This section deals with properly compiling all the third-party software packages that are used in some way in m0n0wall. Where useful, the FreeBSD ports system is used (especially if a package requires FreeBSD-relevant patches). For some packages, the standard "./configure && make && make install" procedure can be used; others need a few extra configure options to produce a small binary, while still others need patches to work properly on m0n0wall.
Install autoconf213 from the FreeBSD ports collection and create some links so that PHP's buildconf scripts find autoconf:
cd /usr/ports/devel/autoconf213 make install clean ln -s /usr/local/bin/autoconf213 /usr/local/bin/autoconf ln -s /usr/local/bin/autoheader213 /usr/local/bin/autoheader
Download the latest version of PHP 4.4 from http://www.php.net and decompress as
usual. Download the RADIUS PECL extension from http://m0n0.ch/wall/downloads/freebsd-4.11/radius-1.2.5.tgz.
Unpack it in php-4.4.x/ext and rename the resulting
directory (whose name includes the version number) to
'radius'. Go back into the php-4.4.x directory
and build/install as follows:
rm configure ./buildconf --force ./configure --without-mysql --with-pear --with-openssl --enable-discard-path --enable-radius --enable-sockets --enable-bcmath make install -s sapi/cgi/php $MWROOT/usr/local/bin
Put the following in
$MWROOT/usr/local/lib/php.ini:
magic_quotes_gpc = Off
magic_quotes_runtime = Off
max_execution_time = 0
max_input_time = 180
register_argc_argv = Off
file_uploads = On
upload_tmp_dir = /ftmp
upload_max_filesize = 8M
post_max_size = 10M
html_errors = Off
include_path = ".:/etc/inc:/usr/local/www:/usr/local/captiveportal"
Download mini_httpd 1.19 from http://www.acme.com/software/mini_httpd/mini_httpd-1.19.tar.gz and extract. A custom patch needs to be applied that:
adds a limit to the number of concurrent connections to prevent DoS attacks (since mini_httpd is a forking web server), and since m0n0wall 1.21: an optional per-client-IP-address limit
adds captive portal mode support (including httpd support for the file manager since m0n0wall 1.21)
sets SCRIPT_FILENAME (for php)
fixes a bug where mini_httpd would exit if a TCP connection was closed before mini_httpd had a chance to handle it (ECONNABORTED)
adds "index.php" to the list of index file names
makes the error pages much more plain
doesn't add a Server: header
patches the Makefile to build mini_httpd with SSL support
Apply the patch, compile and install as follows:
patch < $MWPATCHDIR/packages/mini_httpd.patch make install -s mini_httpd $MWROOT/usr/local/sbin
The FreeBSD ports system will be used to compile these.
cd /usr/ports/net/isc-dhcp3-server make
Don't choose any options in the dialog box (i.e. deselect them all). When it's compiled, install as follows:
install -s work/dhcp-*/work.freebsd/server/dhcpd $MWROOT/usr/local/sbin
This requires GNU getopt, so it's easier to use the port:
cd /usr/ports/dns/dnsmasq make install -s work/dnsmasq-*/src/dnsmasq $MWROOT/usr/local/sbin
Get the latest version of wol from http://sourceforge.net/project/showfiles.php?group_id=8895. Extract, then compile and install as follows:
./configure --disable-nls make install -s src/wol $MWROOT/usr/local/bin
Get ez-ipupdate 3.0.11b8 from http://dyn.pl/client/UNIX/ez-ipupdate/ez-ipupdate-3.0.11b8.tar.gz. A patch needs to be applied that:
fixes interface IP address determination under FreeBSD
writes out the cache file before running the post-update command (instead of after) so that the command can use the information from the cache file
fixes a security issue (syslog() call)
patch < $MWPATCHDIR/packages/ez-ipupdate.c.patch ./configure make install -s ez-ipupdate $MWROOT/usr/local/bin
Get the latest source code version of bpalogin from http://bpalogin.sourceforge.net/index.php?page=download#source. Extract, then compile and install as follows:
./configure make install -s bpalogin $MWROOT/usr/local/sbin
Install MPD 3.x using the ports system:
cd /usr/ports/net/mpd make install -s work/mpd-*/src/mpd $MWROOT/usr/local/sbin
Get the latest release version of OpenVPN from http://openvpn.net/download.html. Extract, then compile and install as follows:
setenv CFLAGS "-DLOG_OPENVPN=LOG_LOCAL6 -O2" ./configure --disable-lzo --disable-plugins --disable-management --disable-socks --disable-http --disable-debug make install -s openvpn $MWROOT/usr/local/sbin
As of version 1.21, m0n0wall uses the ipsec-tools version of racoon, as the KAME racoon version isn't being developed anymore and has been removed from the FreeBSD ports tree.
Install racoon from ipsec-tools using the ports system:
cd /usr/ports/security/ipsec-tools
Edit CONFIGURE_ARGS in the
Makefile:
remove the --enable-debug and
--enable-ipv6 options (saves space)
add the --without-readline option (removes the
dependency on libreadline)
make install -s work/ipsec-tools-*/src/racoon/.libs/racoon $MWROOT/usr/local/sbin install -s work/ipsec-tools-*/src/libipsec/.libs/libipsec.so.0 $MWROOT/usr/local/lib
Get ucd-snmp 4.2.x (not net-snmp as it's much bigger) from http://sourceforge.net/project/showfiles.php?group_id=12694. Extract, then compile and install as follows:
./configure --without-openssl --disable-debugging --enable-static \ --enable-mini-agent --disable-privacy --disable-testing-code \ --disable-shared-version --disable-shared --disable-ipv6 \ '--with-out-transports=TCP Unix' \ '--with-mib-modules=mibII/interfaces mibII/var_route ucd-snmp/vmstat_freebsd2'
Just press enter at all questions.
make install -s agent/snmpd $MWROOT/usr/local/sbin