Network configuration
- Ethernet connection - DHCP or static IP.
- Install network card driver - Find and load Kernel modules.
- PPPoE kernel-mode - Dial-up modem connection in Kernel mode.
- PPPoE with rp-pppoe - Dial-up modem.
- Firewall - Manage the Firewall (Iptables).
Ethernet connection
By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
network card has been identified as an eth0
interface and you use
a router, your connection should already be working. DHCP is dynamically
configured, on each boot the client asks for a new IP address from
the DHCP server, which is integrated into the router, or on another computer.
If you need a static IP, you can directly edit config files or use the GUI
netbox
available from JWM menu --> System tools. In a terminal
or a Linux console, you can list all available network interfaces with the
command ifconfig
followed by the -a
option:
$ ifconfig -a
To display the Kernel's IP routing table, you can use the route
command
without any arguments:
$ route
The system wide network configuration file is /etc/network.conf
,
it can be graphically configured with netbox
or directly edited by
the root administrator.
Install network card driver
In case you need a network card driver and dont know the driver name, you can
use the command lspci
to find your card and then modprobe
to load a module. In Live mode you can use the SliTaz boot option
modprobe=modules
to automatically load Kernel modules. To get a
list of all available network card drivers, display PCI eth cards and load a
module:
# modprobe -l | grep drivers/net # lspci | grep [Ee]th # modprobe -v module_name
On an installed system you just need to add the module_name to the variable
LOAD_MODULES
in /etc/rcS.conf
to load your module
on each boot.
PPPoE connection kernel-mode
PPPoE connection in kernel-mode needs 2 files. The first file is
/etc/ppp/options
where you must specify your login name:
plugin rp-pppoe.so name <your provider connection ID> noipdefault defaultroute mtu 1492 mru 1492 lock
Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
# client server secret IP addresses "your_login" * "your_password"
The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
now connect to the internet with pppd
:
pppd eth0
On an installed system you can start pppd on each boot using the local startup
script: /etc/init.d/local.sh
Enable Dial-up Modem - PPPoE with rp-pppoe
To set an ASDL protocol via PPPoE, SliTaz provides the following utilities
package rp-pppoe
. Using pppoe-setup
is a snap and you
can quickly configure the network. If you use DCHP it's even easier, because
the server from your ISP will take care of everything. If you do not have DHCP,
you must first disable it's use via DHCP="no"
from the
configuration file /etc/network.conf
. It should be noted that to
modify configuration files and system logs you must first become su
.
To install and change the variable DHCP with Nano (ctrl + x to save & exit):
$ su # tazpkg get-install rp-pppoe # nano /etc/network.conf
Configure with pppoe-setup
To begin to configure your PPPoE connection, you must first open an Xterm or
Linux consule and launch pppoe-setup
and then begin to answer
the following questions:
# pppoe-setup
- Enter your username, please note that this is the username with which you communicate with your ISP.
- Internet interface, default is eth0 unless you have more than one, in which case you will have eth1, eth2 etc. Usually the Enter key is sufficient.
- If you have a permanent ASDL link answer yes, or no (default).
- Specify primary and secondary DNS your ISP uses (you may have to ask).
- Enter the password with which you communicate with your ISP (you need to enter twice).
- Choose the firewall or firewall depending on your hardware. If you have a router you can enter 1 or 2. If in doubt enter 1.
Start and Stop the connection
Still using the command line, simply type pppoe-start
to start
the connection. A few seconds later the system tells you that it is connected.
If it gives you a message like TIMED OUT you may have poorly configured or
the connection is defective. Please check the wiring and repeat the installation
from the beginning. To start the connection:
# pppoe-start
To stop the connection, you can use
pppoe-stop
, using the command line.
Manage the Firewall (firewall) using Iptables
SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file: /etc/firewall.conf.
The default firewall script begins with it's own set options for the
Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
spoof filters. The script then launches the rules defined in the
iptables_rules()
function of the configuration file:
/etc/firewall.conf.
The firewall uses Iptables, it consists of two files, the /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify these. Note Iptables has lots of options, for more infomation see the official documentation available online: www.netfilter.org/documentation/.
Start, stop, restart the firewall
The script /etc/init.d/firewall lets you start/restart, stop or display the status of the firewall. The restart option is often used to test new rules after editing the configuration file. Example:
# /etc/init.d/firewall restart
Enable/Disable the firewall at boot
To enable/disable options specific to the Kernel place, "yes" or "no" in the variable KERNEL_SECURITY= :
# Enable/disable kernel security at boot time. KERNEL_SECURITY="yes"
and to activate/deactivate the iptables rules, it is necessary to modify the variable IPTABLES_RULES= :
# Enable/disable iptables rules. IPTABLES_RULES="yes"
Add, delete or modify the iptables rules
At the bottom of the configuration file: /etc/firewall.conf. you will find a
function named: iptables_rules()
, this contains all of the iptables
commands to launch when the firewall starts. To delete a rule, It is advisable
to comment out the corresponding line with a #
. It is not
advisable to leave the function completely empty, if you want to disable
iptables rules just add "no" to the variable IPTABLES_RULES= in the
configuration file.
Here's an example of using iptables rules, it refuses all connections incoming and outgoing, only allowing connections on the localhost, the local network, ports 80 and 22 used respectively by the web server HTTP and SSH secure server and port 21 for FTP; so it's very restrictive.
# Netfilter/iptables rules. # This shell function is include in /etc/init.d/firewall.sh # to start iptables rules. # iptables_rules() { # Drop all connexions. iptables -P INPUT DROP iptables -P OUTPUT DROP # Accept all on localhost (127.0.0.1). iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Accept all on the local network (192.168.0.0/24). iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT # Accept port 80 for the HTTP server. iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT # Accept port 22 for SSH. iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT # Accept port 21 for active FTP connections. iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT }