can be used
# to generate indexes of directories. Be warned that the output is
# extremely minimal and can cause delays when slow disks are used.
# Note: The DirectoryCache must be writable by the same user/group that
# Boa runs as.
# DirectoryCache /var/spool/boa/dircache
# KeepAliveMax: Number of KeepAlive requests to allow per connection
# Comment out, or set to 0 to disable keepalive processing
KeepAliveMax 1000
# KeepAliveTimeout: seconds to wait before keepalive connection times out
KeepAliveTimeout 10
# MimeTypes: This is the file that is used to generate mime type pairs
# and Content-Type fields for boa.
# Set to /dev/null if you do not want to load a mime types file.
# Do *not* comment out (better use AddType!)
# MimeTypes /etc/mime.types
MimeTypes /dev/null
# DefaultType: MIME type used if the file extension is unknown, or there
# is no file extension.
DefaultType text/plain
# CGIPath: The value of the $PATH environment variable given to CGI progs.
CGIPath /bin:/usr/bin:/usr/local/bin
# SinglePostLimit: The maximum allowable number of bytes in
# a single POST. Default is normally 1MB.
# AddType: adds types without editing mime.types
# Example: AddType type extension [extension ...]
AddType text/html html
AddType text/html htm
# Uncomment the next line if you want .cgi files to execute from anywhere
#AddType application/x-httpd-cgi cgi
# Redirect, Alias, and ScriptAlias all have the same semantics -- they
# match the beginning of a request and take appropriate action. Use
# Redirect for other servers, Alias for the same server, and ScriptAlias
# to enable directories for script execution.
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
# Example: Redirect /bar http://elsewhere/feh/bar
# Aliases: Aliases one path to another.
# Example: Alias /path1/bar /path2/foo
# Alias /doc /usr/doc
# ScriptAlias: Maps a virtual path to a directory for serving scripts
# Example: ScriptAlias /htbin/ /www/htbin/
ScriptAlias /cgi-bin/ /flash/boa/cgi-bin/
etc/bootrc-extra-boa 0100775 0025617 0025617 00000000077 07506154531 013110 0 ustar jkm jkm #!/bin/sh
if [ -x /bin/boa ]; then
/bin/boa -c /flash/etc
fi
etc/bootrc-extra-net-snmp 0100775 0025617 0025617 00000000116 07506374713 014110 0 ustar jkm jkm #!/bin/sh
if [ -x /bin/snmpd ]; then
/bin/snmpd -c /flash/etc/snmpd.conf
fi
etc/snmpd.conf 0100664 0025617 0025617 00000000350 07506374713 012002 0 ustar jkm jkm syslocation "Nowhere"
syscontact "nobody@example.com"
sysservices 0*1 + 0*2 + 1*4 + 1*8 + 1*64
# SNMPv3 read-only
rouser guest noauth
# SNMPv1 read-only community
rocommunity public
trapsink 192.168.1.2
agentuser adm
agentgroup adm
etc/bootrc-extra-ssh 0100775 0025617 0025617 00000000132 07506154531 013134 0 ustar jkm jkm #!/bin/sh
if [ -x /bin/sshd ]; then
/bin/sshd -f /flash/etc/ssh2/sshd2_config
fi
etc/ssh2/ 0040775 0025617 0025617 00000000000 07550506117 010670 5 ustar jkm jkm etc/ssh2/README 0100664 0025617 0025617 00000000330 07506154531 011541 0 ustar jkm jkm You will need to add access key for root user in this directory to file
'access_key_user.pub' (you can edit 'authorization' to add multiple keys,
etc.) and host key to 'hostkey' (private) and 'hostkey.pub' (public).
etc/ssh2/authorization 0100664 0025617 0025617 00000000030 07506154531 013501 0 ustar jkm jkm Key access_key_user.pub
etc/ssh2/ssh2_config 0100664 0025617 0025617 00000002177 07506154531 013023 0 ustar jkm jkm ## ssh2_config
## SSH 2.0 Client Configuration File
##
## The "*" is used for all hosts, but you can use other hosts as
## well.
.*:
## General
VerboseMode no
# DontReadStdin no
# Compression yes
# ForcePTTYAllocation yes
AuthenticationSuccessMsg yes
## Network
Port 22
NoDelay no
KeepAlive yes
## Crypto
Ciphers AnyStdCipher
MACs AnyStdMAC
StrictHostKeyChecking ask
RekeyIntervalSeconds 0
## User public key authentication
IdentityFile identification
AuthorizationFile authorization
RandomSeedFile random_seed
## Tunneling
GatewayPorts no
ForwardX11 no
ForwardAgent no
## SSH1 Compatibility
Ssh1Compatibility no
Ssh1AgentCompatibility none
## Authentication
## Public key only for security as SIPO has no password protection
AllowedAuthentications publickey,password
# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)
# DefaultDomain foobar.com
# SshSignerPath ssh-signer2
## Examples of per host configurations
#alpha*:
# Host alpha.oof.fi
# User user
# Ciphers idea
etc/ssh2/ssh_banner_message 0100664 0025617 0025617 00000000032 07506154531 014431 0 ustar jkm jkm SSH VPN gateway
etc/ssh2/sshd2_config 0100664 0025617 0025617 00000003217 07506154531 013163 0 ustar jkm jkm ## sshd2_config
## SSH 2.4 Server Configuration File for SIPO
##
## General
VerboseMode no
# SyslogFacility AUTH
# SyslogFacility LOCAL7
## Network
Port 22
ListenAddress 0.0.0.0
RequireReverseMapping no
MaxBroadcastsPerSecond 0
AllowedAuthentications publickey
# NoDelay yes
# KeepAlive yes
# MaxConnections 50
# MaxConnections 0
# 0 == number of connections not limited
## Crypto
Ciphers AnyStdCipher
MACs AnyStdMAC
RekeyIntervalSeconds 0
## User
PrintMotd no
CheckMail no
UserConfigDirectory /flash/etc/ssh2/
# LoginGraceTime 600
## Hostkey locations
HostKeyFile /flash/etc/ssh2/hostkey
PublicHostKeyFile /flash/etc/ssh2/hostkey.pub
## User public key authentication
AuthorizationFile authorization
RandomSeedFile random_seed
## For SIPO, we require only public key authentication. A banner
## message would be too :)
BannerMessageFile /flash/etc/ssh2/ssh_banner_message
## Host restrictions. Given that this box has access to the Internet,
## it might be a good idea to define these.
# AllowHosts localhost, foobar.com, friendly.org
# DenyHosts evil.org, aol.com
## User restrictions. Make sure you allow only certain users to access
## this box.
#
# AllowUsers "sj*,s[:isdigit:]##,s(jl|amza)"
# DenyUsers skuuppa,warezdude,31373
# DenyUsers don@untrusted.org
# AllowGroups staff,users
# DenyGroups guest
## DO NOT CHANGE ANYTHING BELOW THIS LINE. ##
PermitRootLogin nopwd
subsystem-sftp /bin/sftp-server
AllowX11Forwarding no
AllowTcpForwarding no
AllowAgentForwarding no
PermitEmptyPasswords no
StrictModes yes
UserKnownHosts no
etc/udhcp/ 0040775 0025617 0025617 00000000000 07550506117 011114 5 ustar jkm jkm etc/udhcp/udhcpc-cmd-bound 0100775 0025617 0025617 00000001105 07533200024 014135 0 ustar jkm jkm #!/bin/sh
# Sample udhcpc renew script
RESOLV_CONF="/etc/resolv.conf"
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"
/sbin/ifconfig $interface $ip $BROADCAST $NETMASK
if [ -n "$router" ]
then
echo "deleting routers"
while /sbin/route del default gw 0.0.0.0 dev $interface
do :
done
for i in $router
do
/sbin/route add default gw $i dev $interface
done
fi
echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF
for i in $dns
do
echo adding dns $i
echo nameserver $i >> $RESOLV_CONF
done etc/udhcp/udhcpc-cmd-deconfig 0100775 0025617 0025617 00000000115 07533200024 014604 0 ustar jkm jkm #!/bin/sh
# Sample udhcpc deconfig script
/sbin/ifconfig $interface 0.0.0.0
etc/udhcp/udhcpc-cmd-renew 0100775 0025617 0025617 00000001114 07533200024 014146 0 ustar jkm jkm #!/bin/sh
# Sample udhcpc bound script
RESOLV_CONF="/etc/udhcpc/resolv.conf"
[ -n "$broadcast" ] && BROADCAST="broadcast $broadcast"
[ -n "$subnet" ] && NETMASK="netmask $subnet"
/sbin/ifconfig $interface $ip $BROADCAST $NETMASK
if [ -n "$router" ]
then
echo "deleting routers"
while /sbin/route del default gw 0.0.0.0 dev $interface
do :
done
for i in $router
do
/sbin/route add default gw $i dev $interface
done
fi
echo -n > $RESOLV_CONF
[ -n "$domain" ] && echo domain $domain >> $RESOLV_CONF
for i in $dns
do
echo adding dns $i
echo nameserver $i >> $RESOLV_CONF
done etc/udhcp/udhcpc-script 0100775 0025617 0025617 00000000422 07533200024 013572 0 ustar jkm jkm #!/bin/sh
# Currently, we only dispatch according to command. However, a more
# elaborate system might dispatch by command and interface or do some
# common initialization first, especially if more dhcp event notifications
# are added.
exec /flash/etc/udhcp/udhcpc-cmd-$1
etc/udhcp/udhcpd.conf 0100664 0025617 0025617 00000005427 07533200024 013224 0 ustar jkm jkm # Sample udhcpd configuration file (/etc/udhcpd.conf)
# The start and end of the IP lease block
start 192.168.0.20 #default: 192.168.0.20
end 192.168.0.254 #default: 192.168.0.254
# The interface that udhcpd will use
interface private #default: eth0
# The maximim number of leases (includes addressesd reserved
# by OFFER's, DECLINE's, and ARP conficts
#max_leases 254 #default: 254
# If remaining is true (default), udhcpd will store the time
# remaining for each lease in the udhcpd leases file. This is
# for embedded systems that cannot keep time between reboots.
# If you set remaining to no, the absolute time that the lease
# expires at will be stored in the dhcpd.leases file.
#remaining yes #default: yes
# The time period at which udhcpd will write out a dhcpd.leases
# file. If this is 0, udhcpd will never automatically write a
# lease file. (specified in seconds)
#auto_time 7200 #default: 7200 (2 hours)
# The amount of time that an IP will be reserved (leased) for if a
# DHCP decline message is received (seconds).
#decline_time 3600 #default: 3600 (1 hour)
# The amount of time that an IP will be reserved (leased) for if an
# ARP conflct occurs. (seconds
#conflict_time 3600 #default: 3600 (1 hour)
# How long an offered address is reserved (leased) in seconds
#offer_time 60 #default: 60 (1 minute)
# If a lease to be given is below this value, the full lease time is
# instead used (seconds).
#min_lease 60 #defult: 60
# The location of the leases file
lease_file /var/etc/udhcpd.leases #default: /etc/udhcpd.leases
# The location of the pid file
pidfile /var/run/udhcpd.pid #default: /var/run/udhcpd.pid
# Everytime udhcpd writes a leases file, the below script will be called.
# Useful for writing the lease file to flash every few hours.
#notify_file #default: (no script)
#notify_file dumpleases # <--- usefull for debugging
# The following are bootp specific options, setable by udhcpd.
#siaddr 192.168.0.22 #default: 0.0.0.0
#sname zorak #default: (none)
#boot_file /var/nfs_root #default: (none)
# The remainer of options are DHCP options and can be specifed with the
# keyword 'opt' or 'option'. If an option can take multiple items, such
# as the dns option, they can be listed on the same line, or multiple
# lines. The only option with a default is 'lease'.
#Examles
opt dns 192.168.10.2 192.168.10.10
option subnet 255.255.255.0
opt router 192.168.10.2
opt wins 192.168.10.10
option dns 129.219.13.81 # appened to above DNS servers for a total of 3
option domain local
option lease 864000 # 10 days of seconds
# Currently supported options, for more info, see options.c
#subnet
#timezone
#router
#timesvr
#namesvr
#dns
#logsvr
#cookiesvr
#lprsvr
#bootsize
#domain
#swapsvr
#rootpath
#ipttl
#mtu
#broadcast
#wins
#lease
#ntpsrv
#tftp
#bootfile
etc/bootrc-extra-udhcpd 0100775 0025617 0025617 00000000162 07542326232 013610 0 ustar jkm jkm #!/bin/sh
if [ -x /bin/udhcpd ]; then
touch /var/etc/udhcpd.leases
/bin/udhcpd /flash/etc/udhcp/udhcpd.conf
fi
override_etc/ 0040775 0025617 0025617 00000000000 07550506117 011710 5 ustar jkm jkm override_etc/bootrc 0100775 0025617 0025617 00000002045 07540565543 013133 0 ustar jkm jkm #!/bin/sh
if [ -d /dev/tts ]; then
ln -s /dev/tts/0 /dev/ttyS0
ln -s /dev/tts/2 /dev/ttyS2
ln -s /dev/tts/3 /dev/ttyS3
ln -s /dev/misc/sipoflash /dev/flash
ln -s /dev/misc/sipoled /dev/led
ln -s /dev/misc/sipowdt /dev/wdt
ln -s /dev/misc/siponvram /dev/nvram
fi
exec >/dev/ttyS2 2>&1
cat /etc/sw.ver
echo "=120000" > /dev/led
echo disabled > /dev/wdt
mount /proc
mount /var
mkdir /var/tmp
mkdir /var/dev
mkdir /var/etc
mkdir /var/run
touch /var/etc/mtab
cat /proc/mtd | grep mtd0 >/dev/null
if [ $? ]; then
mount /flash
fi
# rename Ethernet interfaces
HWVER=`grep "hw ver " /proc/sipo/bd | sed "s/hw ver *= *//"`
case "$HWVER" in
5 | 6)
ip link set dev eth0 name private
ip link set dev eth1 name public
;;
*)
ip link set dev eth0 name dmz
ip link set dev eth1 name public
ip link set dev eth2 name private
;;
esac
echo "=170000" > /dev/led
if [ -x /flash/etc/bootrc ]; then
/flash/etc/bootrc
fi
echo "=110000" > /dev/led
if [ -d /flash/override_etc ]; then
mount -o bind /flash/override_etc /etc
fi
exit 0
override_etc/fstab 0100664 0025617 0025617 00000000154 07540565543 012736 0 ustar jkm jkm none /proc proc defaults 0 0
none /var tmpfs defaults 0 0
/dev/mtdblock/0 /flash jffs2 defaults 0 0
override_etc/group 0100664 0025617 0025617 00000000145 07540565543 012773 0 ustar jkm jkm root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
mem:x:8:
kmem:x:9:
nogroup:x:99:
override_etc/host.conf 0100664 0025617 0025617 00000000032 07540565543 013533 0 ustar jkm jkm order hosts,bind
multi on
override_etc/hosts 0100664 0025617 0025617 00000000052 07540565543 012774 0 ustar jkm jkm 127.0.0.1 localhost.localdomain localhost
override_etc/inittab 0100644 0025617 0025617 00000000363 07546770101 013263 0 ustar jkm jkm # Sipo inittab for busybox, no runlevels
::sysinit:/etc/bootrc
# Edit the following line to enable shell on debug port
::askfirst:/bin/select-login
# Edit the following line to enable shell on console port
tts/2::askfirst:/bin/select-login
override_etc/localtime 0100664 0025617 0025617 00000000070 07540565543 013605 0 ustar jkm jkm TZif UTC override_etc/nsswitch.conf 0100664 0025617 0025617 00000003113 07540565543 014423 0 ustar jkm jkm #
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files
shadow: files
group: files
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
automount: files
aliases: files
override_etc/passwd 0100664 0025617 0025617 00000000176 07540565543 013144 0 ustar jkm jkm root::0:0:root:/flash:/bin/sh
bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin:
adm:x:3:4:adm:/var/adm:
nobody:x:99:99:Nobody:/:
override_etc/profile 0100775 0025617 0025617 00000000164 07540565543 013303 0 ustar jkm jkm TERM=vt100
export TERM
PS1='> '
PATH=$PATH:/flash/bin
if [ -r /flash/etc/profile ]; then
. /flash/etc/profile
fi
override_etc/protocols 0100664 0025617 0025617 00000003033 07540565543 013662 0 ustar jkm jkm # /etc/protocols:
# $Id: protocols,v 1.1 2002/09/14 07:55:15 jkm Exp $
#
# Internet (IP) protocols
#
# from: @(#)protocols 5.1 (Berkeley) 4/17/89
#
# Updated for NetBSD based on RFC 1340, Assigned Numbers (July 1992).
ip 0 IP # internet protocol, pseudo protocol number
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # Internet Group Management
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
egp 8 EGP # exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # user datagram protocol
hmp 20 HMP # host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4
xtp 36 XTP # Xpress Tranfer Protocol
ddp 37 DDP # Datagram Delivery Protocol
idpr-cmtp 39 IDPR-CMTP # IDPR Control Message Transport
ipv6 41 IPv6 # IPv6
ipv6-route 43 IPv6-Route # Routing Header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6
ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
rspf 73 RSPF #Radio Shortest Path First.
vmtp 81 VMTP # Versatile Message Transport
ospf 89 OSPFIGP # Open Shortest Path First IGP
ipip 94 IPIP # Yet Another IP encapsulation
encap 98 ENCAP # Yet Another IP encapsulation
override_etc/services 0100664 0025617 0025617 00000026121 07540565543 013464 0 ustar jkm jkm # /etc/services:
# $Id: services,v 1.1 2002/09/14 07:55:15 jkm Exp $
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
# Updated from RFC 1700, ``Assigned Numbers'' (October 1994). Not all ports
# are included, only the more common ones.
tcpmux 1/tcp # TCP port service multiplexer
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp
qotd 17/tcp quote
msp 18/tcp # message send protocol
msp 18/udp # message send protocol
chargen 19/tcp ttytst source
chargen 19/udp ttytst source
ftp-data 20/tcp
ftp 21/tcp
fsp 21/udp fspd
ssh 22/tcp # SSH Remote Login Protocol
ssh 22/udp # SSH Remote Login Protocol
telnet 23/tcp
# 24 - private
smtp 25/tcp mail
# 26 - unassigned
time 37/tcp timserver
time 37/udp timserver
rlp 39/udp resource # resource location
nameserver 42/tcp name # IEN 116
whois 43/tcp nicname
re-mail-ck 50/tcp # Remote Mail Checking Protocol
re-mail-ck 50/udp # Remote Mail Checking Protocol
domain 53/tcp nameserver # name-domain server
domain 53/udp nameserver
mtp 57/tcp # deprecated
bootps 67/tcp # BOOTP server
bootps 67/udp
bootpc 68/tcp # BOOTP client
bootpc 68/udp
tftp 69/udp
gopher 70/tcp # Internet Gopher
gopher 70/udp
rje 77/tcp netrjs
finger 79/tcp
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
link 87/tcp ttylink
kerberos 88/tcp kerberos5 krb5 # Kerberos v5
kerberos 88/udp kerberos5 krb5 # Kerberos v5
supdup 95/tcp
# 100 - reserved
hostnames 101/tcp hostname # usually from sri-nic
iso-tsap 102/tcp tsap # part of ISODE.
csnet-ns 105/tcp cso-ns # also used by CSO name server
csnet-ns 105/udp cso-ns
# unfortunately the poppassd (Eudora) uses a port which has already
# been assigned to a different service. We list the poppassd as an
# alias here. This should work for programs asking for this service.
# (due to a bug in inetd the 3com-tsmux line is disabled)
#3com-tsmux 106/tcp poppassd
#3com-tsmux 106/udp poppassd
rtelnet 107/tcp # Remote Telnet
rtelnet 107/udp
pop2 109/tcp pop-2 postoffice # POP version 2
pop2 109/udp pop-2
pop3 110/tcp pop-3 # POP version 3
pop3 110/udp pop-3
sunrpc 111/tcp portmapper # RPC 4.0 portmapper TCP
sunrpc 111/udp portmapper # RPC 4.0 portmapper UDP
auth 113/tcp authentication tap ident
sftp 115/tcp
uucp-path 117/tcp
nntp 119/tcp readnews untp # USENET News Transfer Protocol
ntp 123/tcp
ntp 123/udp # Network Time Protocol
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
imap2 143/tcp imap # Interim Mail Access Proto v2
imap2 143/udp imap
snmp 161/udp # Simple Net Mgmt Proto
snmp-trap 162/udp snmptrap # Traps for SNMP
cmip-man 163/tcp # ISO mgmt over IP (CMOT)
cmip-man 163/udp
cmip-agent 164/tcp
cmip-agent 164/udp
xdmcp 177/tcp # X Display Mgr. Control Proto
xdmcp 177/udp
nextstep 178/tcp NeXTStep NextStep # NeXTStep window
nextstep 178/udp NeXTStep NextStep # server
bgp 179/tcp # Border Gateway Proto.
bgp 179/udp
prospero 191/tcp # Cliff Neuman's Prospero
prospero 191/udp
irc 194/tcp # Internet Relay Chat
irc 194/udp
smux 199/tcp # SNMP Unix Multiplexer
smux 199/udp
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # The Quick Mail Transfer Protocol
qmtp 209/udp # The Quick Mail Transfer Protocol
z3950 210/tcp wais # NISO Z39.50 database
z3950 210/udp wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
codaauth2 370/tcp
codaauth2 370/udp # Coda authentication server
ulistserv 372/tcp # UNIX Listserv
ulistserv 372/udp
ldap 389/tcp # Lightweight Directory Access Protocol
ldap 389/udp # Lightweight Directory Access Protocol
https 443/tcp # MCom
https 443/udp # MCom
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp # Simple Network Paging Protocol
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp # Simple Asynchronous File Transfer
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster # npmp-local / DQS
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd # npmp-gui / DQS
hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
route 520/udp router routed # RIP
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # uucp daemon
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp # AFP over TCP
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
#
webster 765/tcp # Network dictionary
webster 765/udp
swat 901/tcp # Samba Web Administration Tool
#
# From ``Assigned Numbers'':
#
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations. For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined. This list specifies the port used by the server process as its
#> contact port. While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.
#
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius # datametrics / old radius entry
datametrics 1645/udp old-radius # datametrics / old radius entry
sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry
radius 1812/tcp # Radius
radius 1812/udp # Radius
radacct 1813/tcp # Radius Accounting
radacct 1813/udp # Radius Accounting
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp # CVS client/server operations
venus 2430/tcp # codacon port
venus 2430/udp # Venus callback/wbc interface
venus-se 2431/tcp # tcp side effects
venus-se 2431/udp # udp sftp side effect
codasrv 2432/tcp # not used
codasrv 2432/udp # server port
codasrv-se 2433/tcp # tcp side effects
codasrv-se 2433/udp # udp sftp side effect
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
rfe 5002/tcp # Radio Free Ethernet
rfe 5002/udp # Actually uses UDP only
cfengine 5308/tcp # CFengine
cfengine 5308/udp # CFengine
bbs 7000/tcp # BBS service
#
#
# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unofficial. Sites running
# v4 should uncomment these and comment out the v5 entries above.
#
kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp
kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
krb_prop 754/tcp # Kerberos slave propagation
krbupdate 760/tcp kreg # Kerberos registration
kpasswd 761/tcp kpwd # Kerberos "passwd"
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/udp # Zephyr hostmanager
eklogin 2105/tcp # Kerberos encrypted rlogin
#
# Unofficial but necessary (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging
#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol
#
# Services added for the Debian GNU/Linux distribution
poppassd 106/tcp # Eudora
poppassd 106/udp # Eudora
mailq 174/tcp # Mailer transport queue for Zmailer
mailq 174/udp # Mailer transport queue for Zmailer
ssmtp 465/tcp # SMTP over SSL
gdomap 538/tcp # GNUstep distributed objects
gdomap 538/udp # GNUstep distributed objects
snews 563/tcp # NNTP over SSL
ssl-ldap 636/tcp # LDAP over SSL
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd # online mirror
rsync 873/tcp # rsync
rsync 873/udp # rsync
simap 993/tcp # IMAP over SSL
spop3 995/tcp # POP-3 over SSL
socks 1080/tcp # socks proxy server
socks 1080/udp # socks proxy server
rmtcfg 1236/tcp # Gracilis Packeten remote config server
xtel 1313/tcp # french minitel
support 1529/tcp # GNATS
cfinger 2003/tcp # GNU Finger
ninstall 2150/tcp # ninstall service
ninstall 2150/udp # ninstall service
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp # Afbackup system
icp 3130/tcp # Internet Cache Protocol (Squid)
icp 3130/udp # Internet Cache Protocol (Squid)
postgres 5432/tcp # POSTGRES
postgres 5432/udp # POSTGRES
fax 4557/tcp # FAX transmission service (old)
hylafax 4559/tcp # HylaFAX client-server protocol (new)
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses TCP (nocol)
ircd 6667/tcp # Internet Relay Chat
ircd 6667/udp # Internet Relay Chat
webcache 8080/tcp # WWW caching service
webcache 8080/udp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
tproxy 8081/udp # Transparent Proxy
mandelspawn 9359/udp mandelbrot # network mandelbrot
amanda 10080/udp # amanda backup services
kamanda 10081/tcp # amanda backup services (Kerberos)
kamanda 10081/udp # amanda backup services (Kerberos)
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp # isdn logging system
vboxd 20012/tcp # voice box system
vboxd 20012/udp # voice box system
binkp 24554/tcp # Binkley
binkp 24554/udp # Binkley
asp 27374/tcp # Address Search Protocol
asp 27374/udp # Address Search Protocol
tfido 60177/tcp # Ifmail
tfido 60177/udp # Ifmail
fido 60179/tcp # Ifmail
fido 60179/udp # Ifmail
# Local services
linuxconf 98/tcp
override_etc/shadow 0100664 0025617 0025617 00000000000 07540565543 013112 0 ustar jkm jkm override_etc/mtab 0120775 0025617 0025617 00000000000 07550506117 015036 2/var/etc/mtab ustar jkm jkm override_etc/resolv.conf 0120775 0025617 0025617 00000000000 07550506117 020171 2/flash/etc/resolv.conf ustar jkm jkm