OS X から YAMAHA RTX1100 設定

  • 4
    Like
  • 0
    Comment
More than 1 year has passed since last update.

枕元に転がってた中古のRTX1100@約4000円で遊んだ。

シリアルコンソールなんてもってないので、
手元にあったUSB-LANアダプタで頑張った。

RTX1100のIP設定

RARPでIPv4アドレスを設定する場合

以下を仮定。

  • RTX1100に設定するIPアドレス: 192.168.11.10/24
  • RTX1100の底面に書いてあるMACアドレス: xx:xx:xx:xx:xx:xx
  • USB-LANアダプタに設定するIPアドレス: 192.168.11.11/24
  • USB-LANのインタフェース名: en3
  1. MacとRTX1100(LAN1)を接続
  2. OS Xのネットワーク環境設定画面でUSB-LANアダプタの設定変更
    • (例)IPv4設定:手入力、IPアドレス:192.168.11.11、サブネットマスク:255.255.255.0
  3. # ln -s /private/tftpboot/ /tftpboot
  4. RTX1100に設定するIPアドレスの16進数表記を調べる
  5. ↑の16進数表記IPをもとに、ディレクトリorファイルを/tftpboot内に作成:# mkdir -p /tftpboot/C0A80B0A`
    • これやらないとrarpdでIP設定できない
  6. # echo xx:xx:xx:xx:xx:xx rtx1100 >> /etc/ethers
  7. # echo "192.168.11.10 rtx1100" >> /etc/hosts
  8. RTX1100を起動する
  9. # rarpd -d en3
  10. RTX1100を再起動する
    • ターミナルにrarpd: got a packetが一回だけ出たらIP設定完了
  11. # telnet 192.168.11.10

IPv6アドレスを用いる場合

以下を仮定。

  • USB-LANのインタフェース名: en3
  1. MacとRTX1100(LAN1)を接続
  2. # ping6 -I en3 ff02::2
  3. (応答があったアドレスがRTX1100のIPv6アドレスなはずなので、そこにtelnet)

設定書き込み

無駄にL2TP/IPsecを有効化した。ほぼ YAMAHAサイト記載の設定 コピペ。

# RTX1100 Rev.8.03.94 

# If you want to clear ALL configuration to default,
#  remove `#' of next line.

clear configuration


#
# System configuration
#

administrator password encrypted {{encrypted_password}}
security class 2 off off
timezone +09:00
console character ascii
login timer 600

#
# IP configuration
#

ip route default gateway pp 1
ip filter source-route on
ip filter directed-broadcast on

#
# IPv6 configuration
#


#
# LAN configuration
#

ip lan1 address 192.168.1.1/24
ip lan1 proxyarp on

#
# ISDN configuration
#


### BRI 1 ###


#
# PP configuration
#

pp disable all

### PP 1 ###
# インターネッツ
pp select 1
 pp always-on on
 pppoe use lan2
 pp auth accept pap chap
 pp auth myname {{username}} {{password}}
 ppp lcp mru on 1454
 ppp ipcp ipaddress on
 ppp ipcp msext on
 ip pp mtu 1454
 ip pp secure filter in 1020 1030 1040 1041 1042 1043 2000
 ip pp secure filter out 1010 1011 1012 1013 1014 1015 3000 dynamic 100 101 102 103 104 105 106
 ip pp intrusion detection in on reject=on
 ip pp intrusion detection out on reject=on
 ip pp nat descriptor 1
 pp enable 1

### PP anonymous ###
# L2TPトンネル
pp select anonymous
 pp bind tunnel1
 pp auth request chap-pap
 pp auth username {{username}} {{password}}
 ppp ipcp ipaddress on
 ppp ipcp msext on
 ip pp remote address pool dhcp
 ip pp mtu 1258
 pp enable anonymous

#
# TUNNEL configuration
#

no tunnel enable all

### TUNNEL 1 ###

tunnel select 1
 tunnel encapsulation l2tp
 ipsec tunnel 1
  ipsec sa policy 1 1 esp aes-cbc sha-hmac
  ipsec ike keepalive use 1 off
  ipsec ike local address 1 192.168.1.1
  ipsec ike nat-traversal 1 on
  ipsec ike pre-shared-key 1 text {{pre-shared-key}}
  ipsec ike remote address 1 any
 l2tp tunnel disconnect time off
 l2tp keepalive use on 10 3
 l2tp keepalive log on
 l2tp syslog on
 ip tunnel tcp mss limit auto
 tunnel enable 1

#
# LOOPBACK/NULL configuration
#


#
# IP filter configuration
#

ip filter 1010 reject * * udp,tcp 135 *
ip filter 1011 reject * * udp,tcp * 135
ip filter 1012 reject * * udp,tcp netbios_ns-netbios_ssn *
ip filter 1013 reject * * udp,tcp * netbios_ns-netbios_ssn
ip filter 1014 reject * * udp,tcp 445 *
ip filter 1015 reject * * udp,tcp * 445
ip filter 1020 reject 192.168.1.0/24 *
ip filter 1030 pass * 192.168.1.0/24 icmp
ip filter 1040 pass * 192.168.1.1 esp
ip filter 1041 pass * 192.168.1.1 udp * 500
ip filter 1042 pass * 192.168.1.1 udp * 4500
ip filter 1043 pass * 192.168.1.1 udp * 1701
ip filter 2000 reject * *
ip filter 3000 pass * *

#
# IP dynamic filter configuration
#

ip filter dynamic 100 * * ftp
ip filter dynamic 101 * * www
ip filter dynamic 102 * * domain
ip filter dynamic 103 * * smtp
ip filter dynamic 104 * * pop3
ip filter dynamic 105 * * tcp
ip filter dynamic 106 * * udp

#
# IP forward filter configuration
#


#
# NAT Descriptor configuration
#

nat descriptor type 1 masquerade
nat descriptor address outer 1 ipcp
nat descriptor masquerade static 1 1 192.168.1.1 udp 500
nat descriptor masquerade static 1 2 192.168.1.1 udp 4500
nat descriptor masquerade static 1 3 192.168.1.1 esp

#
# IPSEC configuration
#

ipsec auto refresh on
ipsec transport 1 1 udp 1701

#
# IPv6 filter configuration
#


#
# IPv6 dynamic filter configuration
#


#
# Cooperation configuration
#


#
# Queueing configuration
#


#
# URL filter configuration
#


#
# SYSLOG configuration
#

syslog notice on

#
# TFTP configuration
#


#
# TELNETD configuration
#


#
# DHCP configuration
#

dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.1.2-192.168.1.192/24


#
# DHCPC configuration
#


#
# DNS configuration
#

dns server pp 1
dns private address spoof on

#
# WINS configuration
#


#
# SNMP configuration
#


#
# Schedule configuration
#

schedule at 1 */* *:00 * ntpdate ntp.nict.jp syslog

#
# TCP configuration
#


#
# L2TP configuration
#

l2tp service on

#
# HTTPD configuration
#


#
# Netvolante DNS configuration
#


#
# UPnP configuration
#


#
# HTTP Revision Up configuration
#


#
# Status Notify configuration
#


#
# SSHD configuration
#


#
# SFTPD configuration
#


#
# AUTH-USER configuration
#


#
# Heartbeat configuration
#


#
# NTP configuration
#


#
# SNTPD configuration
#


# If you want to save configuration to Nonvolatile memory,
#  remove `#' of next line.

save

RTX1100(100BASE-TX)の配下に、AirMac TimeCapsule(ギガビット対応)をAPモードでぶら下げた...

参考文献

  1. rarpd(8)
  2. rarpd(8) Mac OS X Manual Page
  3. Yamaha RTX1100 初期化しました → 初期IP無し、コンソールケーブル無し!!
  4. IPsecとL2TP/IPsecを使用して多拠点とVPN接続する « 設定例