[ previous ] [ next ] [ threads ]
 
 From:  Wilko Lunenburg <wilko at sassenheim dot net>
 To:  MonoWall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Customizing Monowall
 Date:  Sun, 17 Apr 2005 19:02:44 +0200 
Customizing Monowall

In this document I explain how I changed a setting in Monowall that was
not changeable from the webinterface. When I used the pptp-vpn I noticed
that every now and then the connection was dropped, this proved to be
after being idle 1800 seconds (half an hour). I wanted to change this to
a longer period (86400 seconds) but could not find out how to change it.
First I tried to find it in the FAQ and other documents, later I also
asked in the mailing list. No answer came.
But I did find the "Getting Started: m0n0wall development"  from Michael
Iedema and the "custom-m0n0wall-howto.txt" from Jean-Francois Theroux
and that last one gave me enough information. 

There were however some things that did not work in my situation as I
did not have FreeBSD 4.10 but version 5.3. It appears that somewhere
along the line vnconfig disappeared and was replaced with mdconfig. 

So here is what I did:

First I built myself a new FreeBSD 5.3 machine and downloaded the latest
Monowall generic pc image. Just as Jean-Francois Theroux I did all the
dirty work in a separate working directory.

# cd ~
# mkdir work
# cd ~/work
# mkdir image mfs

In this ~/work directory I placed the downloaded generic-pc-1.2b7.img.
This file is a gzipped image of the harddisk image with some added code
for a digital signature.  Gzip does not recognize the file as a
gzip-file so it has to be renamed to generic-pc-1.2b7.img.gz. 

# mv generic-pc-1.2b7.img generic-pc-1.2b7.img.gz
# gzip -d generic-pc-1.2b7.img.gz

Ignore the message about garbage, this is the extra signature code. We
now have the bare harddisk image that can be mounted to the image
directory

# mdconfig -a -t vnode -f generic-pc-1.2b7.img -u 10
# mount /dev/md10 image
# cd ~/work/image
# ls -la

Here you see the contents of the harddisk image, just a few files. What
I was interested in was the mfsroot.gz. This again is a gzipped
filesystem so we have to do the same with this file as we did with the
whole image. To work with it I copied it to the ~/work directory and
after decompression mounted it to the mfs directory

# cp ~/work/image/mfsroot.gz ~/work
# cd ~/work
# gzip -d mfsroot.gz
# mdconfig -a -t vnode -f mfsroot -u 11
# mount /dev/md11 mfs
# cd ~/work/mfs
# ls -la

At last, the filestructure that I wanted to see. Here I editted the
etc/inc/vpn.inc file. And then it was just a matter of putting
everything back.
# vi etc/inc/vpn.inc (or whatever you want to do)

After you are done, umount mfs and recompress it.

# cd ~/work
# umount mfs
# mdconfig -d -u 11
# gzip -9 mfsroot

The modified mfsroot.gz is now ready to be put back in the
hardisk-image.

# cp ~/work/mfsroot.gz ~/work/image

The new mfsroot.gz replaced the old one so now we are ready to umount
the harddisk image and recompress that one too.

# umount image
# mdconfig -d -u 10
# gzip -9 generic-pc-1.2b7.img
# mv generic-pc-1.2b7.img.gz generic-pc-1.2b7modified.img

Now you are ready to upload this new "firmware" to your monowall. You
will get a message that "This image is not digitally signed.", that is
correct as we did not add the signature code. After the reboot your
monowall now is running "your" adapted code.

Good Luck,

Wilko Lunenburg