slitaz-doc-wiki-data annotate pages/en/handbook/networkconf.txt @ rev 140

Add TazPanel to en:handbook:networkconf
author Christian Mesh meshca@clarkson.edu
date Mon Mar 19 21:55:06 2012 +0000 (2012-03-19)
parents 70b5f3ae5339
children
rev   line source
slaxemulator@7 1 ====== Network Configuration ======
slaxemulator@7 2
slaxemulator@7 3 ===== About the Network =====
slaxemulator@7 4
slaxemulator@7 5 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your network card has been identified as an eth0 interface and you use a router, your connection should already be working. DHCP is dynamically configured, on each boot the client asks for a new IP address from the DHCP server which is integrated into the router, or on another computer. If you need a static IP, you can directly edit config files or use the GUI //netbox// available from the //System menu --> System// tools. In a terminal or a Linux console, you can list all available network interfaces with the command //ifconfig// followed by the //-a// option:
slaxemulator@7 6
slaxemulator@7 7 <code> $ ifconfig -a </code>
slaxemulator@7 8
slaxemulator@7 9 To display the Kernel's IP routing table, you can use the route command without any arguments:
slaxemulator@7 10
slaxemulator@7 11 <code> $ route </code>
slaxemulator@7 12
slaxemulator@7 13 The system wide network configuration file is ///etc/network.conf//. It can be graphically configured with netbox or directly edited by the root administrator.
slaxemulator@7 14
Christian@140 15 ==== TazPanel - Network ====
Christian@140 16
Christian@140 17 TazPanel aims to be the new way to configure your system. The legacy systems still exist below. The main network page in TazPanel displays current networking information. The other two tabs, Ethernet and Wifi allow you to configure each respectivly for your system.
Christian@140 18
slaxemulator@7 19 ===== Netbox - Configure the network =====
slaxemulator@7 20
slaxemulator@7 21 Netbox is a small GTK+ application to configure a network interface using DCHP or a fixed (static) IP address. The tabs can be used to start/stop the connections and automatically change the values in the system files. Netbox provides a system wide tab from which you can directly edit network configuration files, and tabs to configure PPP/PPPoE username/passwords. Servers such as SSH, DHCP, PXE, DNS, etc can also be configured and it's possible to create your own virtual private network (VPN) using the tools provided.
slaxemulator@7 22
slaxemulator@7 23 {{:en:handbook:image:netbox.png}}
slaxemulator@7 24
slaxemulator@7 25 You can start netbox from the System tools menu or via a terminal:
slaxemulator@7 26
slaxemulator@7 27 <code> $ subox netbox </code>
slaxemulator@7 28
slaxemulator@7 29 ===== Wifibox - Graphical configuration of the wireless network =====
slaxemulator@7 30
slaxemulator@7 31 Wifibox is small interface to configure a network connection (Wifi, WLAN, or Wireless). The 'Networks' tab displays a list of available networks, just double click on a network name to connect. If the network is secure, the key will then be sought.
slaxemulator@7 32
slaxemulator@7 33 {{:en:handbook:image:wifibox.png}}
slaxemulator@7 34
slaxemulator@7 35 The 'Favorites' tab allows you to set your preferred networks. Once a network is added, just double click on the network name to connect. The 'Configuration' tab lets you configure a connection manually using the advanced settings such as the mode or channel. The 'Drivers' tab allows you to configure a network card; there are 3 options:
slaxemulator@7 36
slaxemulator@7 37 - The card is supported directly by the kernel via a module.
slaxemulator@7 38 - The card needs a module and non-free firmware that can be installed automatically via the auto-detect tool (tazhw).
slaxemulator@7 39 - The card is not supported by Linux and a Windows driver must be installed via the Windows driver manager (tazndis).
slaxemulator@7 40
slaxemulator@7 41 ===== /etc/hostname - The hostname =====
slaxemulator@7 42
slaxemulator@7 43 The file ///etc/hostname// sets the machine name. This is loaded at system startup with the command 'hostname', without an argument this command returns the current machine name:
slaxemulator@7 44
slaxemulator@7 45 <code> $ hostame </code>
slaxemulator@7 46
slaxemulator@7 47 To change the hostname, you can use the echo command or a text editor available on SliTaz (you must be root). Example using echo and the machine name kayam:
slaxemulator@7 48
slaxemulator@7 49 <code> # echo "kayam" > /etc/hostname </code>
slaxemulator@7 50
slaxemulator@7 51 ===== /etc/network.conf =====
slaxemulator@7 52
slaxemulator@7 53 ///etc/network.conf// is the SliTaz system network configuration file. It's syntax is simple and you can edit its contents with a text editor such as Nano. ///etc/network.conf// is used by the script ///etc/init.d/network.sh// to configure the network interface at boot time.
slaxemulator@7 54
slaxemulator@7 55 ===== Dynamic IP - DHCP client udhcpc =====
slaxemulator@7 56
slaxemulator@7 57 The DHCP client udhcpc supplied with Busybox uses the ///usr/share/udhcpc/default.script// to get an IP address dynamically at boot. It supports various options which you can view with the <nowiki>--help</nowiki> option:
slaxemulator@7 58
slaxemulator@7 59 <code> # udhcpc --help </code>
slaxemulator@7 60
slaxemulator@7 61 To disable udhcpc on eth0 or modify the interface (eg eth1), you must edit the ///etc/network.conf// file and place the value "no" in the variable DHCP=:
slaxemulator@7 62
slaxemulator@7 63 <file>
slaxemulator@7 64 # Dynamic IP address.
slaxemulator@7 65 # Enable/disable DHCP client at boot time.
slaxemulator@7 66 DHCP="no"
slaxemulator@7 67 </file>
slaxemulator@7 68
slaxemulator@7 69 ===== Static IP - Using a specific address =====
slaxemulator@7 70
slaxemulator@7 71 You can specify a fixed IP address to configure at boot time by using the value "yes" in the variable STATIC=:
slaxemulator@7 72
slaxemulator@7 73 <file>
slaxemulator@7 74 # Static IP address.
slaxemulator@7 75 # Enable/disable static IP at boot time.
slaxemulator@7 76 STATIC="yes"
slaxemulator@7 77 </file>
slaxemulator@7 78
slaxemulator@7 79 For the configuration to work, you must specify an IP address, its subnet mask, a default gateway (gateway) and DNS server to use. Example:
slaxemulator@7 80
slaxemulator@7 81
slaxemulator@7 82 <file>
slaxemulator@7 83 # Set IP address, and netmask for a static IP.
slaxemulator@7 84 IP="192.168.0.6"
slaxemulator@7 85 NETMASK="255.255.255.0"
slaxemulator@7 86
slaxemulator@7 87 # Set route gateway for a static IP.
slaxemulator@7 88 GATEWAY="192.168.0.1"
slaxemulator@7 89
slaxemulator@7 90 # Set DNS server. for a static IP.
slaxemulator@7 91 DNS_SERVER="192.168.0.1"
slaxemulator@7 92
slaxemulator@7 93 </file>
slaxemulator@7 94
slaxemulator@7 95 ===== PPPoE connection kernel-mode =====
slaxemulator@7 96
slaxemulator@7 97 PPPoE connection in kernel-mode needs 2 files. The first file is ///etc/ppp/options// where you must specify your login name:
slaxemulator@7 98
slaxemulator@7 99 <file>
slaxemulator@7 100 plugin rp-pppoe.so
slaxemulator@7 101 name <your provider connection ID>
slaxemulator@7 102 noipdefault
slaxemulator@7 103 defaultroute
slaxemulator@7 104 mtu 1492
slaxemulator@7 105 mru 1492
slaxemulator@7 106 lock
slaxemulator@7 107 </file>
slaxemulator@7 108
slaxemulator@7 109 Now you have to configure ///etc/ppp/pap-secrets// or ///etc/ppp/chap-secrets//:
slaxemulator@7 110
slaxemulator@7 111
slaxemulator@7 112 <file>
slaxemulator@7 113 # client server secret IP addresses
slaxemulator@7 114 "your_login" * "your_password"
slaxemulator@7 115 </file>
slaxemulator@7 116
slaxemulator@7 117 The config file /etc/resolv.conf will be automatically loaded. Finished, you can now connect to the internet with pppd:
slaxemulator@7 118
slaxemulator@7 119 <code> # pppd eth0
slaxemulator@7 120 </code>
slaxemulator@7 121
slaxemulator@7 122 On an installed system you can start pppd on each boot using the local startup script: ///etc/init.d/local.sh//
slaxemulator@7 123
slaxemulator@7 124 ===== Enable Dial-up Modem - PPPoE with rp-pppoe =====
slaxemulator@7 125
slaxemulator@7 126 To set an ASDL protocol via PPPoE, SliTaz provides the utilities package //rp-pppoe//. Using pppoe-setup is a snap and you can quickly configure the network. If you use DCHP it's even easier, because the server from your ISP will take care of everything. If you do not have DHCP, you must first disable its use via DHCP="no" in the configuration file ///etc/network.conf//. It should be noted that to modify configuration files and system logs you must first become root. To install and change the variable DHCP with Nano (ctrl + X to save & exit):
slaxemulator@7 127
slaxemulator@7 128
slaxemulator@7 129 <code>
slaxemulator@7 130 $ su
slaxemulator@7 131 # tazpkg get-install rp-pppoe
slaxemulator@7 132 # nano /etc/network.conf
slaxemulator@7 133 </code>
slaxemulator@7 134
slaxemulator@7 135 === Configure with pppoe-setup ===
slaxemulator@7 136
slaxemulator@7 137 To begin to configure your PPPoE connection, you must first open an Xterm or Linux console and launch pppoe-setup and then begin to answer the following questions:
slaxemulator@7 138
slaxemulator@7 139
slaxemulator@7 140 <code> # pppoe-setup
slaxemulator@7 141 </code>
slaxemulator@7 142
slaxemulator@7 143 - Enter your username, please note that this is the username with which you communicate with your ISP.
slaxemulator@7 144 - Internet interface, default is eth0 unless you have more than one, in which case you will have eth1, eth2, etc. Usually the Enter key is sufficient.
slaxemulator@7 145 - If you have a permanent ASDL link answer yes, otherwise answer no (default).
slaxemulator@7 146 - Specify the primary and secondary DNS your ISP uses (you may have to ask).
slaxemulator@7 147 - Enter the password with which you communicate with your ISP (you need to enter it twice).
slaxemulator@7 148 - Choose the firewall settings depending on your hardware. If you have a router you can enter 1 or 2. If in doubt enter 1.
slaxemulator@7 149
slaxemulator@7 150 === Start and Stop the connection ===
slaxemulator@7 151
slaxemulator@7 152 Still using the command line, simply type pppoe-start to start the connection. A few seconds later the system tells you that it is connected. If it gives you a message like TIMED OUT, you may have poorly configured or the connection is defective. Please check the wiring and repeat the installation from the beginning. To start the connection:
slaxemulator@7 153
slaxemulator@7 154 <code> # pppoe-start
slaxemulator@7 155 </code>
slaxemulator@7 156
slaxemulator@7 157 To stop the connection, you can type:
slaxemulator@7 158 <code> # pppoe-stop
slaxemulator@7 159 </code>
slaxemulator@7 160
slaxemulator@7 161 ===== Install network card driver =====
slaxemulator@7 162
slaxemulator@7 163 In case you need a network card driver and don't know the driver name, you can use the command lspci to find your card and then modprobe to load a module. In Live mode you can use the SliTaz boot option modprobe=modules to automatically load Kernel modules. To get a list of all available network card drivers, display PCI eth cards and load a module:
slaxemulator@7 164
slaxemulator@7 165
slaxemulator@7 166 <code>
slaxemulator@7 167 # modprobe -l | grep drivers/net
slaxemulator@7 168 # lspci | grep [Ee]th
slaxemulator@7 169 # modprobe -v module_name
slaxemulator@7 170 </code>
slaxemulator@7 171
slaxemulator@7 172 On an installed system you just need to add the module_name to the variable LOAD_MODULES in ///etc/rcS.conf// to load your module on each boot.
slaxemulator@7 173
slaxemulator@7 174 ===== Manage the Firewall (firewall) using Iptables =====
slaxemulator@7 175
slaxemulator@7 176 SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file ///etc/firewall.conf//.
slaxemulator@7 177
slaxemulator@7 178 The default firewall script begins with its own set options for the Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and spoof filters. The script then launches the rules defined in the //iptables_rules()// function of the configuration file: ///etc/firewall.conf//.
slaxemulator@7 179
slaxemulator@7 180 The firewall uses Iptables, it consists of two files: ///etc/firewall.conf// and ///etc/init.d/firewall//, you shouldn't need to modify these. Note Iptables has lots of options. For more infomation see the official documentation available online: http://www.netfilter.org/documentation/.
slaxemulator@7 181
slaxemulator@7 182 === Start, stop, restart the firewall ===
slaxemulator@7 183
slaxemulator@7 184 The script ///etc/init.d/firewall// lets you start/restart, stop or display the status of the firewall. The restart option is often used to test new rules after editing the configuration file. Example:
slaxemulator@7 185
slaxemulator@7 186
slaxemulator@7 187 <code>
slaxemulator@7 188 # /etc/init.d/firewall restart
slaxemulator@7 189 </code>
slaxemulator@7 190
slaxemulator@7 191 === Enable/Disable the firewall at boot ===
slaxemulator@7 192
slaxemulator@7 193 To enable/disable options specific to the Kernel place "yes" or "no" in the variable KERNEL_SECURITY= :
slaxemulator@7 194
slaxemulator@7 195 <file>
slaxemulator@7 196 # Enable/disable kernel security at boot time.
slaxemulator@7 197 KERNEL_SECURITY="yes"
slaxemulator@7 198 </file>
slaxemulator@7 199
slaxemulator@7 200 And to activate/deactivate the iptables rules, it is necessary to modify the IPTABLES_RULES= variable :
slaxemulator@7 201
slaxemulator@7 202 <file>
slaxemulator@7 203 # Enable/disable iptables rules.
slaxemulator@7 204 IPTABLES_RULES="yes"
slaxemulator@7 205 </file>
slaxemulator@7 206
slaxemulator@7 207 === Add, delete or modify the iptables rules ===
slaxemulator@7 208
slaxemulator@7 209 At the bottom of the configuration file: ///etc/firewall.conf//, you will find a function named: //iptables_rules()//. This function contains all of the //iptables// commands to launch when the firewall starts. To delete a rule, It is advisable to comment out the corresponding line with a #. It is not advisable to leave the function completely empty, if you want to disable the iptables rules just add //"no"// to the variable //IPTABLES_RULES=// in the configuration file.
slaxemulator@7 210
slaxemulator@7 211 Here's an example of using iptables rules. It only allows connections on the localhost and the local network, and ports 80, 22, and 21 used by the web server HTTP, the SSH secure server and FTP respectively. All other incoming and outgoing connections are refused, so it's fairly restrictive.
slaxemulator@7 212
slaxemulator@7 213 <file>
slaxemulator@7 214 # Netfilter/iptables rules.
slaxemulator@7 215 # This shell function is included in /etc/init.d/firewall.sh
slaxemulator@7 216 # to start iptables rules.
slaxemulator@7 217 #
slaxemulator@7 218 iptables_rules()
slaxemulator@7 219 {
slaxemulator@7 220
slaxemulator@7 221 # Drop all connections.
slaxemulator@7 222 iptables -P INPUT DROP
slaxemulator@7 223 iptables -P OUTPUT DROP
slaxemulator@7 224
slaxemulator@7 225 # Accept all on localhost (127.0.0.1).
slaxemulator@7 226 iptables -A INPUT -i lo -j ACCEPT
slaxemulator@7 227 iptables -A OUTPUT -o lo -j ACCEPT
slaxemulator@7 228
slaxemulator@7 229 # Accept all on the local network (192.168.0.0/24).
slaxemulator@7 230 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
slaxemulator@7 231 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
slaxemulator@7 232
slaxemulator@7 233 # Accept port 80 for the HTTP server.
slaxemulator@7 234 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
slaxemulator@7 235 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
slaxemulator@7 236
slaxemulator@7 237 # Accept port 22 for SSH.
slaxemulator@7 238 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
slaxemulator@7 239 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
slaxemulator@7 240
slaxemulator@7 241 # Accept port 21 for active FTP connections.
slaxemulator@7 242 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
slaxemulator@7 243 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
slaxemulator@7 244
slaxemulator@7 245 }
slaxemulator@7 246 </file>
slaxemulator@7 247