website view en/doc/handbook/network-config.html @ rev 192
en: Minor edit Hdbk
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Sun Nov 16 17:34:37 2008 +0000 (2008-11-16) |
| parents | 0b70fb72663e |
| children | 3f48fafb5633 |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2008-07-17 22:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="system-admin.html">System administration</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
36 modules.</li>
37 <li><a href="#netbox">Netbox</a> - Configure network.</li>
38 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
39 Kernel mode.</li>
40 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
41 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
42 </ul>
44 <a name="eth"></a>
45 <h3>Ethernet connection</h3>
46 <p>
47 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
48 network card has been identified as an <code>eth0</code> interface and you use
49 a router, your connection should already be working. DHCP is dynamically
50 configured, on each boot the client asks for a new IP address from
51 the DHCP server, which is integrated into the router, or on another computer.
52 If you need a static IP, you can directly edit config files or use the GUI
53 <code>netbox</code> available from JWM menu --> System tools. In a terminal
54 or a Linux console, you can list all available network interfaces with the
55 command <code>ifconfig</code> followed by the <code>-a</code> option:
56 </p>
57 <pre>
58 $ ifconfig -a
59 </pre>
60 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
61 without any arguments:
62 </p>
63 <pre>
64 $ route
65 </pre>
66 <p>
67 The system wide network configuration file is <code>/etc/network.conf</code>.
68 It can be graphically configured with <code>netbox</code> or directly edited by
69 the root administrator.
70 </p>
72 <a name="driver"></a>
73 <h3>Install network card driver</h3>
74 <p>
75 In case you need a network card driver and don't know the driver name, you can
76 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
77 to load a module. In Live mode you can use the SliTaz boot option
78 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
79 list of all available network card drivers, display PCI eth cards and load a
80 module:
81 </p>
82 <pre>
83 # modprobe -l | grep drivers/net
84 # lspci | grep [Ee]th
85 # modprobe -v module_name
86 </pre>
87 <p>
88 On an installed system you just need to add the module_name to the variable
89 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
90 on each boot.
91 </p>
93 <a name="netbox"></a>
94 <h3>Netbox - Configure network</h3>
95 <p>
96 Netbox is a small GTK+ application to configure a network interface using <em>DCHP</em> or a
97 fixed (<em>static</em>) IP address. The tabs can be used to start/stop the connections and
98 automatically change the values in the system files. Netbox also provides a <em>system wide</em> tab
99 from which you can directly edit network configuration files. You can start netbox from the
100 system tools menu or via a terminal:
101 </p>
102 <pre>
103 # netbox
104 </pre>
106 <a name="pppoe"></a>
107 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
108 <p>
109 PPPoE connection in kernel-mode needs 2 files. The first file is
110 <code>/etc/ppp/options</code> where you must specify your login name:
111 </p>
112 <pre class="script">
113 plugin rp-pppoe.so
114 name <your provider connection ID>
115 noipdefault
116 defaultroute
117 mtu 1492
118 mru 1492
119 lock
120 </pre>
121 <p>
122 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
123 </p>
124 <pre class="script">
125 # client server secret IP addresses
126 "your_login" * "your_password"
127 </pre>
128 <p>
129 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
130 now connect to the internet with <code>pppd</code>:
131 </p>
132 <pre>
133 pppd eth0
134 </pre>
135 <p>
136 On an installed system you can start pppd on each boot using the local startup
137 script: <code>/etc/init.d/local.sh</code>
138 </p>
140 <a name="rp-pppoe"></a>
141 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
142 <p>
143 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
144 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
145 can quickly configure the network. If you use DCHP it's even easier, because
146 the server from your ISP will take care of everything. If you do not have DHCP,
147 you must first disable its use via <code>DHCP="no"</code> from the
148 configuration file <code>/etc/network.conf</code>. It should be noted that to
149 modify configuration files and system logs you must first become <code>root</code>.
150 To install and change the variable DHCP with Nano (ctrl + x to save & exit):
151 </p>
152 <pre>
153 $ su
154 # tazpkg get-install rp-pppoe
155 # nano /etc/network.conf
156 </pre>
157 <h4>Configure with pppoe-setup</h4>
158 <p>
159 To begin to configure your PPPoE connection, you must first open an Xterm or
160 Linux console and launch <code>pppoe-setup</code> and then begin to answer
161 the following questions:
162 </p>
163 <pre>
164 # pppoe-setup
165 </pre>
166 <ol>
167 <li>Enter your username, please note that this is the username with which you
168 communicate with your ISP.</li>
169 <li>Internet interface, default is eth0 unless you have more than one,
170 in which case you will have eth1, eth2, etc. Usually the Enter key is
171 sufficient.</li>
172 <li>If you have a permanent ASDL link answer
173 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
174 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
175 <li>Enter the password with which you communicate with your ISP (you need
176 to enter it twice).</li>
177 <li>Choose the firewall settings depending on your hardware. If you
178 have a router you can enter 1 or 2. If in doubt enter 1.</li>
179 </ol>
180 <h4>Start and Stop the connection</h4>
181 <p>
182 Still using the command line, simply type <code>pppoe-start</code> to start
183 the connection. A few seconds later the system tells you that it is connected.
184 If it gives you a message like TIMED OUT, you may have poorly configured or
185 the connection is defective. Please check the wiring and repeat the installation
186 from the beginning. To start the connection:
187 </p>
188 <pre> # pppoe-start
189 </pre>
190 <p>
191 To stop the connection, you can type
192 <code>pppoe-stop</code>.
193 </p>
195 <a name="firewall"></a>
196 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
197 <p>
198 SliTaz provides a very basic firewall, the kernel security rules are launched
199 at boot time and iptables rules are disabled by default. You can
200 activate/disable these at startup by using the configuration file:
201 /etc/firewall.conf.
202 </p>
203 <p>
204 The default <em>firewall</em> script begins with its own set options for the
205 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
206 spoof filters. The script then launches the rules defined in the
207 <code>iptables_rules()</code> function of the configuration file:
208 /etc/firewall.conf.
209 </p>
210 <p>
211 The <em>firewall</em> uses Iptables, it consists of two files, the
212 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
213 these. Note Iptables has lots of options, for more infomation see the official
214 documentation available online:
215 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
216 </p>
217 <h4>Start, stop, restart the firewall</h4>
218 <p>
219 The script /etc/init.d/firewall lets you start/restart, stop or display the
220 status of the firewall. The restart option is often used to test new rules
221 after editing the configuration file. Example:
222 </p>
223 <pre>
224 # /etc/init.d/firewall restart
225 </pre>
226 <h4>Enable/Disable the firewall at boot</h4>
227 <p>
228 To enable/disable options specific to the Kernel place "yes"
229 or "no" in the variable KERNEL_SECURITY= :
230 </p>
231 <pre class="script">
232 # Enable/disable kernel security at boot time.
233 KERNEL_SECURITY="yes"
234 </pre>
235 <p>
236 and to activate/deactivate the iptables rules, it is necessary to modify the
237 variable IPTABLES_RULES= :
238 </p>
239 <pre class="script">
240 # Enable/disable iptables rules.
241 IPTABLES_RULES="yes"
242 </pre>
243 <h4>Add, delete or modify the iptables rules</h4>
244 <p>
245 At the bottom of the configuration file: /etc/firewall.conf, you will find a
246 function named: <code>iptables_rules()</code>. This function contains all of
247 the iptables commands to launch when the firewall starts. To delete a rule, It
248 is advisable to comment out the corresponding line with a <code>#</code>. It is
249 <em>not</em> advisable to leave the function completely empty, if you want to disable the
250 iptables rules just add "no" to the variable IPTABLES_RULES= in the
251 configuration file.
252 </p>
253 <p>
254 Here's an example of using iptables rules. It only allows connections on the
255 localhost and the local network, and ports 80, 22, and 21 used by the web server
256 HTTP, the SSH secure server and FTP respectively. All other incoming and
257 outgoing connections are refused, so it's fairly restrictive.
258 </p>
259 <pre class="script">
260 # Netfilter/iptables rules.
261 # This shell function is included in /etc/init.d/firewall.sh
262 # to start iptables rules.
263 #
264 iptables_rules()
265 {
267 # Drop all connections.
268 iptables -P INPUT DROP
269 iptables -P OUTPUT DROP
271 # Accept all on localhost (127.0.0.1).
272 iptables -A INPUT -i lo -j ACCEPT
273 iptables -A OUTPUT -o lo -j ACCEPT
275 # Accept all on the local network (192.168.0.0/24).
276 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
277 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
279 # Accept port 80 for the HTTP server.
280 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
281 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
283 # Accept port 22 for SSH.
284 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
285 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
287 # Accept port 21 for active FTP connections.
288 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
289 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
291 }
293 </pre>
295 <!-- End of content -->
296 </div>
298 <!-- Footer. -->
299 <div id="footer">
300 <div class="footer-right"></div>
301 <a href="#top">Top of the page</a> |
302 <a href="index.html">Table of contents</a>
303 </div>
305 <div id="copy">
306 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
307 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
308 Documentation is under
309 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
310 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
311 </div>
313 </body>
314 </html>