website view en/doc/handbook/network-config.html @ rev 669
Move year to slitaz.css
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sat Oct 30 21:52:02 2010 +0200 (2010-10-30) |
| parents | 0e0bc81a63ee |
| children |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2009-03-23 19:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="system-admin.html">System administration</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="network-config.html#about">About the Network.</a></li>
35 <li><a href="network-config.html#netbox">Netbox</a> - Configure the network.</li>
36 <li><a href="network-config.html#wifibox">Wifibox</a> - Configure wireless networks.</li>
37 <li><a href="network-config.html#hostname">/etc/hostname</a> - Hostname.</li>
38 <li><a href="network-config.html#network.conf">/etc/network.conf</a> - Network
39 configuration file.</li>
40 <li><a href="network-config.html#dynamicIP">Dynamic IP</a> - Client DHCP udhcpc.</li>
41 <li><a href="network-config.html#staticIP">Static IP</a> - Using a specific address.</li>
42 <li><a href="network-config.html#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection
43 in Kernel mode.</li>
44 <li><a href="network-config.html#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
45 <li><a href="network-config.html#driver">Install network card driver</a> - Find and load
46 Kernel modules.</li>
47 <li><a href="network-config.html#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
48 </ul>
50 <a name="about"></a>
51 <h3>About the Network</h3>
52 <p>
53 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
54 network card has been identified as an <code>eth0</code> interface and you use
55 a router, your connection should already be working. DHCP is dynamically
56 configured, on each boot the client asks for a new IP address from
57 the DHCP server which is integrated into the router, or on another computer.
58 If you need a static IP, you can directly edit config files or use the GUI
59 <code>netbox</code> available from the System menu --> System tools.
60 In a terminal or a Linux console, you can list all available network
61 interfaces with the command <code>ifconfig</code> followed by the
62 <code>-a</code> option:
63 </p>
64 <pre>
65 $ ifconfig -a
66 </pre>
67 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
68 without any arguments:
69 </p>
70 <pre>
71 $ route
72 </pre>
73 <p>
74 The system wide network configuration file is <code>/etc/network.conf</code>.
75 It can be graphically configured with <code>netbox</code> or directly edited by
76 the root administrator.
77 </p>
79 <a name="netbox"></a>
80 <h3>Netbox - Configure the network</h3>
81 <p>
82 Netbox is a small GTK+ application to configure a network interface using
83 DCHP or a fixed (static) IP address. The tabs can be used to start/stop the
84 connections and automatically change the values in the system files. Netbox
85 provides a system wide tab from which you can directly edit network
86 configuration files, and tabs to configure PPP/PPPoE username/passwords.
87 Servers such as SSH, DHCP, PXE, DNS, etc can also be configured and it's
88 possible to create your own virtual private network (VPN) using the tools
89 provided.
90 </p>
92 <img
93 src="images/screenshots/netbox.png"
94 alt="Slitaz Netbox"
95 style="width: 536px; height: 357px;" />
97 <p>
98 You can start netbox from the System tools menu or via a terminal:
99 </p>
100 <pre>
101 $ subox netbox
102 </pre>
104 <a name="wifibox"></a>
105 <h3>Wifibox - Graphical configuration of the wireless network</h3>
106 <p>
107 Wifibox is small interface to configure a network connection (Wifi,
108 WLAN, or Wireless). The 'Networks' tab displays a list of available
109 networks, just double click on a network name to connect. If the network
110 is secure, the key will then be sought.
111 </p>
113 <img
114 src="images/screenshots/wifibox.png"
115 alt="SliTaz Wifibox"
116 style="width: 533px; height: 330px;" />
118 <p>
119 The 'Favorites' tab allows you to set your preferred networks. Once a
120 network is added, just double click on the network name to connect. The
121 'Configuration' tab lets you configure a connection manually using the
122 advanced settings such as the mode or channel. The 'Drivers' tab allows
123 you to configure a network card; there are 3 options:
124 </p>
125 <ol>
126 <li>The card is supported directly by the kernel via a module.</li>
127 <li>The card needs a module and non-free firmware that can be installed
128 automatically via the auto-detect tool (tazhw).</li>
129 <li> The card is not supported by Linux and a Windows driver must be
130 installed via the Windows driver manager (tazndis).</li>
131 </ol>
133 <a name="hostname"></a>
134 <h3>/etc/hostname - The hostname</h3>
135 <p>
136 The file /etc/hostname sets the machine name. This is loaded at system
137 startup with the command 'hostname', without an argument this
138 command returns the current machine name:
139 </p>
140 <pre>
141 $ hostame
142 </pre>
143 <p>
144 To change the hostname, you can use the <code>echo</code> command or a text
145 editor available on SliTaz (you must be root). Example using <code>echo </code>
146 and the machine name <code>kayam</code>:
147 </p>
148 <pre>
149 # echo "kayam" > /etc/hostname
150 </pre>
152 <a name="network.conf"></a>
153 <h3>/etc/network.conf</h3>
154 <p>
155 /etc/network.conf is the SliTaz system network configuration file. It's syntax
156 is simple and you can edit its contents with a text editor such as Nano.
157 /etc/network.conf is used by the script /etc/init.d/network.sh to configure the
158 network interface at boot time.
159 </p>
161 <a name="dynamicIP"></a>
162 <h3>Dynamic IP - DHCP client udhcpc</h3>
163 <p>
164 The DHCP client udhcpc supplied with Busybox uses the
165 /usr/share/udhcpc/default.script to get an IP address dynamically at
166 boot. It supports various options which you can view with the
167 <code>--help</code> option:
168 </p>
169 <pre> # udhcpc --help
170 </pre>
171 <p>
172 To disable udhcpc on eth0 or modify the interface (eg eth1), you must
173 edit the /etc/network.conf file and place the value "no" in the variable DHCP=:
174 </p>
175 <pre class="script">
176 # Dynamic IP address.
177 # Enable/disable DHCP client at boot time.
178 DHCP="no"
179 </pre>
181 <a name="staticIP"></a>
182 <h3>Static IP - Using a specific address</h3>
183 <p>
184 You can specify a fixed IP address to configure at boot time by using
185 the value "yes" in the variable STATIC=:
186 </p>
187 <pre class="script">
188 # Static IP address.
189 # Enable/disable static IP at boot time.
190 STATIC="yes"
191 </pre>
192 <p>
193 For the configuration to work, you must specify an IP address, its subnet
194 mask, a default gateway (gateway) and DNS server to use. Example:
195 </p>
196 <pre class="script">
197 # Set IP address, and netmask for a static IP.
198 IP="192.168.0.6"
199 NETMASK="255.255.255.0"
201 # Set route gateway for a static IP.
202 GATEWAY="192.168.0.1"
204 # Set DNS server. for a static IP.
205 DNS_SERVER="192.168.0.1"
206 </pre>
208 <a name="pppoe"></a>
209 <h3>PPPoE connection kernel-mode</h3>
210 <p>
211 PPPoE connection in kernel-mode needs 2 files. The first file is
212 <code>/etc/ppp/options</code> where you must specify your login name:
213 </p>
214 <pre class="script">
215 plugin rp-pppoe.so
216 name <your provider connection ID>
217 noipdefault
218 defaultroute
219 mtu 1492
220 mru 1492
221 lock
222 </pre>
223 <p>
224 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
225 </p>
226 <pre class="script">
227 # client server secret IP addresses
228 "your_login" * "your_password"
229 </pre>
230 <p>
231 The config file /etc/resolv.conf will be automatically loaded. Finished, you can
232 now connect to the internet with <code>pppd</code>:
233 </p>
234 <pre>
235 pppd eth0
236 </pre>
237 <p>
238 On an installed system you can start pppd on each boot using the local startup
239 script: <code>/etc/init.d/local.sh</code>
240 </p>
242 <a name="rp-pppoe"></a>
243 <h3>Enable Dial-up Modem - PPPoE with rp-pppoe</h3>
244 <p>
245 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
246 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
247 can quickly configure the network. If you use DCHP it's even easier, because
248 the server from your ISP will take care of everything. If you do not have DHCP,
249 you must first disable its use via <code>DHCP="no"</code> in the
250 configuration file <code>/etc/network.conf</code>. It should be noted that to
251 modify configuration files and system logs you must first become <code>root</code>.
252 To install and change the variable DHCP with Nano (ctrl + X to save & exit):
253 </p>
254 <pre>
255 $ su
256 # tazpkg get-install rp-pppoe
257 # nano /etc/network.conf
258 </pre>
259 <h4>Configure with pppoe-setup</h4>
260 <p>
261 To begin to configure your PPPoE connection, you must first open an Xterm or
262 Linux console and launch <code>pppoe-setup</code> and then begin to answer
263 the following questions:
264 </p>
265 <pre>
266 # pppoe-setup
267 </pre>
268 <ol>
269 <li>Enter your username, please note that this is the username with which you
270 communicate with your ISP.</li>
271 <li>Internet interface, default is eth0 unless you have more than one,
272 in which case you will have eth1, eth2, etc. Usually the Enter key is
273 sufficient.</li>
274 <li>If you have a permanent ASDL link answer
275 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
276 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
277 <li>Enter the password with which you communicate with your ISP (you need
278 to enter it twice).</li>
279 <li>Choose the firewall settings depending on your hardware. If you
280 have a router you can enter 1 or 2. If in doubt enter 1.</li>
281 </ol>
282 <h4>Start and Stop the connection</h4>
283 <p>
284 Still using the command line, simply type <code>pppoe-start</code> to start
285 the connection. A few seconds later the system tells you that it is connected.
286 If it gives you a message like TIMED OUT, you may have poorly configured or
287 the connection is defective. Please check the wiring and repeat the installation
288 from the beginning. To start the connection:
289 </p>
290 <pre> # pppoe-start
291 </pre>
292 <p>
293 To stop the connection, you can type
294 <code>pppoe-stop</code>.
295 </p>
297 <a name="driver"></a>
298 <h3>Install network card driver</h3>
299 <p>
300 In case you need a network card driver and don't know the driver name, you can
301 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
302 to load a module. In Live mode you can use the SliTaz boot option
303 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
304 list of all available network card drivers, display PCI eth cards and load a
305 module:
306 </p>
307 <pre>
308 # modprobe -l | grep drivers/net
309 # lspci | grep [Ee]th
310 # modprobe -v module_name
311 </pre>
312 <p>
313 On an installed system you just need to add the module_name to the variable
314 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
315 on each boot.
316 </p>
318 <a name="firewall"></a>
319 <h3>Manage the Firewall (<em>firewall</em>) using Iptables</h3>
320 <p>
321 SliTaz provides a very basic firewall, the kernel security rules are launched
322 at boot time and iptables rules are disabled by default. You can
323 activate/disable these at startup by using the configuration file
324 /etc/firewall.conf.
325 </p>
326 <p>
327 The default <em>firewall</em> script begins with its own set options for the
328 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
329 spoof filters. The script then launches the rules defined in the
330 <code>iptables_rules()</code> function of the configuration file:
331 /etc/firewall.conf.
332 </p>
333 <p>
334 The <em>firewall</em> uses Iptables, it consists of two files:
335 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
336 these. Note Iptables has lots of options. For more infomation see the official
337 documentation available online:
338 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
339 </p>
340 <h4>Start, stop, restart the firewall</h4>
341 <p>
342 The script /etc/init.d/firewall lets you start/restart, stop or display the
343 status of the firewall. The restart option is often used to test new rules
344 after editing the configuration file. Example:
345 </p>
346 <pre>
347 # /etc/init.d/firewall restart
348 </pre>
349 <h4>Enable/Disable the firewall at boot</h4>
350 <p>
351 To enable/disable options specific to the Kernel place "yes"
352 or "no" in the variable KERNEL_SECURITY= :
353 </p>
354 <pre class="script">
355 # Enable/disable kernel security at boot time.
356 KERNEL_SECURITY="yes"
357 </pre>
358 <p>
359 and to activate/deactivate the iptables rules, it is necessary to modify the
360 IPTABLES_RULES= variable :
361 </p>
362 <pre class="script">
363 # Enable/disable iptables rules.
364 IPTABLES_RULES="yes"
365 </pre>
366 <h4>Add, delete or modify the iptables rules</h4>
367 <p>
368 At the bottom of the configuration file: /etc/firewall.conf, you will find a
369 function named: <code>iptables_rules()</code>. This function contains all of
370 the iptables commands to launch when the firewall starts. To delete a rule, It
371 is advisable to comment out the corresponding line with a <code>#</code>. It is
372 <em>not</em> advisable to leave the function completely empty, if you want to disable the
373 iptables rules just add "no" to the variable IPTABLES_RULES= in the
374 configuration file.
375 </p>
376 <p>
377 Here's an example of using iptables rules. It only allows connections on the
378 localhost and the local network, and ports 80, 22, and 21 used by the web server
379 HTTP, the SSH secure server and FTP respectively. All other incoming and
380 outgoing connections are refused, so it's fairly restrictive.
381 </p>
382 <pre class="script">
383 # Netfilter/iptables rules.
384 # This shell function is included in /etc/init.d/firewall.sh
385 # to start iptables rules.
386 #
387 iptables_rules()
388 {
390 # Drop all connections.
391 iptables -P INPUT DROP
392 iptables -P OUTPUT DROP
394 # Accept all on localhost (127.0.0.1).
395 iptables -A INPUT -i lo -j ACCEPT
396 iptables -A OUTPUT -o lo -j ACCEPT
398 # Accept all on the local network (192.168.0.0/24).
399 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
400 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
402 # Accept port 80 for the HTTP server.
403 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
404 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
406 # Accept port 22 for SSH.
407 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
408 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
410 # Accept port 21 for active FTP connections.
411 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
412 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
414 }
415 </pre>
417 <!-- End of content -->
418 </div>
420 <!-- Footer. -->
421 <div id="footer">
422 <div class="footer-right"></div>
423 <a href="network-config.html#top">Top of the page</a> |
424 <a href="index.html">Table of contents</a>
425 </div>
427 <div id="copy">
428 Copyright © <span class="year"></span> <a href="http://www.slitaz.org/en/">SliTaz</a> -
429 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
430 Documentation is under
431 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
432 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
433 </div>
435 </body>
436 </html>