website annotate pt/doc/handbook/network-config.html @ rev 142

pt: Add newly translated pages (Many thanks Cladinei)
author Paul Issott <paul@slitaz.org>
date Mon Aug 25 22:36:03 2008 +0000 (2008-08-25)
parents
children 0ea2e42b81de
rev   line source
paul@142 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
paul@142 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
paul@142 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
paul@142 4 <head>
paul@142 5 <title>SliTaz Handbook - Network configuration</title>
paul@142 6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
paul@142 7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
paul@142 8 <meta name="expires" content="never" />
paul@142 9 <meta name="modified" content="2008-07-17 22:30:00" />
paul@142 10 <meta name="publisher" content="www.slitaz.org" />
paul@142 11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
paul@142 12 <link rel="shortcut icon" href="favicon.ico" />
paul@142 13 <link rel="stylesheet" type="text/css" href="book.css" />
paul@142 14 </head>
paul@142 15 <body bgcolor="#ffffff">
paul@142 16
paul@142 17 <!-- Header and quick navigation -->
paul@142 18 <div id="header">
paul@142 19 <div align="right" id="quicknav">
paul@142 20 <a name="top"></a>
paul@142 21 <a href="system-admin.html">System administration</a> |
paul@142 22 <a href="index.html">Table of contents</a>
paul@142 23 </div>
paul@142 24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
paul@142 25 </div>
paul@142 26
paul@142 27 <!-- Content. -->
paul@142 28 <div id="content">
paul@142 29 <div class="content-right"></div>
paul@142 30
paul@142 31 <h2><font color="#DF8F06">Network configuration</font></h2>
paul@142 32
paul@142 33 <ul>
paul@142 34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
paul@142 35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
paul@142 36 modules.</li>
paul@142 37 <li><a href="#netbox">Netbox</a> - Configure network.</li>
paul@142 38 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
paul@142 39 Kernel mode.</li>
paul@142 40 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
paul@142 41 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
paul@142 42 </ul>
paul@142 43
paul@142 44 <a name="eth"></a>
paul@142 45 <h3>Ethernet connection</h3>
paul@142 46 <p>
paul@142 47 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
paul@142 48 network card has been identified as an <code>eth0</code> interface and you use
paul@142 49 a router, your connection should already be working. DHCP is dynamically
paul@142 50 configured, on each boot the client asks for a new IP address from
paul@142 51 the DHCP server, which is integrated into the router, or on another computer.
paul@142 52 If you need a static IP, you can directly edit config files or use the GUI
paul@142 53 <code>netbox</code> available from JWM menu --&gt; System tools. In a terminal
paul@142 54 or a Linux console, you can list all available network interfaces with the
paul@142 55 command <code>ifconfig</code> followed by the <code>-a</code> option:
paul@142 56 </p>
paul@142 57 <pre>
paul@142 58 $ ifconfig -a
paul@142 59 </pre>
paul@142 60 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
paul@142 61 without any arguments:
paul@142 62 </p>
paul@142 63 <pre>
paul@142 64 $ route
paul@142 65 </pre>
paul@142 66 <p>
paul@142 67 The system wide network configuration file is <code>/etc/network.conf</code>.
paul@142 68 It can be graphically configured with <code>netbox</code> or directly edited by
paul@142 69 the root administrator.
paul@142 70 </p>
paul@142 71
paul@142 72 <a name="driver"></a>
paul@142 73 <h3>Install network card driver</h3>
paul@142 74 <p>
paul@142 75 In case you need a network card driver and don't know the driver name, you can
paul@142 76 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
paul@142 77 to load a module. In Live mode you can use the SliTaz boot option
paul@142 78 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
paul@142 79 list of all available network card drivers, display PCI eth cards and load a
paul@142 80 module:
paul@142 81 </p>
paul@142 82 <pre>
paul@142 83 # modprobe -l | grep drivers/net
paul@142 84 # lspci | grep [Ee]th
paul@142 85 # modprobe -v module_name
paul@142 86 </pre>
paul@142 87 <p>
paul@142 88 On an installed system you just need to add the module_name to the variable
paul@142 89 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
paul@142 90 on each boot.
paul@142 91 </p>
paul@142 92
paul@142 93 <a name="netbox"></a>
paul@142 94 <h3>Netbox - Configure network</h3>
paul@142 95 <p>
paul@142 96 Netbox is a small GTK+ application to configure a network interface using <em>DCHP</em> or a fixed (<em>static</em>) IP address. The tabs can be used to start/stop the connections and automatically change the values in the system files. Netbox also provides a <em>system wide</em> tab from which you can directly edit network configuration files. You can start netbox from the system tools menu or via a terminal:
paul@142 97 </p>
paul@142 98 <pre>
paul@142 99 # netbox
paul@142 100 </pre>
paul@142 101
paul@142 102 <a name="pppoe"></a>
paul@142 103 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
paul@142 104 <p>
paul@142 105 PPPoE connection in kernel-mode needs 2 files. The first file is
paul@142 106 <code>/etc/ppp/options</code> where you must specify your login name:
paul@142 107 </p>
paul@142 108 <pre class="script">
paul@142 109 plugin rp-pppoe.so
paul@142 110 name &lt;your provider connection ID&gt;
paul@142 111 noipdefault
paul@142 112 defaultroute
paul@142 113 mtu 1492
paul@142 114 mru 1492
paul@142 115 lock
paul@142 116 </pre>
paul@142 117 <p>
paul@142 118 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
paul@142 119 </p>
paul@142 120 <pre class="script">
paul@142 121 # client server secret IP addresses
paul@142 122 "your_login" * "your_password"
paul@142 123 </pre>
paul@142 124 <p>
paul@142 125 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
paul@142 126 now connect to the internet with <code>pppd</code>:
paul@142 127 </p>
paul@142 128 <pre>
paul@142 129 pppd eth0
paul@142 130 </pre>
paul@142 131 <p>
paul@142 132 On an installed system you can start pppd on each boot using the local startup
paul@142 133 script: <code>/etc/init.d/local.sh</code>
paul@142 134 </p>
paul@142 135
paul@142 136 <a name="rp-pppoe"></a>
paul@142 137 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
paul@142 138 <p>
paul@142 139 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
paul@142 140 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
paul@142 141 can quickly configure the network. If you use DCHP it's even easier, because
paul@142 142 the server from your ISP will take care of everything. If you do not have DHCP,
paul@142 143 you must first disable its use via <code>DHCP="no"</code> from the
paul@142 144 configuration file <code>/etc/network.conf</code>. It should be noted that to
paul@142 145 modify configuration files and system logs you must first become <code>root</code>.
paul@142 146 To install and change the variable DHCP with Nano (ctrl + x to save &amp; exit):
paul@142 147 </p>
paul@142 148 <pre>
paul@142 149 $ su
paul@142 150 # tazpkg get-install rp-pppoe
paul@142 151 # nano /etc/network.conf
paul@142 152 </pre>
paul@142 153 <h4>Configure with pppoe-setup</h4>
paul@142 154 <p>
paul@142 155 To begin to configure your PPPoE connection, you must first open an Xterm or
paul@142 156 Linux console and launch <code>pppoe-setup</code> and then begin to answer
paul@142 157 the following questions:
paul@142 158 </p>
paul@142 159 <pre>
paul@142 160 # pppoe-setup
paul@142 161 </pre>
paul@142 162 <ol>
paul@142 163 <li>Enter your username, please note that this is the username with which you
paul@142 164 communicate with your ISP.</li>
paul@142 165 <li>Internet interface, default is eth0 unless you have more than one,
paul@142 166 in which case you will have eth1, eth2 etc. Usually the Enter key is
paul@142 167 sufficient.</li>
paul@142 168 <li>If you have a permanent ASDL link answer
paul@142 169 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
paul@142 170 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
paul@142 171 <li>Enter the password with which you communicate with your ISP (you need
paul@142 172 to enter it twice).</li>
paul@142 173 <li>Choose the firewall settings depending on your hardware. If you
paul@142 174 have a router you can enter 1 or 2. If in doubt enter 1.</li>
paul@142 175 </ol>
paul@142 176 <h4>Start and Stop the connection</h4>
paul@142 177 <p>
paul@142 178 Still using the command line, simply type <code>pppoe-start</code> to start
paul@142 179 the connection. A few seconds later the system tells you that it is connected.
paul@142 180 If it gives you a message like TIMED OUT you may have poorly configured or
paul@142 181 the connection is defective. Please check the wiring and repeat the installation
paul@142 182 from the beginning. To start the connection:
paul@142 183 </p>
paul@142 184 <pre> # pppoe-start
paul@142 185 </pre>
paul@142 186 <p>
paul@142 187 To stop the connection, you can type
paul@142 188 <code>pppoe-stop</code>.
paul@142 189 </p>
paul@142 190
paul@142 191 <a name="firewall"></a>
paul@142 192 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
paul@142 193 <p>
paul@142 194 SliTaz provides a very basic firewall, the kernel security rules are launched
paul@142 195 at boot time and iptables rules are disabled by default. You can
paul@142 196 activate/disable these at startup by using the configuration file:
paul@142 197 /etc/firewall.conf.
paul@142 198 </p>
paul@142 199 <p>
paul@142 200 The default <em>firewall</em> script begins with it's own set options for the
paul@142 201 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
paul@142 202 spoof filters. The script then launches the rules defined in the
paul@142 203 <code>iptables_rules()</code> function of the configuration file:
paul@142 204 /etc/firewall.conf.
paul@142 205 </p>
paul@142 206 <p>
paul@142 207 The <em>firewall</em> uses Iptables, it consists of two files, the
paul@142 208 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
paul@142 209 these. Note Iptables has lots of options, for more infomation see the official
paul@142 210 documentation available online:
paul@142 211 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
paul@142 212 </p>
paul@142 213 <h4>Start, stop, restart the firewall</h4>
paul@142 214 <p>
paul@142 215 The script /etc/init.d/firewall lets you start/restart, stop or display the
paul@142 216 status of the firewall. The restart option is often used to test new rules
paul@142 217 after editing the configuration file. Example:
paul@142 218 </p>
paul@142 219 <pre>
paul@142 220 # /etc/init.d/firewall restart
paul@142 221 </pre>
paul@142 222 <h4>Enable/Disable the firewall at boot</h4>
paul@142 223 <p>
paul@142 224 To enable/disable options specific to the Kernel place "yes"
paul@142 225 or "no" in the variable KERNEL_SECURITY= :
paul@142 226 </p>
paul@142 227 <pre class="script">
paul@142 228 # Enable/disable kernel security at boot time.
paul@142 229 KERNEL_SECURITY="yes"
paul@142 230 </pre>
paul@142 231 <p>
paul@142 232 and to activate/deactivate the iptables rules, it is necessary to modify the
paul@142 233 variable IPTABLES_RULES= :
paul@142 234 </p>
paul@142 235 <pre class="script">
paul@142 236 # Enable/disable iptables rules.
paul@142 237 IPTABLES_RULES="yes"
paul@142 238 </pre>
paul@142 239 <h4>Add, delete or modify the iptables rules</h4>
paul@142 240 <p>
paul@142 241 At the bottom of the configuration file: /etc/firewall.conf, you will find a
paul@142 242 function named: <code>iptables_rules()</code>. This function contains all of
paul@142 243 the iptables commands to launch when the firewall starts. To delete a rule, It
paul@142 244 is advisable to comment out the corresponding line with a <code>#</code>. It is
paul@142 245 <em>not</em> advisable to leave the function completely empty, if you want to disable the
paul@142 246 iptables rules just add "no" to the variable IPTABLES_RULES= in the
paul@142 247 configuration file.
paul@142 248 </p>
paul@142 249 <p>
paul@142 250 Here's an example of using iptables rules. It only allows connections on the
paul@142 251 localhost and the local network, and ports 80, 22, and 21 used by the web server
paul@142 252 HTTP, the SSH secure server and FTP respectively. All other incoming and
paul@142 253 outgoing connections are refused, so it's fairly restrictive.
paul@142 254 </p>
paul@142 255 <pre class="script">
paul@142 256 # Netfilter/iptables rules.
paul@142 257 # This shell function is included in /etc/init.d/firewall.sh
paul@142 258 # to start iptables rules.
paul@142 259 #
paul@142 260 iptables_rules()
paul@142 261 {
paul@142 262
paul@142 263 # Drop all connections.
paul@142 264 iptables -P INPUT DROP
paul@142 265 iptables -P OUTPUT DROP
paul@142 266
paul@142 267 # Accept all on localhost (127.0.0.1).
paul@142 268 iptables -A INPUT -i lo -j ACCEPT
paul@142 269 iptables -A OUTPUT -o lo -j ACCEPT
paul@142 270
paul@142 271 # Accept all on the local network (192.168.0.0/24).
paul@142 272 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
paul@142 273 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
paul@142 274
paul@142 275 # Accept port 80 for the HTTP server.
paul@142 276 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
paul@142 277 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
paul@142 278
paul@142 279 # Accept port 22 for SSH.
paul@142 280 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
paul@142 281 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
paul@142 282
paul@142 283 # Accept port 21 for active FTP connections.
paul@142 284 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
paul@142 285 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
paul@142 286
paul@142 287 }
paul@142 288
paul@142 289 </pre>
paul@142 290
paul@142 291 <!-- End of content -->
paul@142 292 </div>
paul@142 293
paul@142 294 <!-- Footer. -->
paul@142 295 <div id="footer">
paul@142 296 <div class="footer-right"></div>
paul@142 297 <a href="#top">Top of the page</a> |
paul@142 298 <a href="index.html">Table of contents</a>
paul@142 299 </div>
paul@142 300
paul@142 301 <div id="copy">
paul@142 302 Copyright &copy; 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
paul@142 303 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
paul@142 304 Documentation is under
paul@142 305 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
paul@142 306 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
paul@142 307 </div>
paul@142 308
paul@142 309 </body>
paul@142 310 </html>
paul@142 311