website view en/doc/handbook/network-config.html @ rev 321
en: Tidy up network-config
| author | Paul Issott <paul@slitaz.org> |
|---|---|
| date | Sun Mar 22 19:54:20 2009 +0000 (2009-03-22) |
| parents | 3f48fafb5633 |
| children | 3cc0ac292e95 |
line source
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 <head>
5 <title>SliTaz Handbook - Network configuration</title>
6 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" />
7 <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" />
8 <meta name="expires" content="never" />
9 <meta name="modified" content="2009-03-22 18:30:00" />
10 <meta name="publisher" content="www.slitaz.org" />
11 <meta name="author" content="Paul Issot, Christophe Lincoln"/>
12 <link rel="shortcut icon" href="favicon.ico" />
13 <link rel="stylesheet" type="text/css" href="book.css" />
14 </head>
15 <body bgcolor="#ffffff">
17 <!-- Header and quick navigation -->
18 <div id="header">
19 <div align="right" id="quicknav">
20 <a name="top"></a>
21 <a href="system-admin.html">System administration</a> |
22 <a href="index.html">Table of contents</a>
23 </div>
24 <h1><font color="#3E1220">SliTaz Handbook (en)</font></h1>
25 </div>
27 <!-- Content. -->
28 <div id="content">
29 <div class="content-right"></div>
31 <h2><font color="#DF8F06">Network configuration</font></h2>
33 <ul>
34 <li><a href="#about">About the Network.</a></li>
35 <li><a href="#netbox">Netbox</a> - Configure the network.</li>
36 <li><a href="#wifibox">Wifibox</a> - Configure wireless networks.</li>
37 <li><a href="#driver">Install network card driver</a> - Find and load
38 Kernel modules.</li>
39 <li><a href="#hostname">/etc/hostname</a> - Hostname.</li>
40 <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection
41 in Kernel mode.</li>
42 <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li>
43 <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li>
44 </ul>
46 <a name="about"></a>
47 <h3>About the Network</h3>
48 <p>
49 By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
50 network card has been identified as an <code>eth0</code> interface and you use
51 a router, your connection should already be working. DHCP is dynamically
52 configured, on each boot the client asks for a new IP address from
53 the DHCP server, which is integrated into the router, or on another computer.
54 If you need a static IP, you can directly edit config files or use the GUI
55 <code>netbox</code> available from the System menu --> System tools.
56 In a terminal or a Linux console, you can list all available network
57 interfaces with the command <code>ifconfig</code> followed by the
58 <code>-a</code> option:
59 </p>
60 <pre>
61 $ ifconfig -a
62 </pre>
63 <p>To display the Kernel's IP routing table, you can use the <code>route</code> command
64 without any arguments:
65 </p>
66 <pre>
67 $ route
68 </pre>
69 <p>
70 The system wide network configuration file is <code>/etc/network.conf</code>.
71 It can be graphically configured with <code>netbox</code> or directly edited by
72 the root administrator.
73 </p>
75 <a name="netbox"></a>
76 <h3>Netbox - Configure the network</h3>
77 <p>
78 Netbox is a small GTK+ application to configure a network interface using
79 DCHP or a fixed (static) IP address. The tabs can be used to start/stop the
80 connections and automatically change the values in the system files. Netbox
81 provides a system wide tab from which you can directly edit network
82 configuration files, and tabs to configure PPP/PPPoE username/passwords.
83 Servers such as SSH, DHCP, PXE, DNS, etc can also be configured and it's
84 possible to create your own virtual private network (VPN) using the tools
85 provided.
86 </p>
88 <img
89 src="images/screenshots/netbox.png"
90 alt="Slitaz Netbox"
91 style="width: 536px; height: 357px;" />
93 <p>
94 You can start netbox from the System tools menu or via a terminal:
95 </p>
96 <pre>
97 $ subox netbox
98 </pre>
100 <a name="wifibox"></a>
101 <h3>Wifibox - Graphical configuration of the wireless network</h3>
102 <p>
103 Wifibox is small interface to configure a network connection (Wifi,
104 WLAN, or Wireless). The 'Networks' tab displays a list of available
105 networks, just double click on a network name to connect. If the network
106 is secure, the key will then be sought.
107 </p>
109 <img
110 src="images/screenshots/wifibox.png"
111 alt="SliTaz Wifibox"
112 style="width: 533px; height: 330px;" />
114 <p>
115 The 'Favorites' tab allows you to set your preferred networks. Once a
116 network is added, just double click on the network name to connect. The
117 'Configuration' tab lets you configure a connection manually using the
118 advanced settings such as the mode or channel. The 'Drivers' tab allows
119 you to configure a network card; there are 3 options:
120 </p>
121 <ol>
122 <li>The card is supported directly by the kernel via a module.</li>
123 <li>The card needs a module and non-free firmware that can be installed
124 automatically via the auto-detect tool (tazhw).</li>
125 <li> The card is not supported by Linux and a Windows driver must be
126 installed via the Windows driver manager (tazndis).</li>
127 </ol>
129 <a name="driver"></a>
130 <h3>Install network card driver</h3>
131 <p>
132 In case you need a network card driver and don't know the driver name, you can
133 use the command <code>lspci</code> to find your card and then <code>modprobe</code>
134 to load a module. In Live mode you can use the SliTaz boot option
135 <code>modprobe=modules</code> to automatically load Kernel modules. To get a
136 list of all available network card drivers, display PCI eth cards and load a
137 module:
138 </p>
139 <pre>
140 # modprobe -l | grep drivers/net
141 # lspci | grep [Ee]th
142 # modprobe -v module_name
143 </pre>
144 <p>
145 On an installed system you just need to add the module_name to the variable
146 <code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module
147 on each boot.
148 </p>
150 <a name="hostname"></a>
151 <h3>/etc/hostname - The hostname</h3>
152 <p>
153 The file /etc/hostname sets the machine name. This is loaded at system
154 startup with the command 'hostname', without an argument this
155 command returns the current machine name:
156 </p>
157 <pre>
158 $ hostame
159 </pre>
160 <p>
161 To change the hostname, you can use the <code>echo</code> command or a text
162 editor available on SliTaz (you must be root). Example using <code>echo </code>
163 and the machine name <code>kayam</code>:
164 </p>
165 <pre>
166 # echo "kayam" > /etc/hostname
167 </pre>
169 <a name="pppoe"></a>
170 <h3>PPPoE connection kernel-mode</h3>
171 <p>
172 PPPoE connection in kernel-mode needs 2 files. The first file is
173 <code>/etc/ppp/options</code> where you must specify your login name:
174 </p>
175 <pre class="script">
176 plugin rp-pppoe.so
177 name <your provider connection ID>
178 noipdefault
179 defaultroute
180 mtu 1492
181 mru 1492
182 lock
183 </pre>
184 <p>
185 Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
186 </p>
187 <pre class="script">
188 # client server secret IP addresses
189 "your_login" * "your_password"
190 </pre>
191 <p>
192 The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
193 now connect to the internet with <code>pppd</code>:
194 </p>
195 <pre>
196 pppd eth0
197 </pre>
198 <p>
199 On an installed system you can start pppd on each boot using the local startup
200 script: <code>/etc/init.d/local.sh</code>
201 </p>
203 <a name="rp-pppoe"></a>
204 <h3>Enable Dial-up Modem - PPPoE with rp-pppoe</h3>
205 <p>
206 To set an ASDL protocol via PPPoE, SliTaz provides the utilities
207 package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you
208 can quickly configure the network. If you use DCHP it's even easier, because
209 the server from your ISP will take care of everything. If you do not have DHCP,
210 you must first disable its use via <code>DHCP="no"</code> from the
211 configuration file <code>/etc/network.conf</code>. It should be noted that to
212 modify configuration files and system logs you must first become <code>root</code>.
213 To install and change the variable DHCP with Nano (ctrl + x to save & exit):
214 </p>
215 <pre>
216 $ su
217 # tazpkg get-install rp-pppoe
218 # nano /etc/network.conf
219 </pre>
220 <h4>Configure with pppoe-setup</h4>
221 <p>
222 To begin to configure your PPPoE connection, you must first open an Xterm or
223 Linux console and launch <code>pppoe-setup</code> and then begin to answer
224 the following questions:
225 </p>
226 <pre>
227 # pppoe-setup
228 </pre>
229 <ol>
230 <li>Enter your username, please note that this is the username with which you
231 communicate with your ISP.</li>
232 <li>Internet interface, default is eth0 unless you have more than one,
233 in which case you will have eth1, eth2, etc. Usually the Enter key is
234 sufficient.</li>
235 <li>If you have a permanent ASDL link answer
236 <strong>yes</strong>, otherwise answer <strong>no</strong> (default).</li>
237 <li>Specify the primary and secondary DNS your ISP uses (you may have to ask).</li>
238 <li>Enter the password with which you communicate with your ISP (you need
239 to enter it twice).</li>
240 <li>Choose the firewall settings depending on your hardware. If you
241 have a router you can enter 1 or 2. If in doubt enter 1.</li>
242 </ol>
243 <h4>Start and Stop the connection</h4>
244 <p>
245 Still using the command line, simply type <code>pppoe-start</code> to start
246 the connection. A few seconds later the system tells you that it is connected.
247 If it gives you a message like TIMED OUT, you may have poorly configured or
248 the connection is defective. Please check the wiring and repeat the installation
249 from the beginning. To start the connection:
250 </p>
251 <pre> # pppoe-start
252 </pre>
253 <p>
254 To stop the connection, you can type
255 <code>pppoe-stop</code>.
256 </p>
258 <a name="firewall"></a>
259 <h3>Manage the Firewall (<em>firewall</em>) using Iptables</h3>
260 <p>
261 SliTaz provides a very basic firewall, the kernel security rules are launched
262 at boot time and iptables rules are disabled by default. You can
263 activate/disable these at startup by using the configuration file:
264 /etc/firewall.conf.
265 </p>
266 <p>
267 The default <em>firewall</em> script begins with its own set options for the
268 Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
269 spoof filters. The script then launches the rules defined in the
270 <code>iptables_rules()</code> function of the configuration file:
271 /etc/firewall.conf.
272 </p>
273 <p>
274 The <em>firewall</em> uses Iptables, it consists of two files, the
275 /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify
276 these. Note Iptables has lots of options, for more infomation see the official
277 documentation available online:
278 <a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>.
279 </p>
280 <h4>Start, stop, restart the firewall</h4>
281 <p>
282 The script /etc/init.d/firewall lets you start/restart, stop or display the
283 status of the firewall. The restart option is often used to test new rules
284 after editing the configuration file. Example:
285 </p>
286 <pre>
287 # /etc/init.d/firewall restart
288 </pre>
289 <h4>Enable/Disable the firewall at boot</h4>
290 <p>
291 To enable/disable options specific to the Kernel place "yes"
292 or "no" in the variable KERNEL_SECURITY= :
293 </p>
294 <pre class="script">
295 # Enable/disable kernel security at boot time.
296 KERNEL_SECURITY="yes"
297 </pre>
298 <p>
299 and to activate/deactivate the iptables rules, it is necessary to modify the
300 variable IPTABLES_RULES= :
301 </p>
302 <pre class="script">
303 # Enable/disable iptables rules.
304 IPTABLES_RULES="yes"
305 </pre>
306 <h4>Add, delete or modify the iptables rules</h4>
307 <p>
308 At the bottom of the configuration file: /etc/firewall.conf, you will find a
309 function named: <code>iptables_rules()</code>. This function contains all of
310 the iptables commands to launch when the firewall starts. To delete a rule, It
311 is advisable to comment out the corresponding line with a <code>#</code>. It is
312 <em>not</em> advisable to leave the function completely empty, if you want to disable the
313 iptables rules just add "no" to the variable IPTABLES_RULES= in the
314 configuration file.
315 </p>
316 <p>
317 Here's an example of using iptables rules. It only allows connections on the
318 localhost and the local network, and ports 80, 22, and 21 used by the web server
319 HTTP, the SSH secure server and FTP respectively. All other incoming and
320 outgoing connections are refused, so it's fairly restrictive.
321 </p>
322 <pre class="script">
323 # Netfilter/iptables rules.
324 # This shell function is included in /etc/init.d/firewall.sh
325 # to start iptables rules.
326 #
327 iptables_rules()
328 {
330 # Drop all connections.
331 iptables -P INPUT DROP
332 iptables -P OUTPUT DROP
334 # Accept all on localhost (127.0.0.1).
335 iptables -A INPUT -i lo -j ACCEPT
336 iptables -A OUTPUT -o lo -j ACCEPT
338 # Accept all on the local network (192.168.0.0/24).
339 iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
340 iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
342 # Accept port 80 for the HTTP server.
343 iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT
344 iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT
346 # Accept port 22 for SSH.
347 iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT
348 iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT
350 # Accept port 21 for active FTP connections.
351 iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT
352 iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT
354 }
356 </pre>
358 <!-- End of content -->
359 </div>
361 <!-- Footer. -->
362 <div id="footer">
363 <div class="footer-right"></div>
364 <a href="#top">Top of the page</a> |
365 <a href="index.html">Table of contents</a>
366 </div>
368 <div id="copy">
369 Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> -
370 <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br />
371 Documentation is under
372 <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a>
373 and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>.
374 </div>
376 </body>
377 </html>