Second ramdisk image

The ramdisk image we are building here, will be based on the image build untill now. Now we are going to add routing functionality.

First of all, we need something to route to, which will be internet for most of the time. So we need pppd on the image. Copy the pppd executable to /usr/sbin on your image. Pppd also needs an additional library from the standard C libraries, which is libcrypt.so.1, so copy that info /lib of you image.
Now pppd needs some configuration, which must be in /etc/ppp. Here you need a options file, which controls some general options, a pap-secrets, chap-secrets or whatever you use, and a directory peers. In the peers directory you can make a file with configuration for your connection, which you will use by typing pppd call [filename].
Pppd also requires three additional devices: null, ppp and ptmx. Well, it's not realy fair to say pppd requires ptmx, because it's part of the pty system, and i forgot it in the previous part.
Create the devices in /dev with: This will make pppd happy, but it won't make me happy, because i need pptp to dail-in to my internet account.
That's why we build pptp, and copy that also into the /usr/sbin directory. With ldd you can see it requires libutil.so.1, so copy that to the /lib directory.

The last thing we need before we can test the image, will be iptables. Copy the tools of your choice (iptables and ip6tables in my case) to /usr/sbin. Now create the directory /usr/lib/itpables and put all the *.so files from the extentions directory in the build directory of iptables to /usr/lib/iptables.

Now it's time to test some things. Unmount the image and reboot your machine to the image.
On the bash prompt, let pppd build you connection. In my case i type pppd call adsl, don't forget to let bash background the process, else you won't get your prompt back. It that worked, use an other internet connection to ping to your public address. If that works, you connection is alive !
Now it's time to try routing. Build an iptables rule like this:
iptables -t nat -A POSTROUTING -j MASQUERADE
This will NAT every packet through your router. Now get a second computer and configure it to route to the computer running our ramdisk image. On this computer, configure at least one DNS provided by your provider.
Now before you can start testing, you must enable ip forwarding. Do that with:
echo 1 > /proc/sys/net/ipv4/ip_forward
Now try to use the internet from the second PC. Try some pinging, surfing, name resolving. It should all work.

Now the next thing we should do, is automate this. So we need to create some additional bootscripts.
Let's start with the firewall, because it's saver to build your firewall first, and then turn on routing, and last but not least make the internet connection.
So the first will be the firewall. I'm not here to tell you how to build a firewall, but there are many tools for that. For now, i will create this script, and call it /etc/init.d/rc3.d/10_firewall:
#!/bin/sh

echo Building firewall ...

iptables -A INPUT -i ppp0 -j DROP
iptables -t nat -A POSTROUTING -s 172.16.21.0/24 -j SNAT --to [my pubilc IP]

Now, we can start IP Forwarding. I call this 15_start_forward:
#!/bin/sh

echo Starting IP Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

Now, last but not least, we should start the dial-in connection. I call this 20_start_ppp:
#!/bin/sh

echo Starting ADSL link ...

pppd call adsl &

Now lets give booting a try !

For me, this worked ! I can use internet from every well-configured PC in my home network. Before i go on, i like to change a few things: I think i will first make the keep-up script. I will use the ps command to check if pppd is still running. If that's not the case: start it again !
I use this script for now, and i will call it /etc/init.d/keepup.sh:
#!/bin/sh
 
pppd call adsl &
touch /var/run/keepup
 
while true
do
 sleep 15
 if [ -e /var/run/keepup ]
 then
  CHECK=`ps -ef | grep "pppd call adsl" | grep -v grep`
  if [ -z "$CHECK" ]
  then
   pppd call adsl &
  fi
 fi
done
Ofcourse the script also needs to know when to stop. That's why i made the construction with the /var/run/keepup file. Now i can control with that file if the scripts will recover a broken connection.
Now i need to change the /etc/init.d/rc3.d/20_start_ppp to use the keep-up script. Just change you pppd call line to /etc/init.d/keepup.sh.

For the shutdown, which i want to do with the well-know three-key combination, i have to alter the inittab.
In the inittab add a line:
ca::ctrlaltdel:init 0
This will trigger init to switch to runlevel 0 (shutdown) when CTRL-ALT-Delete is pressed.
Now we need to tell init what to do to switch to runlevel 0:
l0:0:wait:/etc/init.d/rc 0

Last but not least, we need to make a script that stops the ppp connection. To do that, i will remove the /var/run/keepup file, and kill the pptp processes.
This script will be my /etc/init.d/rc0.d/00_stop_ppp (Yes, i really mean rc0.d):
#!/bin/sh
 
echo Stopping ADSL connection ...
 
rm /var/run/keepup
 
kill `ps -ef | grep pptp | awk '{ print $1 }'`

Now lets boot and see if al the scripts do what they are supposed to do.

For me, not everything was ok ... in the stop_ppp script i used awk, which is not available on the image. Because i will use it in other scripts also, this will be the next thing to add.

From now on, this image will be my base system. Any programs added to it will be added immediately. That will be described on the program's page.

Back