Network configuration

Ethernet connection

By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your network card has been identified as an eth0 interface and you use a router, your connection should already be working. DHCP is dynamically configured, on each boot the client asks for a new IP address from the DHCP server, which is integrated into the router, or on another computer. If you need a static IP, you can directly edit config files or use the GUI netbox available from JWM menu --> System tools. In a terminal or a Linux console, you can list all available network interfaces with the command ifconfig followed by the -a option:

 $ ifconfig -a

To display the Kernel's IP routing table, you can use the route command without any arguments:

$ route

The system wide network configuration file is /etc/network.conf, it can be graphically configured with netbox or directly edited by the root administrator.

Install network card driver

In case you need a network card driver and dont know the driver name, you can use the command lspci to find your card and then modprobe to load a module. In Live mode you can use the SliTaz boot option modprobe=modules to automatically load Kernel modules. To get a list of all available network card drivers, display PCI eth cards and load a module:

 # modprobe -l | grep drivers/net
 # lspci | grep [Ee]th
 # modprobe -v module_name

On an installed system you just need to add the module_name to the variable LOAD_MODULES in /etc/rcS.conf to load your module on each boot.

PPPoE connection kernel-mode

PPPoE connection in kernel-mode needs 2 files. The first file is /etc/ppp/options where you must specify your login name:

plugin rp-pppoe.so
name <your provider connection ID>
noipdefault
defaultroute
mtu 1492
mru 1492
lock

Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:

# client	       server	       secret			IP addresses
"your_login"       *               "your_password"

The config file /etc/resolv.conf will be automatically loaded up. Finished, you can now connect to the internet with pppd:

pppd eth0

On an installed system you can start pppd on each boot using the local startup script: /etc/init.d/local.sh

Enable Dial-up Modem - PPPoE with rp-pppoe

To set an ASDL protocol via PPPoE, SliTaz provides the following utilities package rp-pppoe. Using pppoe-setup is a snap and you can quickly configure the network. If you use DCHP it's even easier, because the server from your ISP will take care of everything. If you do not have DHCP, you must first disable it's use via DHCP="no" from the configuration file /etc/network.conf. It should be noted that to modify configuration files and system logs you must first become su. To install and change the variable DHCP with Nano (ctrl + x to save & exit):

 $ su
 # tazpkg get-install rp-pppoe
 # nano /etc/network.conf

Configure with pppoe-setup

To begin to configure your PPPoE connection, you must first open an Xterm or Linux consule and launch pppoe-setup and then begin to answer the following questions:

  # pppoe-setup
  1. Enter your username, please note that this is the username with which you communicate with your ISP.
  2. Internet interface, default is eth0 unless you have more than one, in which case you will have eth1, eth2 etc. Usually the Enter key is sufficient.
  3. If you have a permanent ASDL link answer yes, or no (default).
  4. Specify primary and secondary DNS your ISP uses (you may have to ask).
  5. Enter the password with which you communicate with your ISP (you need to enter twice).
  6. Choose the firewall or firewall depending on your hardware. If you have a router you can enter 1 or 2. If in doubt enter 1.

Start and Stop the connection

Still using the command line, simply type pppoe-start to start the connection. A few seconds later the system tells you that it is connected. If it gives you a message like TIMED OUT you may have poorly configured or the connection is defective. Please check the wiring and repeat the installation from the beginning. To start the connection:

 # pppoe-start

To stop the connection, you can use pppoe-stop, using the command line.

Manage the Firewall (firewall) using Iptables

SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file: /etc/firewall.conf.

The default firewall script begins with it's own set options for the Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and spoof filters. The script then launches the rules defined in the iptables_rules() function of the configuration file: /etc/firewall.conf.

The firewall uses Iptables, it consists of two files, the /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify these. Note Iptables has lots of options, for more infomation see the official documentation available online: www.netfilter.org/documentation/.

Start, stop, restart the firewall

The script /etc/init.d/firewall lets you start/restart, stop or display the status of the firewall. The restart option is often used to test new rules after editing the configuration file. Example:

 # /etc/init.d/firewall restart

Enable/Disable the firewall at boot

To enable/disable options specific to the Kernel place, "yes" or "no" in the variable KERNEL_SECURITY= :

# Enable/disable kernel security at boot time.
KERNEL_SECURITY="yes"

and to activate/deactivate the iptables rules, it is necessary to modify the variable IPTABLES_RULES= :

# Enable/disable iptables rules.
IPTABLES_RULES="yes"

Add, delete or modify the iptables rules

At the bottom of the configuration file: /etc/firewall.conf. you will find a function named: iptables_rules(), this contains all of the iptables commands to launch when the firewall starts. To delete a rule, It is advisable to comment out the corresponding line with a #. It is not advisable to leave the function completely empty, if you want to disable iptables rules just add "no" to the variable IPTABLES_RULES= in the configuration file.

Here's an example of using iptables rules, it refuses all connections incoming and outgoing, only allowing connections on the localhost, the local network, ports 80 and 22 used respectively by the web server HTTP and SSH secure server and port 21 for FTP; so it's very restrictive.

# Netfilter/iptables rules.
# This shell function is include in /etc/init.d/firewall.sh
# to start iptables rules.
#
iptables_rules()
{

# Drop all connexions.
iptables -P INPUT DROP
iptables -P OUTPUT DROP

# Accept all on localhost (127.0.0.1).
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Accept all on the local network (192.168.0.0/24).
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT

# Accept port 80 for the HTTP server.
iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT

# Accept port 22 for SSH.
iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT

# Accept port 21 for active FTP connections.
iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT

}

Copyright © 2008 SliTaz - GNU General Public License;
Documentation is under GNU Free Documentation License and code is valid xHTML 1.0.