LEAF/Bering Complete Example

Here's a complete example of how to set up LEAF/Bering for use as a firewall/NAT box with RoadRunner in Central Ohio.

First we discuss what LEAF/Bering firewall/NAT box needs to do and what configuration we will end up with.

Whatver is plugged into a RoadRunner cable modem must be configured as a DHCP client, so that's how the internet (RoadRunner) side of the firewall will be configured.

The local (private) side of the firewall will be set up as:

IP Address:192.168.1.254 (gateway address for other computers on local network)
Network: 192.168.1.0
Netmask: 255.255.255.0

The local side of the firewall will also be a DHCP server, assigning addresses from 192.168.1.1 to 192.168.1.199 inclusive. The addresses from 192.168.1.200 to 192.168.1.253 inclusive are available for use as static IP addresses.

The hardware was an old Compaq desktop computer with:

'486 DX2/66 CPU,
16MB of memory,
a floppy drive and
two ethernet cards.

It had no hard drives or CD-ROM drives. The network cards were a couple of SMC 8216C cards that had been handed out at COLUG meetings in the autumn of 2002 as part of the Coyote Linux firewall kits. Those ethernet cards were configured with ezsetup.exe as:

For the internet (RoadRunner cable modem) side of the firewall:

SMC LAN Adapter Setup Program -- Version 1.22 (960731) Board Type: 8216C Node Address: 0000C0123456 Current Setup I/O Base Address 320 IRQ 10 RAM Size 16 K WIN Size 16 K RAM Base Address 0CC000 Add Wait States No Network Connection AutoDetect Link Integrity Enabled ROM Size Disabled ROM Base Address Disabled

For the local (private) side of the firewall:

SMC LAN Adapter Setup Program -- Version 1.22 (960731) Board Type: 8216C Node Address: 0000C0123457 Current Setup I/O Base Address 280 IRQ 11 RAM Size 16 K WIN Size 16 K RAM Base Address 0D0000 Add Wait States No Network Connection AutoDetect Link Integrity Enabled ROM Size Disabled ROM Base Address Disabled

Now for actually doing the LEAF/Bering stuff.

Get two 3.5" floppy disks.

The first half of the work is done on a regular desktop Linux computer:

Log in as root on your regular desktop Linux box. (I used Red Had Linux 7.3.)
Put in the first floppy disk (for LEAF/Bering itself).
Execute (cut and paste are your friends, but be very very very very careful to make sure that the long lines are preserved.):

cd ~
mkdir leaf
cd leaf
wget http://unc.dl.sourceforge.net/sourceforge/leaf/Bering_1.2_img_bering-1680.bin
fdformat /dev/fd0u1680
dd if=Bering_1.2_img_bering-1680.bin of=/dev/fd0u1680

When the last command finishes (when the light on the floppy drive goes out), take out the first floppy disk.
Put in the second floppy disk (for driver and miscellaneous files).
Execute:

wget http://unc.dl.sourceforge.net/sourceforge/leaf/Bering_1.2_modules_2.4.20.tar.gz
tar xvzf Bering_1.2_modules_2.4.20.tar.gz
cp -p 2.4.20/kernel/drivers/net/8390.o .
cp -p 2.4.20/kernel/drivers/net/smc-ultra.o .
tar cvzf drivers.tgz 8390.o smc-ultra.o
echo "8390" >modules
echo "smc-ultra io=0x320,0x280 irq=10,11" >>modules
wget http://firewall.colug.net/syslinux.cfg
echo "b" >lrcfg.in
echo "5" >>lrcfg.in      # echo the character five
echo "y" >>lrcfg.in
echo "q" >>lrcfg.in
echo "q" >>lrcfg.in
fdformat /dev/fd0u1680
mkfs.vfat /dev/fd0u1680
mount -t vfat /dev/fd0u1680 /mnt/floppy
cp -p drivers.tgz modules syslinux.cfg lrcfg.in /mnt/floppy
umount /dev/fd0u1680

When the last command finishes (when the light on the floppy drive goes out), take out the second floppy disk.

You are done with the desktop computer.

The rest of the work will be done on the LEAF/Bering computer:

Put in the first floppy disk.
Turn on the LEAF/Bering computer and boot the first floppy disk.
Log in as root.
Take out the first floppy disk.
Put in the second floppy disk.
Execute:

q
mount -t msdos /dev/fd0u1680 /mnt
cd /lib/modules
rm ppp*.o slhc.o n_hdlc.o
rm 8390.o eepro100.o ne*.o
tar xvzf /mnt/drivers.tgz
cat /mnt/modules >>/etc/modules
cp -p /mnt/syslinux.cfg /mnt/lrcfg.in /tmp
umount /dev/fd0u1680

Take out the second floppy disk.
Put in the first floppy disk.
Execute:

mount -t msdos /dev/fd0u1680 /mnt
cd /mnt
rm bridge.lrp keyboard.lrp ppp*.lrp weblet.lrp
cat /tmp/syslinux.cfg >/mnt/syslinux.cfg
cd
umount /dev/fd0u1680
lrcfg </tmp/lrcfg.in

When the last command finishes (when the light on the floppy drive goes out), take out the first floppy disk.
Write protect the first floppy disk.
Put the first floppy disk back in.
Plug the ethernet cables into the firewall:

An ethernet cable goes directly from the RoadRunner cable modem, to the ethernet card that is for the internet.
An ethernet cable goes from the hub of the local (private) network, to the ethernet card that is for the local network.

Reset the cable modem.
Execute the following command:

reboot

You should now have a running firewall.

Now you need to know how to use it. Connect each computer behind the firewall into the hub for the local (private) network, with an ethernet cable. You configure each computer behind the firewall as a DHCP client and reboot it. In Windows-land, you configure a network card as a DHCP client, by choosing something like "Automatically obtain IP address". This is what Windows computers default to.

An image of the completed floppy is here: leafbering_rr_example.bin.
Its MD5SUM is:

0bfe741097383c1185b639a466954184  leafbering_rr_example.bin

back to more general LEAF/Bering page

"Adventure is a sign of incompetence" Vilhjalmur Stefanson

Last modified 2003-05-23