website diff en/doc/handbook/network-config.html @ rev 20
Minor corrections
| author | hacker@slitaz |
|---|---|
| date | Fri Apr 11 21:57:21 2008 +0000 (2008-04-11) |
| parents | |
| children | 25eacf7051ed |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/en/doc/handbook/network-config.html Fri Apr 11 21:57:21 2008 +0000 1.3 @@ -0,0 +1,301 @@ 1.4 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 1.5 + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 1.6 +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 1.7 +<head> 1.8 + <title>SliTaz Handbook - Network configuration</title> 1.9 + <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> 1.10 + <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" /> 1.11 + <meta name="expires" content="never" /> 1.12 + <meta name="modified" content="2008-02-26 18:30:00" /> 1.13 + <meta name="publisher" content="www.slitaz.org" /> 1.14 + <meta name="author" content="Paul Issot, Christophe Lincoln"/> 1.15 + <link rel="shortcut icon" href="favicon.ico" /> 1.16 + <link rel="stylesheet" type="text/css" href="book.css" /> 1.17 +</head> 1.18 +<body bgcolor="#ffffff"> 1.19 + 1.20 +<!-- Header and quick navigation --> 1.21 +<div id="header"> 1.22 +<div align="right" id="quicknav"> 1.23 + <a name="top"></a> 1.24 + <a href="http://www.slitaz.org/en/">www.slitaz.org/en</a> | 1.25 + <a href="index.html">Table of contents</a> 1.26 +</div> 1.27 +<h1><font color="#3E1220">SliTaz Handbook (en)</font></h1> 1.28 +</div> 1.29 + 1.30 +<!-- Content. --> 1.31 +<div id="content"> 1.32 +<div class="content-right"></div> 1.33 + 1.34 +<h2><font color="#DF8F06">Network configuration</font></h2> 1.35 + 1.36 +<ul> 1.37 + <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li> 1.38 + <li><a href="#driver">Install network card driver</a> - Find and load Kernel 1.39 + modules.</li> 1.40 + <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in 1.41 + Kernel mode.</li> 1.42 + <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li> 1.43 + <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li> 1.44 +</ul> 1.45 + 1.46 +<a name="eth"></a> 1.47 +<h3>Ethernet connection</h3> 1.48 +<p> 1.49 +By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your 1.50 +network card has been identified as an <code>eth0</code> interface and you use 1.51 +a router, your connection should already be working. DHCP is dynamically 1.52 +configured, on each boot the client asks for a new IP address from 1.53 +the DHCP server, which is integrated into the router, or on another computer. 1.54 +If you need a static IP, you can directly edit config files or use the GUI 1.55 +<code>netbox</code> available from JWM menu --> System tools. In a terminal 1.56 +or a Linux console, you can list all available network interfaces with the 1.57 +command <code>ifconfig</code> followed by the <code>-a</code> option: 1.58 +</p> 1.59 +<pre> 1.60 + $ ifconfig -a 1.61 +</pre> 1.62 +<p>To display the Kernel's IP routing table, you can use the <code>route</code> command 1.63 +without any arguments: 1.64 +</p> 1.65 +<pre> 1.66 +$ route 1.67 +</pre> 1.68 +<p> 1.69 +The system wide network configuration file is <code>/etc/network.conf</code>, 1.70 +it can be graphically configured with <code>netbox</code> or directly edited by 1.71 +the root administrator. 1.72 +</p> 1.73 + 1.74 +<a name="driver"></a> 1.75 +<h3>Install network card driver</h3> 1.76 +<p> 1.77 +In case you need a network card driver and dont know the driver name, you can 1.78 +use the command <code>lspci</code> to find your card and then <code>modprobe</code> 1.79 +to load a module. In Live mode you can use the SliTaz boot option 1.80 +<code>modprobe=modules</code> to automatically load Kernel modules. To get a 1.81 +list of all available network card drivers, display PCI eth cards and load a 1.82 +module: 1.83 +</p> 1.84 +<pre> 1.85 + # modprobe -l | grep drivers/net 1.86 + # lspci | grep [Ee]th 1.87 + # modprobe -v module_name 1.88 +</pre> 1.89 +<p> 1.90 +On an installed system you just need to add the module_name to the variable 1.91 +<code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module 1.92 +on each boot. 1.93 +</p> 1.94 + 1.95 +<a name="pppoe"></a> 1.96 +<h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3> 1.97 +<p> 1.98 +PPPoE connection in kernel-mode needs 2 files. The first file is 1.99 +<code>/etc/ppp/options</code> where you must specify your login name: 1.100 +</p> 1.101 +<pre class="script"> 1.102 +plugin rp-pppoe.so 1.103 +name <your provider connection ID> 1.104 +noipdefault 1.105 +defaultroute 1.106 +mtu 1492 1.107 +mru 1492 1.108 +lock 1.109 +</pre> 1.110 +<p> 1.111 +Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets: 1.112 +</p> 1.113 +<pre class="script"> 1.114 +# client server secret IP addresses 1.115 +"your_login" * "your_password" 1.116 +</pre> 1.117 +<p> 1.118 +The config file /etc/resolv.conf will be automatically loaded up. Finished, you can 1.119 +now connect to the internet with <code>pppd</code>: 1.120 +</p> 1.121 +<pre> 1.122 +pppd eth0 1.123 +</pre> 1.124 +<p> 1.125 +On an installed system you can start pppd on each boot using the local startup 1.126 +script: <code>/etc/init.d/local.sh</code> 1.127 +</p> 1.128 + 1.129 +<a name="rp-pppoe"></a> 1.130 +<h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3> 1.131 +<p> 1.132 +To set an ASDL protocol via PPPoE, SliTaz provides the following utilities 1.133 +package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you 1.134 +can quickly configure the network. If you use DCHP it's even easier, because 1.135 +the server from your ISP will take care of everything. If you do not have DHCP, 1.136 +you must first disable it's use via <code>DHCP="no"</code> from the 1.137 +configuration file <code>/etc/network.conf</code>. It should be noted that to 1.138 +modify configuration files and system logs you must first become <code>su</code>. 1.139 +To install and change the variable DHCP with Nano (ctrl + x to save & exit): 1.140 +</p> 1.141 +<pre> 1.142 + $ su 1.143 + # tazpkg get-install rp-pppoe 1.144 + # nano /etc/network.conf 1.145 +</pre> 1.146 +<h4>Configure with pppoe-setup</h4> 1.147 +<p> 1.148 +To begin to configure your PPPoE connection, you must first open an Xterm or 1.149 +Linux consule and launch <code>pppoe-setup</code> and then begin to answer 1.150 +the following questions: 1.151 +</p> 1.152 +<pre> 1.153 + # pppoe-setup 1.154 +</pre> 1.155 +<ol> 1.156 + <li>Enter your username, please note that this is the username with which you 1.157 + communicate with your ISP.</li> 1.158 + <li>Internet interface, default is eth0 unless you have more than one, 1.159 + in which case you will have eth1, eth2 etc. Usually the Enter key is 1.160 + sufficient.</li> 1.161 + <li>If you have a permanent ASDL link answer 1.162 + <strong>yes</strong>, or <strong>no</strong> (default).</li> 1.163 + <li>Specify primary and secondary DNS your ISP uses (you may have to ask).</li> 1.164 + <li>Enter the password with which you communicate with your ISP (you need 1.165 + to enter twice).</li> 1.166 + <li>Choose the firewall or firewall depending on your hardware. If you 1.167 + have a router you can enter 1 or 2. If in doubt enter 1.</li> 1.168 +</ol> 1.169 +<h4>Start and Stop the connection</h4> 1.170 +<p> 1.171 +Still using the command line, simply type <code>pppoe-start</code> to start 1.172 +the connection. A few seconds later the system tells you that it is connected. 1.173 +If it gives you a message like TIMED OUT you may have poorly configured or 1.174 +the connection is defective. Please check the wiring and repeat the installation 1.175 +from the beginning. To start the connection: 1.176 +</p> 1.177 +<pre> # pppoe-start 1.178 +</pre> 1.179 +<p> 1.180 +To stop the connection, you can use 1.181 +<code>pppoe-stop</code>, using the command line. 1.182 +</p> 1.183 + 1.184 +<a name="firewall"></a> 1.185 +<h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3> 1.186 +<p> 1.187 +SliTaz provides a very basic firewall, the kernel security rules are launched 1.188 +at boot time and iptables rules are disabled by default. You can 1.189 +activate/disable these at startup by using the configuration file: 1.190 +/etc/firewall.conf. 1.191 +</p> 1.192 +<p> 1.193 +The default <em>firewall</em> script begins with it's own set options for the 1.194 +Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and 1.195 +spoof filters. The script then launches the rules defined in the 1.196 +<code>iptables_rules()</code> function of the configuration file: 1.197 +/etc/firewall.conf. 1.198 +</p> 1.199 +<p> 1.200 +The <em>firewall</em> uses Iptables, it consists of two files, the 1.201 +/etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify 1.202 +these. Note Iptables has lots of options, for more infomation see the official 1.203 +documentation available online: 1.204 +<a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>. 1.205 +</p> 1.206 +<h4>Start, stop, restart the firewall</h4> 1.207 +<p> 1.208 +The script /etc/init.d/firewall lets you start/restart, stop or display the 1.209 +status of the firewall. The restart option is often used to test new rules 1.210 +after editing the configuration file. Example: 1.211 +</p> 1.212 +<pre> 1.213 + # /etc/init.d/firewall restart 1.214 +</pre> 1.215 +<h4>Enable/Disable the firewall at boot</h4> 1.216 +<p> 1.217 +To enable/disable options specific to the Kernel place, "yes" 1.218 +or "no" in the variable KERNEL_SECURITY= : 1.219 +</p> 1.220 +<pre class="script"> 1.221 +# Enable/disable kernel security at boot time. 1.222 +KERNEL_SECURITY="yes" 1.223 +</pre> 1.224 +<p> 1.225 +and to activate/deactivate the iptables rules, it is necessary to modify the 1.226 +variable IPTABLES_RULES= : 1.227 +</p> 1.228 +<pre class="script"> 1.229 +# Enable/disable iptables rules. 1.230 +IPTABLES_RULES="yes" 1.231 +</pre> 1.232 +<h4>Add, delete or modify the iptables rules</h4> 1.233 +<p> 1.234 +At the bottom of the configuration file: /etc/firewall.conf. you will find a 1.235 +function named: <code>iptables_rules()</code>, this contains all of the iptables 1.236 +commands to launch when the firewall starts. To delete a rule, It is advisable 1.237 +to comment out the corresponding line with a <code>#</code>. It is not 1.238 +advisable to leave the function completely empty, if you want to disable the 1.239 +iptables rules just add "no" to the variable IPTABLES_RULES= in the 1.240 +configuration file. 1.241 +</p> 1.242 +<p> 1.243 +Here's an example of using iptables rules, it refuses all connections incoming 1.244 +and outgoing, only allowing connections on the localhost, the local network, 1.245 +ports 80 and 22 used respectively by the web server HTTP and SSH secure server 1.246 +and port 21 for FTP; so it's very restrictive. 1.247 +</p> 1.248 +<pre class="script"> 1.249 +# Netfilter/iptables rules. 1.250 +# This shell function is include in /etc/init.d/firewall.sh 1.251 +# to start iptables rules. 1.252 +# 1.253 +iptables_rules() 1.254 +{ 1.255 + 1.256 +# Drop all connexions. 1.257 +iptables -P INPUT DROP 1.258 +iptables -P OUTPUT DROP 1.259 + 1.260 +# Accept all on localhost (127.0.0.1). 1.261 +iptables -A INPUT -i lo -j ACCEPT 1.262 +iptables -A OUTPUT -o lo -j ACCEPT 1.263 + 1.264 +# Accept all on the local network (192.168.0.0/24). 1.265 +iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT 1.266 +iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT 1.267 + 1.268 +# Accept port 80 for the HTTP server. 1.269 +iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT 1.270 +iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT 1.271 + 1.272 +# Accept port 22 for SSH. 1.273 +iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT 1.274 +iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT 1.275 + 1.276 +# Accept port 21 for active FTP connections. 1.277 +iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT 1.278 +iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT 1.279 + 1.280 +} 1.281 + 1.282 +</pre> 1.283 + 1.284 +<!-- End of content --> 1.285 +</div> 1.286 + 1.287 +<!-- Footer. --> 1.288 +<div id="footer"> 1.289 + <div class="footer-right"></div> 1.290 + <a href="#top">Top of the page</a> | 1.291 + <a href="index.html">Table of contents</a> 1.292 +</div> 1.293 + 1.294 +<div id="copy"> 1.295 + Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> - 1.296 + <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br /> 1.297 + Documentation is under 1.298 + <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a> 1.299 + and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>. 1.300 +</div> 1.301 + 1.302 +</body> 1.303 +</html> 1.304 +