website view en/doc/handbook/network-config.html @ rev 314
en: Start to update website (V2)
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Sun Mar 22 16:02:03 2009 +0000 (2009-03-22) |
| parents | 3c4edaebb9b5 |
| children | 5ea4a83c8f7a |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2008-07-17 22:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="system-admin.html">System administration</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
36 modules.</li>
37 <li><a href="#netbox">Netbox</a> - Configure network.</li>
38 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
39 Kernel mode.</li>
40 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
41 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
42 </ul>
44 <a name="eth"></a>
45 <h3>About the Network</h3>
46 <p>
47 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
48 network card has been identified as an <code>eth0</code> interface and you use
49 a router, your connection should already be working. DHCP is dynamically
50 configured, on each boot the client asks for a new IP address from
51 the DHCP server, which is integrated into the router, or on another computer.
52 If you need a static IP, you can directly edit config files or use the GUI
53 <code>netbox</code> available from JWM menu --> System tools. In a terminal
54 or a Linux console, you can list all available network interfaces with the
55 command <code>ifconfig</code> followed by the <code>-a</code> option:
56 </p>
57 <pre>
58 $ ifconfig -a
59 </pre>
60 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
61 without any arguments:
62 </p>
63 <pre>
64 $ route
65 </pre>
66 <p>
67 The system wide network configuration file is <code>/etc/network.conf</code>.
68 It can be graphically configured with <code>netbox</code> or directly edited by
69 the root administrator.
70 </p>
72 <a name="netbox"></a>
73 <h3><font color="#6c0023">Netbox - Configure the network</font></h3>
74 <p>
75 Netbox is a small GTK+ application to configure a network interface using
76 DCHP or a fixed (static) IP address. The tabs can be used to start/stop the
77 connections and automatically change the values in the system files. Netbox
78 also provides a system wide tab from which you can directly edit network
79 configuration files.
80 </p>
82 <img
83 src="images/screenshots/netbox.png"
84 alt="Slitaz Netbox"
85 style="width: 536px; height: 357px;" />
87 <p>
88 You can start netbox from the system tools menu or via a terminal:
89 </p>
90 <pre>
91 $ subox netbox
92 </pre>
94 <a name="wifibox"></a>
95 <h3><font color="#6c0023">Wifibox - Graphical configuration of the wireless network</font></h3>
96 <p>
97 Wifibox is small interface to configure a network connection (Wifi,
98 WLAN, or Wireless). The 'Networks' tab displays a list of available
99 networks, just double click on a network name to connect. If the network
100 is secure, the key will then be sought.
101 </p>
103 <img
104 src="images/screenshots/wifibox.png"
105 alt="SliTaz Wifibox"
106 style="width: 533px; height: 330px;" />
108 <p>
109 The 'Favorites' tab allows you to set your preferred networks. Once a
110 network is added, just double click on the network name to connect. The
111 'Configuration' tab lets you configure a connection manually using the
112 advanced settings such as the mode or channel. The 'Drivers' tab allows
113 you to configure a network card; there are 3 options:
114 </p>
115 <ol>
116 <li>The card is supported directly by the kernel via a module.</li>
117 <li>The card needs a module and non-free firmware that can be installed
118 automatically via the auto-detect tool (tazhw).</li>
119 <li> The card is not supported by Linux and a Windows driver must be
120 installed via the Windows driver manager (tazndis).</li>
121 </ol>
123 <a name="driver"></a>
124 <h3>Install network card driver</h3>
125 <p>
126 In case you need a network card driver and don't know the driver name, you can
127 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
128 to load a module. In Live mode you can use the SliTaz boot option
129 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
130 list of all available network card drivers, display PCI eth cards and load a
131 module:
132 </p>
133 <pre>
134 # modprobe -l | grep drivers/net
135 # lspci | grep [Ee]th
136 # modprobe -v module_name
137 </pre>
138 <p>
139 On an installed system you just need to add the module_name to the variable
140 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
141 on each boot.
142 </p>
144 <a name="hostname"></a>
145 <h3><font color="#6c0023">/etc/hostname - The hostname</font></h3>
146 <p>
147 The file /etc/hostname sets the machine name. This is loaded at system
148 startup with the command 'hostname', without an argument this
149 command returns the current machine name:
150 </p>
151 <pre>
152 $ hostame
153 </pre>
154 <p>
155 To change the hostname, you can use the <code>echo</code> command or a text
156 editor available on SliTaz (you must be root). Example using <code>echo </code>
157 and the machine name <code>kayam</code>:
158 </p>
159 <pre>
160 # echo "kayam" > /etc/hostname
161 </pre>
163 <a name="pppoe"></a>
164 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
165 <p>
166 PPPoE connection in kernel-mode needs 2 files. The first file is
167 <code>/etc/ppp/options</code> where you must specify your login name:
168 </p>
169 <pre class="script">
170 plugin rp-pppoe.so
171 name <your provider connection ID>
172 noipdefault
173 defaultroute
174 mtu 1492
175 mru 1492
176 lock
177 </pre>
178 <p>
179 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
180 </p>
181 <pre class="script">
182 # client server secret IP addresses
183 "your_login" * "your_password"
184 </pre>
185 <p>
186 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
187 now connect to the internet with <code>pppd</code>:
188 </p>
189 <pre>
190 pppd eth0
191 </pre>
192 <p>
193 On an installed system you can start pppd on each boot using the local startup
194 script: <code>/etc/init.d/local.sh</code>
195 </p>
197 <a name="rp-pppoe"></a>
198 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
199 <p>
200 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
201 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
202 can quickly configure the network. If you use DCHP it's even easier, because
203 the server from your ISP will take care of everything. If you do not have DHCP,
204 you must first disable its use via <code>DHCP="no"</code> from the
205 configuration file <code>/etc/network.conf</code>. It should be noted that to
206 modify configuration files and system logs you must first become <code>root</code>.
207 To install and change the variable DHCP with Nano (ctrl + x to save & exit):
208 </p>
209 <pre>
210 $ su
211 # tazpkg get-install rp-pppoe
212 # nano /etc/network.conf
213 </pre>
214 <h4>Configure with pppoe-setup</h4>
215 <p>
216 To begin to configure your PPPoE connection, you must first open an Xterm or
217 Linux console and launch <code>pppoe-setup</code> and then begin to answer
218 the following questions:
219 </p>
220 <pre>
221 # pppoe-setup
222 </pre>
223 <ol>
224 <li>Enter your username, please note that this is the username with which you
225 communicate with your ISP.</li>
226 <li>Internet interface, default is eth0 unless you have more than one,
227 in which case you will have eth1, eth2, etc. Usually the Enter key is
228 sufficient.</li>
229 <li>If you have a permanent ASDL link answer
230 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
231 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
232 <li>Enter the password with which you communicate with your ISP (you need
233 to enter it twice).</li>
234 <li>Choose the firewall settings depending on your hardware. If you
235 have a router you can enter 1 or 2. If in doubt enter 1.</li>
236 </ol>
237 <h4>Start and Stop the connection</h4>
238 <p>
239 Still using the command line, simply type <code>pppoe-start</code> to start
240 the connection. A few seconds later the system tells you that it is connected.
241 If it gives you a message like TIMED OUT, you may have poorly configured or
242 the connection is defective. Please check the wiring and repeat the installation
243 from the beginning. To start the connection:
244 </p>
245 <pre> # pppoe-start
246 </pre>
247 <p>
248 To stop the connection, you can type
249 <code>pppoe-stop</code>.
250 </p>
252 <a name="firewall"></a>
253 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
254 <p>
255 SliTaz provides a very basic firewall, the kernel security rules are launched
256 at boot time and iptables rules are disabled by default. You can
257 activate/disable these at startup by using the configuration file:
258 /etc/firewall.conf.
259 </p>
260 <p>
261 The default <em>firewall</em> script begins with its own set options for the
262 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
263 spoof filters. The script then launches the rules defined in the
264 <code>iptables_rules()</code> function of the configuration file:
265 /etc/firewall.conf.
266 </p>
267 <p>
268 The <em>firewall</em> uses Iptables, it consists of two files, the
269 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
270 these. Note Iptables has lots of options, for more infomation see the official
271 documentation available online:
272 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
273 </p>
274 <h4>Start, stop, restart the firewall</h4>
275 <p>
276 The script /etc/init.d/firewall lets you start/restart, stop or display the
277 status of the firewall. The restart option is often used to test new rules
278 after editing the configuration file. Example:
279 </p>
280 <pre>
281 # /etc/init.d/firewall restart
282 </pre>
283 <h4>Enable/Disable the firewall at boot</h4>
284 <p>
285 To enable/disable options specific to the Kernel place "yes"
286 or "no" in the variable KERNEL_SECURITY= :
287 </p>
288 <pre class="script">
289 # Enable/disable kernel security at boot time.
290 KERNEL_SECURITY="yes"
291 </pre>
292 <p>
293 and to activate/deactivate the iptables rules, it is necessary to modify the
294 variable IPTABLES_RULES= :
295 </p>
296 <pre class="script">
297 # Enable/disable iptables rules.
298 IPTABLES_RULES="yes"
299 </pre>
300 <h4>Add, delete or modify the iptables rules</h4>
301 <p>
302 At the bottom of the configuration file: /etc/firewall.conf, you will find a
303 function named: <code>iptables_rules()</code>. This function contains all of
304 the iptables commands to launch when the firewall starts. To delete a rule, It
305 is advisable to comment out the corresponding line with a <code>#</code>. It is
306 <em>not</em> advisable to leave the function completely empty, if you want to disable the
307 iptables rules just add "no" to the variable IPTABLES_RULES= in the
308 configuration file.
309 </p>
310 <p>
311 Here's an example of using iptables rules. It only allows connections on the
312 localhost and the local network, and ports 80, 22, and 21 used by the web server
313 HTTP, the SSH secure server and FTP respectively. All other incoming and
314 outgoing connections are refused, so it's fairly restrictive.
315 </p>
316 <pre class="script">
317 # Netfilter/iptables rules.
318 # This shell function is included in /etc/init.d/firewall.sh
319 # to start iptables rules.
320 #
321 iptables_rules()
322 {
324 # Drop all connections.
325 iptables -P INPUT DROP
326 iptables -P OUTPUT DROP
328 # Accept all on localhost (127.0.0.1).
329 iptables -A INPUT -i lo -j ACCEPT
330 iptables -A OUTPUT -o lo -j ACCEPT
332 # Accept all on the local network (192.168.0.0/24).
333 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
334 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
336 # Accept port 80 for the HTTP server.
337 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
338 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
340 # Accept port 22 for SSH.
341 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
342 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
344 # Accept port 21 for active FTP connections.
345 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
346 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
348 }
350 </pre>
352 <!-- End of content -->
353 </div>
355 <!-- Footer. -->
356 <div id="footer">
357 <div class="footer-right"></div>
358 <a href="#top">Top of the page</a> |
359 <a href="index.html">Table of contents</a>
360 </div>
362 <div id="copy">
363 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
364 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
365 Documentation is under
366 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
367 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
368 </div>
370 </body>
371 </html>