website view en/doc/handbook/network-config.html @ rev 23
Fixed resolution in Artwork (en), typos
| author | Paul Issot <paul@slitaz.org> |
|---|---|
| date | Sun Apr 13 13:41:30 2008 +0100 (2008-04-13) |
| parents | cd23fe9aa506 |
| children | fb63123c9a72 |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2008-02-26 18:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="http://www.slitaz.org/en/">www.slitaz.org/en</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
36 modules.</li>
37 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
38 Kernel mode.</li>
39 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
40 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
41 </ul>
43 <a name="eth"></a>
44 <h3>Ethernet connection</h3>
45 <p>
46 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
47 network card has been identified as an <code>eth0</code> interface and you use
48 a router, your connection should already be working. DHCP is dynamically
49 configured, on each boot the client asks for a new IP address from
50 the DHCP server, which is integrated into the router, or on another computer.
51 If you need a static IP, you can directly edit config files or use the GUI
52 <code>netbox</code> available from JWM menu --> System tools. In a terminal
53 or a Linux console, you can list all available network interfaces with the
54 command <code>ifconfig</code> followed by the <code>-a</code> option:
55 </p>
56 <pre>
57 $ ifconfig -a
58 </pre>
59 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
60 without any arguments:
61 </p>
62 <pre>
63 $ route
64 </pre>
65 <p>
66 The system wide network configuration file is <code>/etc/network.conf</code>,
67 it can be graphically configured with <code>netbox</code> or directly edited by
68 the root administrator.
69 </p>
71 <a name="driver"></a>
72 <h3>Install network card driver</h3>
73 <p>
74 In case you need a network card driver and dont know the driver name, you can
75 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
76 to load a module. In Live mode you can use the SliTaz boot option
77 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
78 list of all available network card drivers, display PCI eth cards and load a
79 module:
80 </p>
81 <pre>
82 # modprobe -l | grep drivers/net
83 # lspci | grep [Ee]th
84 # modprobe -v module_name
85 </pre>
86 <p>
87 On an installed system you just need to add the module_name to the variable
88 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
89 on each boot.
90 </p>
92 <a name="pppoe"></a>
93 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
94 <p>
95 PPPoE connection in kernel-mode needs 2 files. The first file is
96 <code>/etc/ppp/options</code> where you must specify your login name:
97 </p>
98 <pre class="script">
99 plugin rp-pppoe.so
100 name <your provider connection ID>
101 noipdefault
102 defaultroute
103 mtu 1492
104 mru 1492
105 lock
106 </pre>
107 <p>
108 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
109 </p>
110 <pre class="script">
111 # client server secret IP addresses
112 "your_login" * "your_password"
113 </pre>
114 <p>
115 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
116 now connect to the internet with <code>pppd</code>:
117 </p>
118 <pre>
119 pppd eth0
120 </pre>
121 <p>
122 On an installed system you can start pppd on each boot using the local startup
123 script: <code>/etc/init.d/local.sh</code>
124 </p>
126 <a name="rp-pppoe"></a>
127 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
128 <p>
129 To set an ASDL protocol via PPPoE, SliTaz provides the following utilities
130 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
131 can quickly configure the network. If you use DCHP it's even easier, because
132 the server from your ISP will take care of everything. If you do not have DHCP,
133 you must first disable it's use via <code>DHCP="no"</code> from the
134 configuration file <code>/etc/network.conf</code>. It should be noted that to
135 modify configuration files and system logs you must first become <code>su</code>.
136 To install and change the variable DHCP with Nano (ctrl + x to save & exit):
137 </p>
138 <pre>
139 $ su
140 # tazpkg get-install rp-pppoe
141 # nano /etc/network.conf
142 </pre>
143 <h4>Configure with pppoe-setup</h4>
144 <p>
145 To begin to configure your PPPoE connection, you must first open an Xterm or
146 Linux consule and launch <code>pppoe-setup</code> and then begin to answer
147 the following questions:
148 </p>
149 <pre>
150 # pppoe-setup
151 </pre>
152 <ol>
153 <li>Enter your username, please note that this is the username with which you
154 communicate with your ISP.</li>
155 <li>Internet interface, default is eth0 unless you have more than one,
156 in which case you will have eth1, eth2 etc. Usually the Enter key is
157 sufficient.</li>
158 <li>If you have a permanent ASDL link answer
159 <strong>yes</strong>, or <strong>no</strong> (default).</li>
160 <li>Specify primary and secondary DNS your ISP uses (you may have to ask).</li>
161 <li>Enter the password with which you communicate with your ISP (you need
162 to enter twice).</li>
163 <li>Choose the firewall or firewall depending on your hardware. If you
164 have a router you can enter 1 or 2. If in doubt enter 1.</li>
165 </ol>
166 <h4>Start and Stop the connection</h4>
167 <p>
168 Still using the command line, simply type <code>pppoe-start</code> to start
169 the connection. A few seconds later the system tells you that it is connected.
170 If it gives you a message like TIMED OUT you may have poorly configured or
171 the connection is defective. Please check the wiring and repeat the installation
172 from the beginning. To start the connection:
173 </p>
174 <pre> # pppoe-start
175 </pre>
176 <p>
177 To stop the connection, you can use
178 <code>pppoe-stop</code>, using the command line.
179 </p>
181 <a name="firewall"></a>
182 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
183 <p>
184 SliTaz provides a very basic firewall, the kernel security rules are launched
185 at boot time and iptables rules are disabled by default. You can
186 activate/disable these at startup by using the configuration file:
187 /etc/firewall.conf.
188 </p>
189 <p>
190 The default <em>firewall</em> script begins with it's own set options for the
191 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
192 spoof filters. The script then launches the rules defined in the
193 <code>iptables_rules()</code> function of the configuration file:
194 /etc/firewall.conf.
195 </p>
196 <p>
197 The <em>firewall</em> uses Iptables, it consists of two files, the
198 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
199 these. Note Iptables has lots of options, for more infomation see the official
200 documentation available online:
201 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
202 </p>
203 <h4>Start, stop, restart the firewall</h4>
204 <p>
205 The script /etc/init.d/firewall lets you start/restart, stop or display the
206 status of the firewall. The restart option is often used to test new rules
207 after editing the configuration file. Example:
208 </p>
209 <pre>
210 # /etc/init.d/firewall restart
211 </pre>
212 <h4>Enable/Disable the firewall at boot</h4>
213 <p>
214 To enable/disable options specific to the Kernel place, "yes"
215 or "no" in the variable KERNEL_SECURITY= :
216 </p>
217 <pre class="script">
218 # Enable/disable kernel security at boot time.
219 KERNEL_SECURITY="yes"
220 </pre>
221 <p>
222 and to activate/deactivate the iptables rules, it is necessary to modify the
223 variable IPTABLES_RULES= :
224 </p>
225 <pre class="script">
226 # Enable/disable iptables rules.
227 IPTABLES_RULES="yes"
228 </pre>
229 <h4>Add, delete or modify the iptables rules</h4>
230 <p>
231 At the bottom of the configuration file: /etc/firewall.conf. you will find a
232 function named: <code>iptables_rules()</code>, this contains all of the iptables
233 commands to launch when the firewall starts. To delete a rule, It is advisable
234 to comment out the corresponding line with a <code>#</code>. It is not
235 advisable to leave the function completely empty, if you want to disable
236 iptables rules just add "no" to the variable IPTABLES_RULES= in the
237 configuration file.
238 </p>
239 <p>
240 Here's an example of using iptables rules, it refuses all connections incoming
241 and outgoing, only allowing connections on the localhost, the local network,
242 ports 80 and 22 used respectively by the web server HTTP and SSH secure server
243 and port 21 for FTP; so it's very restrictive.
244 </p>
245 <pre class="script">
246 # Netfilter/iptables rules.
247 # This shell function is include in /etc/init.d/firewall.sh
248 # to start iptables rules.
249 #
250 iptables_rules()
251 {
253 # Drop all connexions.
254 iptables -P INPUT DROP
255 iptables -P OUTPUT DROP
257 # Accept all on localhost (127.0.0.1).
258 iptables -A INPUT -i lo -j ACCEPT
259 iptables -A OUTPUT -o lo -j ACCEPT
261 # Accept all on the local network (192.168.0.0/24).
262 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
263 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
265 # Accept port 80 for the HTTP server.
266 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
267 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
269 # Accept port 22 for SSH.
270 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
271 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
273 # Accept port 21 for active FTP connections.
274 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
275 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
277 }
279 </pre>
281 <!-- End of content -->
282 </div>
284 <!-- Footer. -->
285 <div id="footer">
286 <div class="footer-right"></div>
287 <a href="#top">Top of the page</a> |
288 <a href="index.html">Table of contents</a>
289 </div>
291 <div id="copy">
292 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
293 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
294 Documentation is under
295 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
296 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
297 </div>
299 </body>
300 </html>