1. Preparing the packages in host
sudo apt-get install debootstrap qemu-user-static2. Download the packages for ubuntu rootfs
debootstrap_dir=ubuntu-arm64-jammy
sudo debootstrap --arch arm64 --foreign jammy "$debootstrap_dir" http://ports.ubuntu.com/ubuntu-ports
3. Install the packages/ second-stage
sudo mkdir -p "${debootstrap_dir}/usr/bin"
sudo cp "$(which qemu-aarch64-static)" "${debootstrap_dir}/usr/bin"
sudo chroot "$debootstrap_dir" /debootstrap/debootstrap --second-stage
4. Remove the passwd of root
sudo chroot "$debootstrap_dir"
Edit /etc/passwd and /etc/shadow, remove the "*" in between ":" and ":" in root:....
5. Enable UART console
sudo chroot ${debootstrap_dir}
ln -sf /lib/systemd/system/serial-getty\@.service /lib/systemd/system/getty.target.wants/
6. /etc/network/interfaces
sudo apt install ifupdown
vi /etc/network/interface
-----
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
# The intranet network interface
auto eth1
iface eth1 inet static
address 10.19.132.49
netmask 255.255.254.0
7. Add locale
sudo vi /etc/locale.gen
umakrk en_US.UTF-8 UTF-8 and zh_TW.UTF-8 UTF-8
sudo locale-gen
source.list
==================================================
deb http://tw.ports.ubuntu.com/ bionic main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ bionic-updates main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic main restricted
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates main restricted
deb-src http://tw.ports.ubuntu.com/ubuntu-ports bionic main restricted universe multiverse
deb-src http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic universe
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates universe
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates multiverse
deb http://tw.ports.ubuntu.com/ bionic-security main restricted universe multiverse
SNAT
================================
echo "Setting IP Masquerading...."
echo 1 > /proc/sys/net/ipv4/ip_forward
WAN_IP=`ifconfig eth0 | grep "inet addr:" | cut -d ":" -f 2 | cut -d " " -f 1`
echo "Setting iptables..... "
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -P FORWARD DROP
# Block access to 208.46.65.0/24
/sbin/iptables -A OUTPUT -d 208.48.65.0/24 -j DROP
/sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source ${WAN_IP}
#172.23.68.32
/sbin/iptables -A FORWARD -s 172.23.68.32 -j ACCEPT
/sbin/iptables -A FORWARD -d 172.23.68.32 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 172.23.68.32 -j SNAT --to-source ${WAN_IP}
Route table
============================
ip route add 10.0.0.0/8 via 10.19.132.1
ip route del default
ip route add default via 10.19.132.49(Z2X)
3. Install the packages/ second-stage
sudo mkdir -p "${debootstrap_dir}/usr/bin"
sudo cp "$(which qemu-aarch64-static)" "${debootstrap_dir}/usr/bin"
sudo chroot "$debootstrap_dir" /debootstrap/debootstrap --second-stage
4. Remove the passwd of root
sudo chroot "$debootstrap_dir"
Edit /etc/passwd and /etc/shadow, remove the "*" in between ":" and ":" in root:....
5. Enable UART console
sudo chroot ${debootstrap_dir}
ln -sf /lib/systemd/system/serial-getty\@.service /lib/systemd/system/getty.target.wants/
6. /etc/network/interfaces
sudo apt install ifupdown
vi /etc/network/interface
-----
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
# The intranet network interface
auto eth1
iface eth1 inet static
address 10.19.132.49
netmask 255.255.254.0
7. Add locale
sudo vi /etc/locale.gen
umakrk en_US.UTF-8 UTF-8 and zh_TW.UTF-8 UTF-8
sudo locale-gen
source.list
==================================================
deb http://tw.ports.ubuntu.com/ bionic main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ bionic-updates main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic main restricted
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates main restricted
deb-src http://tw.ports.ubuntu.com/ubuntu-ports bionic main restricted universe multiverse
deb-src http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates main restricted universe multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic universe
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates universe
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic multiverse
deb http://tw.ports.ubuntu.com/ubuntu-ports bionic-updates multiverse
deb http://tw.ports.ubuntu.com/ bionic-security main restricted universe multiverse
SNAT
================================
echo "Setting IP Masquerading...."
echo 1 > /proc/sys/net/ipv4/ip_forward
WAN_IP=`ifconfig eth0 | grep "inet addr:" | cut -d ":" -f 2 | cut -d " " -f 1`
echo "Setting iptables..... "
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -P FORWARD DROP
# Block access to 208.46.65.0/24
/sbin/iptables -A OUTPUT -d 208.48.65.0/24 -j DROP
/sbin/iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
/sbin/iptables -A FORWARD -d 192.168.0.0/24 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source ${WAN_IP}
#172.23.68.32
/sbin/iptables -A FORWARD -s 172.23.68.32 -j ACCEPT
/sbin/iptables -A FORWARD -d 172.23.68.32 -j ACCEPT
/sbin/iptables -t nat -A POSTROUTING -s 172.23.68.32 -j SNAT --to-source ${WAN_IP}
Route table
============================
ip route add 10.0.0.0/8 via 10.19.132.1
ip route del default
ip route add default via 10.19.132.49(Z2X)
rc.local
=============
ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
touch /etc/rc.local
chmod 755 /etc/rc.local
EDIT /etc/rc.local
-----
#!/bin/bash
echo "test rc " > /var/test.log
exit 0
=============
ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
touch /etc/rc.local
chmod 755 /etc/rc.local
EDIT /etc/rc.local
-----
#!/bin/bash
echo "test rc " > /var/test.log
exit 0
