website annotate en/doc/handbook/network-config.html @ rev 39

Add LightTPD to Handbook (en) & typos
author Paul Issott <paul@slitaz.org>
date Wed May 04 21:16:27 2011 +0000 (2011-05-04)
parents cd23fe9aa506
children fb63123c9a72
rev   line source
paul@15 1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
paul@15 2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
paul@15 3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
paul@15 4 <head>
paul@15 5 <title>SliTaz Handbook - Network configuration</title>
paul@15 6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
paul@15 7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
paul@15 8 <meta name="expires" content="never" />
paul@15 9 <meta name="modified" content="2008-02-26 18:30:00" />
paul@15 10 <meta name="publisher" content="www.slitaz.org" />
paul@15 11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
paul@15 12 <link rel="shortcut icon" href="favicon.ico" />
paul@15 13 <link rel="stylesheet" type="text/css" href="book.css" />
paul@15 14 </head>
paul@15 15 <body bgcolor="#ffffff">
paul@15 16
paul@15 17 <!-- Header and quick navigation -->
paul@15 18 <div id="header">
paul@15 19 <div align="right" id="quicknav">
paul@15 20 <a name="top"></a>
paul@15 21 <a href="http://www.slitaz.org/en/">www.slitaz.org/en</a> |
paul@15 22 <a href="index.html">Table of contents</a>
paul@15 23 </div>
paul@15 24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
paul@15 25 </div>
paul@15 26
paul@15 27 <!-- Content. -->
paul@15 28 <div id="content">
paul@15 29 <div class="content-right"></div>
paul@15 30
paul@15 31 <h2><font color="#DF8F06">Network configuration</font></h2>
paul@15 32
paul@15 33 <ul>
paul@15 34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
paul@15 35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
paul@15 36 modules.</li>
paul@15 37 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
paul@15 38 Kernel mode.</li>
paul@15 39 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
paul@15 40 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
paul@15 41 </ul>
paul@15 42
paul@15 43 <a name="eth"></a>
paul@15 44 <h3>Ethernet connection</h3>
paul@15 45 <p>
paul@15 46 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
paul@15 47 network card has been identified as an <code>eth0</code> interface and you use
paul@15 48 a router, your connection should already be working. DHCP is dynamically
paul@15 49 configured, on each boot the client asks for a new IP address from
paul@15 50 the DHCP server, which is integrated into the router, or on another computer.
paul@15 51 If you need a static IP, you can directly edit config files or use the GUI
paul@15 52 <code>netbox</code> available from JWM menu --&gt; System tools. In a terminal
paul@15 53 or a Linux console, you can list all available network interfaces with the
paul@15 54 command <code>ifconfig</code> followed by the <code>-a</code> option:
paul@15 55 </p>
paul@15 56 <pre>
paul@15 57 $ ifconfig -a
paul@15 58 </pre>
paul@15 59 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
paul@15 60 without any arguments:
paul@15 61 </p>
paul@15 62 <pre>
paul@15 63 $ route
paul@15 64 </pre>
paul@15 65 <p>
paul@15 66 The system wide network configuration file is <code>/etc/network.conf</code>,
paul@15 67 it can be graphically configured with <code>netbox</code> or directly edited by
paul@15 68 the root administrator.
paul@15 69 </p>
paul@15 70
paul@15 71 <a name="driver"></a>
paul@15 72 <h3>Install network card driver</h3>
paul@15 73 <p>
paul@15 74 In case you need a network card driver and dont know the driver name, you can
paul@15 75 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
paul@15 76 to load a module. In Live mode you can use the SliTaz boot option
paul@15 77 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
paul@15 78 list of all available network card drivers, display PCI eth cards and load a
paul@15 79 module:
paul@15 80 </p>
paul@15 81 <pre>
paul@15 82 # modprobe -l | grep drivers/net
paul@15 83 # lspci | grep [Ee]th
paul@15 84 # modprobe -v module_name
paul@15 85 </pre>
paul@15 86 <p>
paul@15 87 On an installed system you just need to add the module_name to the variable
paul@15 88 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
paul@15 89 on each boot.
paul@15 90 </p>
paul@15 91
paul@15 92 <a name="pppoe"></a>
paul@15 93 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
paul@15 94 <p>
paul@15 95 PPPoE connection in kernel-mode needs 2 files. The first file is
paul@15 96 <code>/etc/ppp/options</code> where you must specify your login name:
paul@15 97 </p>
paul@15 98 <pre class="script">
paul@15 99 plugin rp-pppoe.so
paul@15 100 name &lt;your provider connection ID&gt;
paul@15 101 noipdefault
paul@15 102 defaultroute
paul@15 103 mtu 1492
paul@15 104 mru 1492
paul@15 105 lock
paul@15 106 </pre>
paul@15 107 <p>
paul@15 108 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
paul@15 109 </p>
paul@15 110 <pre class="script">
paul@15 111 # client server secret IP addresses
paul@15 112 "your_login" * "your_password"
paul@15 113 </pre>
paul@15 114 <p>
paul@15 115 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
paul@15 116 now connect to the internet with <code>pppd</code>:
paul@15 117 </p>
paul@15 118 <pre>
paul@15 119 pppd eth0
paul@15 120 </pre>
paul@15 121 <p>
paul@15 122 On an installed system you can start pppd on each boot using the local startup
paul@15 123 script: <code>/etc/init.d/local.sh</code>
paul@15 124 </p>
paul@15 125
paul@15 126 <a name="rp-pppoe"></a>
paul@15 127 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
paul@15 128 <p>
paul@15 129 To set an ASDL protocol via PPPoE, SliTaz provides the following utilities
paul@15 130 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
paul@15 131 can quickly configure the network. If you use DCHP it's even easier, because
paul@15 132 the server from your ISP will take care of everything. If you do not have DHCP,
paul@15 133 you must first disable it's use via <code>DHCP="no"</code> from the
paul@15 134 configuration file <code>/etc/network.conf</code>. It should be noted that to
paul@15 135 modify configuration files and system logs you must first become <code>su</code>.
paul@15 136 To install and change the variable DHCP with Nano (ctrl + x to save &amp; exit):
paul@15 137 </p>
paul@15 138 <pre>
paul@15 139 $ su
paul@15 140 # tazpkg get-install rp-pppoe
paul@15 141 # nano /etc/network.conf
paul@15 142 </pre>
paul@15 143 <h4>Configure with pppoe-setup</h4>
paul@15 144 <p>
paul@15 145 To begin to configure your PPPoE connection, you must first open an Xterm or
paul@15 146 Linux consule and launch <code>pppoe-setup</code> and then begin to answer
paul@15 147 the following questions:
paul@15 148 </p>
paul@15 149 <pre>
paul@15 150 # pppoe-setup
paul@15 151 </pre>
paul@15 152 <ol>
paul@15 153 <li>Enter your username, please note that this is the username with which you
paul@15 154 communicate with your ISP.</li>
paul@15 155 <li>Internet interface, default is eth0 unless you have more than one,
paul@15 156 in which case you will have eth1, eth2 etc. Usually the Enter key is
paul@15 157 sufficient.</li>
paul@15 158 <li>If you have a permanent ASDL link answer
paul@15 159 <strong>yes</strong>, or <strong>no</strong> (default).</li>
paul@15 160 <li>Specify primary and secondary DNS your ISP uses (you may have to ask).</li>
paul@15 161 <li>Enter the password with which you communicate with your ISP (you need
paul@15 162 to enter twice).</li>
paul@15 163 <li>Choose the firewall or firewall depending on your hardware. If you
paul@15 164 have a router you can enter 1 or 2. If in doubt enter 1.</li>
paul@15 165 </ol>
paul@15 166 <h4>Start and Stop the connection</h4>
paul@15 167 <p>
paul@15 168 Still using the command line, simply type <code>pppoe-start</code> to start
paul@15 169 the connection. A few seconds later the system tells you that it is connected.
paul@15 170 If it gives you a message like TIMED OUT you may have poorly configured or
paul@15 171 the connection is defective. Please check the wiring and repeat the installation
paul@15 172 from the beginning. To start the connection:
paul@15 173 </p>
paul@15 174 <pre> # pppoe-start
paul@15 175 </pre>
paul@15 176 <p>
paul@15 177 To stop the connection, you can use
paul@15 178 <code>pppoe-stop</code>, using the command line.
paul@15 179 </p>
paul@15 180
paul@15 181 <a name="firewall"></a>
paul@15 182 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
paul@15 183 <p>
paul@15 184 SliTaz provides a very basic firewall, the kernel security rules are launched
paul@15 185 at boot time and iptables rules are disabled by default. You can
paul@15 186 activate/disable these at startup by using the configuration file:
paul@15 187 /etc/firewall.conf.
paul@15 188 </p>
paul@15 189 <p>
paul@15 190 The default <em>firewall</em> script begins with it's own set options for the
paul@15 191 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
paul@15 192 spoof filters. The script then launches the rules defined in the
paul@15 193 <code>iptables_rules()</code> function of the configuration file:
paul@15 194 /etc/firewall.conf.
paul@15 195 </p>
paul@15 196 <p>
paul@15 197 The <em>firewall</em> uses Iptables, it consists of two files, the
paul@15 198 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
paul@15 199 these. Note Iptables has lots of options, for more infomation see the official
paul@15 200 documentation available online:
paul@15 201 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
paul@15 202 </p>
paul@15 203 <h4>Start, stop, restart the firewall</h4>
paul@15 204 <p>
paul@15 205 The script /etc/init.d/firewall lets you start/restart, stop or display the
paul@15 206 status of the firewall. The restart option is often used to test new rules
paul@15 207 after editing the configuration file. Example:
paul@15 208 </p>
paul@15 209 <pre>
paul@15 210 # /etc/init.d/firewall restart
paul@15 211 </pre>
paul@15 212 <h4>Enable/Disable the firewall at boot</h4>
paul@15 213 <p>
paul@15 214 To enable/disable options specific to the Kernel place, "yes"
paul@15 215 or "no" in the variable KERNEL_SECURITY= :
paul@15 216 </p>
paul@15 217 <pre class="script">
paul@15 218 # Enable/disable kernel security at boot time.
paul@15 219 KERNEL_SECURITY="yes"
paul@15 220 </pre>
paul@15 221 <p>
paul@15 222 and to activate/deactivate the iptables rules, it is necessary to modify the
paul@15 223 variable IPTABLES_RULES= :
paul@15 224 </p>
paul@15 225 <pre class="script">
paul@15 226 # Enable/disable iptables rules.
paul@15 227 IPTABLES_RULES="yes"
paul@15 228 </pre>
paul@15 229 <h4>Add, delete or modify the iptables rules</h4>
paul@15 230 <p>
paul@15 231 At the bottom of the configuration file: /etc/firewall.conf. you will find a
paul@15 232 function named: <code>iptables_rules()</code>, this contains all of the iptables
paul@15 233 commands to launch when the firewall starts. To delete a rule, It is advisable
paul@15 234 to comment out the corresponding line with a <code>#</code>. It is not
paul@23 235 advisable to leave the function completely empty, if you want to disable
paul@15 236 iptables rules just add "no" to the variable IPTABLES_RULES= in the
paul@15 237 configuration file.
paul@15 238 </p>
paul@15 239 <p>
paul@15 240 Here's an example of using iptables rules, it refuses all connections incoming
paul@15 241 and outgoing, only allowing connections on the localhost, the local network,
paul@15 242 ports 80 and 22 used respectively by the web server HTTP and SSH secure server
paul@15 243 and port 21 for FTP; so it's very restrictive.
paul@15 244 </p>
paul@15 245 <pre class="script">
paul@15 246 # Netfilter/iptables rules.
paul@15 247 # This shell function is include in /etc/init.d/firewall.sh
paul@15 248 # to start iptables rules.
paul@15 249 #
paul@15 250 iptables_rules()
paul@15 251 {
paul@15 252
paul@15 253 # Drop all connexions.
paul@15 254 iptables -P INPUT DROP
paul@15 255 iptables -P OUTPUT DROP
paul@15 256
paul@15 257 # Accept all on localhost (127.0.0.1).
paul@15 258 iptables -A INPUT -i lo -j ACCEPT
paul@15 259 iptables -A OUTPUT -o lo -j ACCEPT
paul@15 260
paul@15 261 # Accept all on the local network (192.168.0.0/24).
paul@15 262 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
paul@15 263 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
paul@15 264
paul@15 265 # Accept port 80 for the HTTP server.
paul@15 266 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
paul@15 267 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
paul@15 268
paul@15 269 # Accept port 22 for SSH.
paul@15 270 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
paul@15 271 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
paul@15 272
paul@15 273 # Accept port 21 for active FTP connections.
paul@15 274 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
paul@15 275 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
paul@15 276
paul@15 277 }
paul@15 278
paul@15 279 </pre>
paul@15 280
paul@15 281 <!-- End of content -->
paul@15 282 </div>
paul@15 283
paul@15 284 <!-- Footer. -->
paul@15 285 <div id="footer">
paul@15 286 <div class="footer-right"></div>
paul@15 287 <a href="#top">Top of the page</a> |
paul@15 288 <a href="index.html">Table of contents</a>
paul@15 289 </div>
paul@15 290
paul@15 291 <div id="copy">
paul@15 292 Copyright &copy; 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
paul@15 293 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
paul@15 294 Documentation is under
paul@15 295 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
paul@15 296 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
paul@15 297 </div>
paul@15 298
paul@15 299 </body>
paul@15 300 </html>
paul@15 301