website view en/doc/handbook/network-config.html @ rev 156
en: Tidy website grammar
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Tue Sep 09 10:36:54 2008 +0000 (2008-09-09) |
| parents | 1aee368acd7c |
| children | 0b70fb72663e |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2008-07-17 22:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="system-admin.html">System administration</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li>
35 <li><a href="#driver">Install network card driver</a> - Find and load Kernel
36 modules.</li>
37 <li><a href="#netbox">Netbox</a> - Configure network.</li>
38 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in
39 Kernel mode.</li>
40 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
41 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
42 </ul>
44 <a name="eth"></a>
45 <h3>Ethernet connection</h3>
46 <p>
47 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
48 network card has been identified as an <code>eth0</code> interface and you use
49 a router, your connection should already be working. DHCP is dynamically
50 configured, on each boot the client asks for a new IP address from
51 the DHCP server, which is integrated into the router, or on another computer.
52 If you need a static IP, you can directly edit config files or use the GUI
53 <code>netbox</code> available from JWM menu --> System tools. In a terminal
54 or a Linux console, you can list all available network interfaces with the
55 command <code>ifconfig</code> followed by the <code>-a</code> option:
56 </p>
57 <pre>
58 $ ifconfig -a
59 </pre>
60 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
61 without any arguments:
62 </p>
63 <pre>
64 $ route
65 </pre>
66 <p>
67 The system wide network configuration file is <code>/etc/network.conf</code>.
68 It can be graphically configured with <code>netbox</code> or directly edited by
69 the root administrator.
70 </p>
72 <a name="driver"></a>
73 <h3>Install network card driver</h3>
74 <p>
75 In case you need a network card driver and don't know the driver name, you can
76 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
77 to load a module. In Live mode you can use the SliTaz boot option
78 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
79 list of all available network card drivers, display PCI eth cards and load a
80 module:
81 </p>
82 <pre>
83 # modprobe -l | grep drivers/net
84 # lspci | grep [Ee]th
85 # modprobe -v module_name
86 </pre>
87 <p>
88 On an installed system you just need to add the module_name to the variable
89 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
90 on each boot.
91 </p>
93 <a name="netbox"></a>
94 <h3>Netbox - Configure network</h3>
95 <p>
96 Netbox is a small GTK+ application to configure a network interface using <em>DCHP</em> or a fixed (<em>static</em>) IP address. The tabs can be used to start/stop the connections and automatically change the values in the system files. Netbox also provides a <em>system wide</em> tab from which you can directly edit network configuration files. You can start netbox from the system tools menu or via a terminal:
97 </p>
98 <pre>
99 # netbox
100 </pre>
102 <a name="pppoe"></a>
103 <h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3>
104 <p>
105 PPPoE connection in kernel-mode needs 2 files. The first file is
106 <code>/etc/ppp/options</code> where you must specify your login name:
107 </p>
108 <pre class="script">
109 plugin rp-pppoe.so
110 name <your provider connection ID>
111 noipdefault
112 defaultroute
113 mtu 1492
114 mru 1492
115 lock
116 </pre>
117 <p>
118 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
119 </p>
120 <pre class="script">
121 # client server secret IP addresses
122 "your_login" * "your_password"
123 </pre>
124 <p>
125 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
126 now connect to the internet with <code>pppd</code>:
127 </p>
128 <pre>
129 pppd eth0
130 </pre>
131 <p>
132 On an installed system you can start pppd on each boot using the local startup
133 script: <code>/etc/init.d/local.sh</code>
134 </p>
136 <a name="rp-pppoe"></a>
137 <h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3>
138 <p>
139 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
140 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
141 can quickly configure the network. If you use DCHP it's even easier, because
142 the server from your ISP will take care of everything. If you do not have DHCP,
143 you must first disable its use via <code>DHCP="no"</code> from the
144 configuration file <code>/etc/network.conf</code>. It should be noted that to
145 modify configuration files and system logs you must first become <code>root</code>.
146 To install and change the variable DHCP with Nano (ctrl + x to save & exit):
147 </p>
148 <pre>
149 $ su
150 # tazpkg get-install rp-pppoe
151 # nano /etc/network.conf
152 </pre>
153 <h4>Configure with pppoe-setup</h4>
154 <p>
155 To begin to configure your PPPoE connection, you must first open an Xterm or
156 Linux console and launch <code>pppoe-setup</code> and then begin to answer
157 the following questions:
158 </p>
159 <pre>
160 # pppoe-setup
161 </pre>
162 <ol>
163 <li>Enter your username, please note that this is the username with which you
164 communicate with your ISP.</li>
165 <li>Internet interface, default is eth0 unless you have more than one,
166 in which case you will have eth1, eth2, etc. Usually the Enter key is
167 sufficient.</li>
168 <li>If you have a permanent ASDL link answer
169 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
170 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
171 <li>Enter the password with which you communicate with your ISP (you need
172 to enter it twice).</li>
173 <li>Choose the firewall settings depending on your hardware. If you
174 have a router you can enter 1 or 2. If in doubt enter 1.</li>
175 </ol>
176 <h4>Start and Stop the connection</h4>
177 <p>
178 Still using the command line, simply type <code>pppoe-start</code> to start
179 the connection. A few seconds later the system tells you that it is connected.
180 If it gives you a message like TIMED OUT you may have poorly configured or
181 the connection is defective. Please check the wiring and repeat the installation
182 from the beginning. To start the connection:
183 </p>
184 <pre> # pppoe-start
185 </pre>
186 <p>
187 To stop the connection, you can type
188 <code>pppoe-stop</code>.
189 </p>
191 <a name="firewall"></a>
192 <h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3>
193 <p>
194 SliTaz provides a very basic firewall, the kernel security rules are launched
195 at boot time and iptables rules are disabled by default. You can
196 activate/disable these at startup by using the configuration file:
197 /etc/firewall.conf.
198 </p>
199 <p>
200 The default <em>firewall</em> script begins with its own set options for the
201 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
202 spoof filters. The script then launches the rules defined in the
203 <code>iptables_rules()</code> function of the configuration file:
204 /etc/firewall.conf.
205 </p>
206 <p>
207 The <em>firewall</em> uses Iptables, it consists of two files, the
208 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
209 these. Note Iptables has lots of options, for more infomation see the official
210 documentation available online:
211 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
212 </p>
213 <h4>Start, stop, restart the firewall</h4>
214 <p>
215 The script /etc/init.d/firewall lets you start/restart, stop or display the
216 status of the firewall. The restart option is often used to test new rules
217 after editing the configuration file. Example:
218 </p>
219 <pre>
220 # /etc/init.d/firewall restart
221 </pre>
222 <h4>Enable/Disable the firewall at boot</h4>
223 <p>
224 To enable/disable options specific to the Kernel place "yes"
225 or "no" in the variable KERNEL_SECURITY= :
226 </p>
227 <pre class="script">
228 # Enable/disable kernel security at boot time.
229 KERNEL_SECURITY="yes"
230 </pre>
231 <p>
232 and to activate/deactivate the iptables rules, it is necessary to modify the
233 variable IPTABLES_RULES= :
234 </p>
235 <pre class="script">
236 # Enable/disable iptables rules.
237 IPTABLES_RULES="yes"
238 </pre>
239 <h4>Add, delete or modify the iptables rules</h4>
240 <p>
241 At the bottom of the configuration file: /etc/firewall.conf, you will find a
242 function named: <code>iptables_rules()</code>. This function contains all of
243 the iptables commands to launch when the firewall starts. To delete a rule, It
244 is advisable to comment out the corresponding line with a <code>#</code>. It is
245 <em>not</em> advisable to leave the function completely empty, if you want to disable the
246 iptables rules just add "no" to the variable IPTABLES_RULES= in the
247 configuration file.
248 </p>
249 <p>
250 Here's an example of using iptables rules. It only allows connections on the
251 localhost and the local network, and ports 80, 22, and 21 used by the web server
252 HTTP, the SSH secure server and FTP respectively. All other incoming and
253 outgoing connections are refused, so it's fairly restrictive.
254 </p>
255 <pre class="script">
256 # Netfilter/iptables rules.
257 # This shell function is included in /etc/init.d/firewall.sh
258 # to start iptables rules.
259 #
260 iptables_rules()
261 {
263 # Drop all connections.
264 iptables -P INPUT DROP
265 iptables -P OUTPUT DROP
267 # Accept all on localhost (127.0.0.1).
268 iptables -A INPUT -i lo -j ACCEPT
269 iptables -A OUTPUT -o lo -j ACCEPT
271 # Accept all on the local network (192.168.0.0/24).
272 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
273 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
275 # Accept port 80 for the HTTP server.
276 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
277 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
279 # Accept port 22 for SSH.
280 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
281 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
283 # Accept port 21 for active FTP connections.
284 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
285 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
287 }
289 </pre>
291 <!-- End of content -->
292 </div>
294 <!-- Footer. -->
295 <div id="footer">
296 <div class="footer-right"></div>
297 <a href="#top">Top of the page</a> |
298 <a href="index.html">Table of contents</a>
299 </div>
301 <div id="copy">
302 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
303 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
304 Documentation is under
305 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
306 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
307 </div>
309 </body>
310 </html>