diff options
author | Harald Welte <laforge@gnumonks.org> | 2017-09-05 22:24:45 +0200 |
---|---|---|
committer | Harald Welte <laforge@gnumonks.org> | 2017-09-06 09:17:15 +0200 |
commit | ce316f4962f14a48aa06df2d250f23e0ce23fc3a (patch) | |
tree | c672908f6791178b27e1b06ae83a0ee402ce4dbd /doc | |
parent | 59ffc89d42be8458557592c79a4e9e5eb3a0b37d (diff) |
Move examples to doc/examples and include them in DIST
Change-Id: I0846e21ac63774939934ab629c6d7212269be9a6
Diffstat (limited to 'doc')
-rw-r--r-- | doc/Makefile.am | 5 | ||||
-rw-r--r-- | doc/examples/Makefile.am | 22 | ||||
-rwxr-xr-x | doc/examples/firewall | 48 | ||||
-rw-r--r-- | doc/examples/osmo-ggsn.cfg | 71 | ||||
-rw-r--r-- | doc/examples/sgsnemu.conf | 131 |
5 files changed, 275 insertions, 2 deletions
diff --git a/doc/Makefile.am b/doc/Makefile.am index 7e2246c..46c634e 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -2,5 +2,6 @@ man_MANS = osmo-ggsn.8 sgsnemu.8 man_aux = $(man_MANS:.1=.x) EXTRA_DIST = $(man_MANS) - - +SUBDIRS = \ + examples \ + $(NULL) diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am new file mode 100644 index 0000000..530c3fa --- /dev/null +++ b/doc/examples/Makefile.am @@ -0,0 +1,22 @@ +CFG_FILES = find $(srcdir) -name '*.cfg*' | sed -e 's,^$(srcdir),,' + +dist-hook: + for f in $$($(CFG_FILES)); do \ + j="$(distdir)/$$f" && \ + mkdir -p "$$(dirname $$j)" && \ + $(INSTALL_DATA) $(srcdir)/$$f $$j; \ + done + +install-data-hook: + for f in $$($(CFG_FILES)); do \ + j="$(DESTDIR)$(docdir)/examples/$$f" && \ + mkdir -p "$$(dirname $$j)" && \ + $(INSTALL_DATA) $(srcdir)/$$f $$j; \ + done + +uninstall-hook: + @$(PRE_UNINSTALL) + for f in $$($(CFG_FILES)); do \ + j="$(DESTDIR)$(docdir)/examples/$$f" && \ + $(RM) $$j; \ + done diff --git a/doc/examples/firewall b/doc/examples/firewall new file mode 100755 index 0000000..fce735a --- /dev/null +++ b/doc/examples/firewall @@ -0,0 +1,48 @@ +#!/bin/sh +# +# Firewall script for GGSN +# +# Uses $IFGN (eth0) as the Gn interface (Gn) and +# $IFGI (eth1) as the Gi interface. +# +# SUMMARY +# * All connections originating from GGSN are allowed. +# * Incoming ssh, GTPv0 and GTPv1 is allowed on the Gn interface. +# * Incoming ssh is allowed on the Gi interface. +# * Forwarding is allowed to and from the Gi interface, but disallowed +# to and from the Gn interface. +# * Masquerede on Gi interface. + +IPTABLES="/sbin/iptables" +IFGN="eth0" +IFGI="eth1" + +$IPTABLES -P INPUT DROP +$IPTABLES -P FORWARD ACCEPT +$IPTABLES -P OUTPUT ACCEPT + +#Allow related and established on all interfaces (input) +$IPTABLES -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +#Allow releated, established, GTP and ssh on $IFGN. Reject everything else. +$IPTABLES -A INPUT -i $IFGN -p tcp -m tcp --dport 22 --syn -j ACCEPT +$IPTABLES -A INPUT -i $IFGN -p udp -m udp --dport 2123 -j ACCEPT +$IPTABLES -A INPUT -i $IFGN -p udp -m udp --dport 2152 -j ACCEPT +$IPTABLES -A INPUT -i $IFGN -p udp -m udp --dport 3386 -j ACCEPT +$IPTABLES -A INPUT -i $IFGN -j REJECT + +#Allow related, established and ssh. Drop everything else. +$IPTABLES -A INPUT -i $IFGI -p tcp -m tcp --dport 22 --syn -j ACCEPT +$IPTABLES -A INPUT -i $IFGI -j DROP + +# Masquerade everything going out on $IFGI +$IPTABLES -t nat -A POSTROUTING -o $IFGI -j MASQUERADE + +#Allow everything on loopback interface. +$IPTABLES -A INPUT -i lo -j ACCEPT + +# Drop everything to and from $IFGN (forward) +$IPTABLES -A FORWARD -i $IFGN -j DROP +$IPTABLES -A FORWARD -o $IFGN -j DROP + + diff --git a/doc/examples/osmo-ggsn.cfg b/doc/examples/osmo-ggsn.cfg new file mode 100644 index 0000000..763e561 --- /dev/null +++ b/doc/examples/osmo-ggsn.cfg @@ -0,0 +1,71 @@ +! +! OpenGGSN (0.94.1-adac) configuration saved from vty +!! +! +log stderr + logging filter all 1 + logging color 1 + logging print category 0 + logging timestamp 0 + logging level ip info + logging level tun info + logging level ggsn info + logging level sgsn notice + logging level icmp6 notice + logging level lglobal notice + logging level llapd notice + logging level linp notice + logging level lmux notice + logging level lmi notice + logging level lmib notice + logging level lsms notice + logging level lctrl notice + logging level lgtp info + logging level lstats notice + logging level lgsup notice + logging level loap notice + logging level lss7 notice + logging level lsccp notice + logging level lsua notice + logging level lm3ua notice + logging level lmgcp notice +! +stats interval 5 +! +line vty + no login +! +ggsn ggsn0 + gtp state-dir /tmp + gtp bind-ip 127.0.0.6 + apn internet + gtpu-mode tun + tun-device tun4 + type-support v4 + ip prefix dynamic 176.16.222.0/24 + ip dns 0 192.168.100.1 + ip dns 1 8.8.8.8 + ip ifconfig 176.16.222.0/24 + no shutdown + apn inet6 + gtpu-mode tun + tun-device tun6 + type-support v6 + ipv6 prefix dynamic 2001:780:44:2000:0:0:0:0/56 + ipv6 dns 0 2001:4860:4860::8888 + ipv6 ifconfig 2001:780:44:2000:0:0:0:0/56 + no shutdown + apn inet46 + gtpu-mode tun + tun-device tun46 + type-support v4v6 + ip prefix dynamic 176.16.46.0/24 + ip dns 0 192.168.100.1 + ip dns 1 8.8.8.8 + ip ifconfig 176.16.46.0/24 + ipv6 prefix dynamic 2001:780:44:2100:0:0:0:0/56 + ipv6 dns 0 2001:4860:4860::8888 + ipv6 ifconfig 2001:780:44:2100:0:0:0:0/56 + no shutdown + default-apn internet + no shutdown ggsn diff --git a/doc/examples/sgsnemu.conf b/doc/examples/sgsnemu.conf new file mode 100644 index 0000000..43b2458 --- /dev/null +++ b/doc/examples/sgsnemu.conf @@ -0,0 +1,131 @@ +############################################################################## +# +# Sample sgsnemu configuration file +# +############################################################################## + +# TAG: debug +# Include this flag to include debug information. +#debug + + +# TAG: conf +# Configuration file to use. This file is the configuration file, +# so changing this parameter in the configuration file does not make +# sense. Use it on the command line instead. + +# TAG: pidfile +# File to store information about the pricess id of the program. +# The program must have write access to this file/directory. +#pidfile ./sgsnemu.pid + +# TAG: statedir +# Directory to use for nonvolatile storage. +# The program must have write access to this directory. +#statedir ./ + + +# TAG: dns +# DNS server to use for ns lookups. +# If this tag is not set the system default DNS will be used. +#dns 10.1.2.3 + +# TAG: listen +# Specifies the local IP address to listen to +#listen 10.0.0.217 + +# TAG: remote +# Specifies the remote IP address to connect to +# If DNS is setup correctly it should be possible to specify the +# access point name (APN) as the remote address. +#remote 10.0.0.240 + + +# TAG: contexts +# Number of contexts to establish from the emulator to the ggsn. +# Set this tag to zero to not establish any contexts. +#contexts 1 + +# TAG: timelimit +# Disconnect contexts after timelimit seconds, and exit the program. +# Setting timelimit to zero will cause the program not to disconnect. +#timelimit 0 + + +# TAG: apn +# Access point name to connect to when run in client mode. +#apn internet + +# TAG: selmode +# Selection mode to use when connecting to GGSN. +#selmode 0x01 + +# TAG: imsi +# IMSI number used when run in client mode. +#imsi 2400101234567890 + +# TAG: msisdn +# MSISDN number used when run in client mode. +#msisdn 46702123456 + +# TAG: qos +# Requested Quality of Service used when run in client mode. +# 3 bytes corresponding to ???? +#qos 0x0b921f + +# TAG: uid +# User ID used when run in client mode. +#uid mig + +# TAG: pwd +# Password used when run in client mode. +#pwd hemlig + + +# TAG: createif +# Use this flag if you want to set up a local network interface after +# a PDP context has been established. +#createif + +# TAG: defaultroute +# Use this flag if you want to add a default route after a network interface +# had been established. +#defaultroute + +# TAG: ipup +# Script executed after network interface has been brought up. +# Executed with the following parameters: <devicename> <ip address> +#ipup /etc/sgsnemu/ip-up + +# TAG: ipdown +# Script executed after network interface has been taken down. +# Executed with the following parameters: <devicename> <ip address> +#ipdown /etc/sgsnemu/ip-down + + +# TAG: pinghost +# Ping a remote host through a PDP context by using ICMP echo messages. +# If more than one PDP context has been established the ICMP messages will +# be distributed between all available contexts. +#pinghost 192.168.0.0 + +# TAG: pingrate +# Number of ping messages to send off each second. +#pingrate 1 + +# TAG: pingsize +# Size of ICMP echo message payload. Add 28 to get the full IP packet size. +#pingsize 56 + +# TAG: pingcount +# Number of ping messages to send off. +#pingcount 0 + +# TAG: pingquiet +# Do not print ping packet info. +#pingquiet + + + + + |