website rev 15
Added PPPoE and Firewall to Handbook (en)
| author | Paul Issot <paul@slitaz.org> |
|---|---|
| date | Fri Apr 04 22:48:44 2008 +0000 (2008-04-04) |
| parents | a8d7c271956f |
| children | 2ceb4453710d |
| files | en/doc/handbook/index.html en/doc/handbook/network-config.html en/doc/handbook/system-admin.html |
line diff
1.1 --- a/en/doc/handbook/index.html Thu Apr 03 21:52:14 2008 +0000 1.2 +++ b/en/doc/handbook/index.html Fri Apr 04 22:48:44 2008 +0000 1.3 @@ -36,10 +36,12 @@ 1.4 at the command prompt.</li> 1.5 <li><a href="packages.html">Packages</a> - Install more software, keep 1.6 system up-to-date.</li> 1.7 + <li><a href="network-config.html">Network configuration</a> - Ethernet, DHCP, 1.8 + static IP or PPP dialup connection, Firewall (Iptables).</li> 1.9 <li><a href="system-admin.html">System administration</a> - Mount devices, 1.10 - manage users and groups, configure the network or daemons.</li> 1.11 + manage users and groups, adjust system time.</li> 1.12 <li><a href="x-window.html">X Window System</a> - Xvesa server, Slim Login 1.13 - and Window manager.</li> 1.14 + and Window managers.</li> 1.15 <li><a href="gen-livecd.html">Generate a LiveCD flavor</a> - Generate your 1.16 own LiveCD flavor using Tazlito.</li> 1.17 <li><a href="liveusb.html">LiveUSB media</a> - Create bootable USB media 1.18 @@ -81,3 +83,4 @@ 1.19 1.20 </body> 1.21 </html> 1.22 +
2.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 2.2 +++ b/en/doc/handbook/network-config.html Fri Apr 04 22:48:44 2008 +0000 2.3 @@ -0,0 +1,301 @@ 2.4 +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 2.5 + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 2.6 +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 2.7 +<head> 2.8 + <title>SliTaz Handbook - Network configuration</title> 2.9 + <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" /> 2.10 + <meta name="description" content="slitaz English handbook network config pppoe ppp eth dhcp" /> 2.11 + <meta name="expires" content="never" /> 2.12 + <meta name="modified" content="2008-02-26 18:30:00" /> 2.13 + <meta name="publisher" content="www.slitaz.org" /> 2.14 + <meta name="author" content="Paul Issot, Christophe Lincoln"/> 2.15 + <link rel="shortcut icon" href="favicon.ico" /> 2.16 + <link rel="stylesheet" type="text/css" href="book.css" /> 2.17 +</head> 2.18 +<body bgcolor="#ffffff"> 2.19 + 2.20 +<!-- Header and quick navigation --> 2.21 +<div id="header"> 2.22 +<div align="right" id="quicknav"> 2.23 + <a name="top"></a> 2.24 + <a href="http://www.slitaz.org/en/">www.slitaz.org/en</a> | 2.25 + <a href="index.html">Table of contents</a> 2.26 +</div> 2.27 +<h1><font color="#3E1220">SliTaz Handbook (en)</font></h1> 2.28 +</div> 2.29 + 2.30 +<!-- Content. --> 2.31 +<div id="content"> 2.32 +<div class="content-right"></div> 2.33 + 2.34 +<h2><font color="#DF8F06">Network configuration</font></h2> 2.35 + 2.36 +<ul> 2.37 + <li><a href="#eth">Ethernet connection</a> - DHCP or static IP.</li> 2.38 + <li><a href="#driver">Install network card driver</a> - Find and load Kernel 2.39 + modules.</li> 2.40 + <li><a href="#pppoe">PPPoE kernel-mode</a> - Dial-up modem connection in 2.41 + Kernel mode.</li> 2.42 + <li><a href="#rp-pppoe">PPPoE with rp-pppoe</a> - Dial-up modem.</li> 2.43 + <li><a href="#firewall">Firewall</a> - Manage the Firewall (Iptables).</li> 2.44 +</ul> 2.45 + 2.46 +<a name="eth"></a> 2.47 +<h3>Ethernet connection</h3> 2.48 +<p> 2.49 +By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your 2.50 +network card has been identified as an <code>eth0</code> interface and you use 2.51 +a router, your connection should already be working. DHCP is dynamically 2.52 +configured, on each boot the client asks for a new IP address from 2.53 +the DHCP server, which is integrated into the router, or on another computer. 2.54 +If you need a static IP, you can directly edit config files or use the GUI 2.55 +<code>netbox</code> available from JWM menu --> System tools. In a terminal 2.56 +or a Linux console, you can list all available network interfaces with the 2.57 +command <code>ifconfig</code> followed by the <code>-a</code> option: 2.58 +</p> 2.59 +<pre> 2.60 + $ ifconfig -a 2.61 +</pre> 2.62 +<p>To display the Kernel's IP routing table, you can use the <code>route</code> command 2.63 +without any arguments: 2.64 +</p> 2.65 +<pre> 2.66 +$ route 2.67 +</pre> 2.68 +<p> 2.69 +The system wide network configuration file is <code>/etc/network.conf</code>, 2.70 +it can be graphically configured with <code>netbox</code> or directly edited by 2.71 +the root administrator. 2.72 +</p> 2.73 + 2.74 +<a name="driver"></a> 2.75 +<h3>Install network card driver</h3> 2.76 +<p> 2.77 +In case you need a network card driver and dont know the driver name, you can 2.78 +use the command <code>lspci</code> to find your card and then <code>modprobe</code> 2.79 +to load a module. In Live mode you can use the SliTaz boot option 2.80 +<code>modprobe=modules</code> to automatically load Kernel modules. To get a 2.81 +list of all available network card drivers, display PCI eth cards and load a 2.82 +module: 2.83 +</p> 2.84 +<pre> 2.85 + # modprobe -l | grep drivers/net 2.86 + # lspci | grep [Ee]th 2.87 + # modprobe -v module_name 2.88 +</pre> 2.89 +<p> 2.90 +On an installed system you just need to add the module_name to the variable 2.91 +<code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module 2.92 +on each boot. 2.93 +</p> 2.94 + 2.95 +<a name="pppoe"></a> 2.96 +<h3><font color="#6c0023">PPPoE connection kernel-mode</font></h3> 2.97 +<p> 2.98 +PPPoE connection in kernel-mode needs 2 files. The first file is 2.99 +<code>/etc/ppp/options</code> where you must specify your login name: 2.100 +</p> 2.101 +<pre class="script"> 2.102 +plugin rp-pppoe.so 2.103 +name <your provider connection ID> 2.104 +noipdefault 2.105 +defaultroute 2.106 +mtu 1492 2.107 +mru 1492 2.108 +lock 2.109 +</pre> 2.110 +<p> 2.111 +Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets: 2.112 +</p> 2.113 +<pre class="script"> 2.114 +# client server secret IP addresses 2.115 +"your_login" * "your_password" 2.116 +</pre> 2.117 +<p> 2.118 +The config file /etc/resolv.conf will be automatically loaded up. Finished, you can 2.119 +now connect to the internet with <code>pppd</code>: 2.120 +</p> 2.121 +<pre> 2.122 +pppd eth0 2.123 +</pre> 2.124 +<p> 2.125 +On an installed system you can start pppd on each boot using the local startup 2.126 +script: <code>/etc/init.d/local.sh</code> 2.127 +</p> 2.128 + 2.129 +<a name="rp-pppoe"></a> 2.130 +<h3><font color="#6c0023">Enable Dial-up Modem - PPPoE with rp-pppoe</font></h3> 2.131 +<p> 2.132 +To set an ASDL protocol via PPPoE, SliTaz provides the following utilities 2.133 +package <code>rp-pppoe</code>. Using <code>pppoe-setup</code> is a snap and you 2.134 +can quickly configure the network. If you use DCHP it's even easier, because 2.135 +the server from your ISP will take care of everything. If you do not have DHCP, 2.136 +you must first disable it's use via <code>DHCP="no"</code> from the 2.137 +configuration file <code>/etc/network.conf</code>. It should be noted that to 2.138 +modify configuration files and system logs you must first become <code>su</code>. 2.139 +To install and change the variable DHCP with Nano (ctrl + x to save & exit): 2.140 +</p> 2.141 +<pre> 2.142 + $ su 2.143 + # tazpkg get-install rp-pppoe 2.144 + # nano /etc/network.conf 2.145 +</pre> 2.146 +<h4>Configure with pppoe-setup</h4> 2.147 +<p> 2.148 +To begin to configure your PPPoE connection, you must first open an Xterm or 2.149 +Linux consule and launch <code>pppoe-setup</code> and then begin to answer 2.150 +the following questions: 2.151 +</p> 2.152 +<pre> 2.153 + # pppoe-setup 2.154 +</pre> 2.155 +<ol> 2.156 + <li>Enter your username, please note that this is the username with which you 2.157 + communicate with your ISP.</li> 2.158 + <li>Internet interface, default is eth0 unless you have more than one, 2.159 + in which case you will have eth1, eth2 etc. Usually the Enter key is 2.160 + sufficient.</li> 2.161 + <li>If you have a permanent ASDL link answer 2.162 + <strong>yes</strong>, or <strong>no</strong> (default).</li> 2.163 + <li>Specify primary and secondary DNS your ISP uses (you may have to ask).</li> 2.164 + <li>Enter the password with which you communicate with your ISP (you need 2.165 + to enter twice).</li> 2.166 + <li>Choose the firewall or firewall depending on your hardware. If you 2.167 + have a router you can enter 1 or 2. If in doubt enter 1.</li> 2.168 +</ol> 2.169 +<h4>Start and Stop the connection</h4> 2.170 +<p> 2.171 +Still using the command line, simply type <code>pppoe-start</code> to start 2.172 +the connection. A few seconds later the system tells you that it is connected. 2.173 +If it gives you a message like TIMED OUT you may have poorly configured or 2.174 +the connection is defective. Please check the wiring and repeat the installation 2.175 +from the beginning. To start the connection: 2.176 +</p> 2.177 +<pre> # pppoe-start 2.178 +</pre> 2.179 +<p> 2.180 +To stop the connection, you can use 2.181 +<code>pppoe-stop</code>, using the command line. 2.182 +</p> 2.183 + 2.184 +<a name="firewall"></a> 2.185 +<h3><font color="#6c0023">Manage the Firewall (<em>firewall</em>) using Iptables</font></h3> 2.186 +<p> 2.187 +SliTaz provides a very basic firewall, the kernel security rules are launched 2.188 +at boot time and iptables rules are disabled by default. You can 2.189 +activate/disable these at startup by using the configuration file: 2.190 +/etc/firewall.conf. 2.191 +</p> 2.192 +<p> 2.193 +The default <em>firewall</em> script begins with it's own set options for the 2.194 +Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and 2.195 +spoof filters. The script then launches the rules defined in the 2.196 +<code>iptables_rules()</code> function of the configuration file: 2.197 +/etc/firewall.conf. 2.198 +</p> 2.199 +<p> 2.200 +The <em>firewall</em> uses Iptables, it consists of two files, the 2.201 +/etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify 2.202 +these. Note Iptables has lots of options, for more infomation see the official 2.203 +documentation available online: 2.204 +<a href="http://www.netfilter.org/documentation/">www.netfilter.org/documentation/</a>. 2.205 +</p> 2.206 +<h4>Start, stop, restart the firewall</h4> 2.207 +<p> 2.208 +The script /etc/init.d/firewall lets you start/restart, stop or display the 2.209 +status of the firewall. The restart option is often used to test new rules 2.210 +after editing the configuration file. Example: 2.211 +</p> 2.212 +<pre> 2.213 + # /etc/init.d/firewall restart 2.214 +</pre> 2.215 +<h4>Enable/Disable the firewall at boot</h4> 2.216 +<p> 2.217 +To enable/disable options specific to the Kernel place, "yes" 2.218 +or "no" in the variable KERNEL_SECURITY= : 2.219 +</p> 2.220 +<pre class="script"> 2.221 +# Enable/disable kernel security at boot time. 2.222 +KERNEL_SECURITY="yes" 2.223 +</pre> 2.224 +<p> 2.225 +and to activate/deactivate the iptables rules, it is necessary to modify the 2.226 +variable IPTABLES_RULES= : 2.227 +</p> 2.228 +<pre class="script"> 2.229 +# Enable/disable iptables rules. 2.230 +IPTABLES_RULES="yes" 2.231 +</pre> 2.232 +<h4>Add, delete or modify the iptables rules</h4> 2.233 +<p> 2.234 +At the bottom of the configuration file: /etc/firewall.conf. you will find a 2.235 +function named: <code>iptables_rules()</code>, this contains all of the iptables 2.236 +commands to launch when the firewall starts. To delete a rule, It is advisable 2.237 +to comment out the corresponding line with a <code>#</code>. It is not 2.238 +advisable to leave the function completely empty, if you want to disable the 2.239 +iptables rules just add "no" to the variable IPTABLES_RULES= in the 2.240 +configuration file. 2.241 +</p> 2.242 +<p> 2.243 +Here's an example of using iptables rules, it refuses all connections incoming 2.244 +and outgoing, only allowing connections on the localhost, the local network, 2.245 +ports 80 and 22 used respectively by the web server HTTP and SSH secure server 2.246 +and port 21 for FTP; so it's very restrictive. 2.247 +</p> 2.248 +<pre class="script"> 2.249 +# Netfilter/iptables rules. 2.250 +# This shell function is include in /etc/init.d/firewall.sh 2.251 +# to start iptables rules. 2.252 +# 2.253 +iptables_rules() 2.254 +{ 2.255 + 2.256 +# Drop all connexions. 2.257 +iptables -P INPUT DROP 2.258 +iptables -P OUTPUT DROP 2.259 + 2.260 +# Accept all on localhost (127.0.0.1). 2.261 +iptables -A INPUT -i lo -j ACCEPT 2.262 +iptables -A OUTPUT -o lo -j ACCEPT 2.263 + 2.264 +# Accept all on the local network (192.168.0.0/24). 2.265 +iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT 2.266 +iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT 2.267 + 2.268 +# Accept port 80 for the HTTP server. 2.269 +iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT 2.270 +iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT 2.271 + 2.272 +# Accept port 22 for SSH. 2.273 +iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT 2.274 +iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT 2.275 + 2.276 +# Accept port 21 for active FTP connections. 2.277 +iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT 2.278 +iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT 2.279 + 2.280 +} 2.281 + 2.282 +</pre> 2.283 + 2.284 +<!-- End of content --> 2.285 +</div> 2.286 + 2.287 +<!-- Footer. --> 2.288 +<div id="footer"> 2.289 + <div class="footer-right"></div> 2.290 + <a href="#top">Top of the page</a> | 2.291 + <a href="index.html">Table of contents</a> 2.292 +</div> 2.293 + 2.294 +<div id="copy"> 2.295 + Copyright © 2008 <a href="http://www.slitaz.org/en/">SliTaz</a> - 2.296 + <a href="http://www.gnu.org/licenses/gpl.html">GNU General Public License</a>;<br /> 2.297 + Documentation is under 2.298 + <a href="http://www.gnu.org/copyleft/fdl.html">GNU Free Documentation License</a> 2.299 + and code is <a href="http://validator.w3.org/">valid xHTML 1.0</a>. 2.300 +</div> 2.301 + 2.302 +</body> 2.303 +</html> 2.304 +
3.1 --- a/en/doc/handbook/system-admin.html Thu Apr 03 21:52:14 2008 +0000 3.2 +++ b/en/doc/handbook/system-admin.html Fri Apr 04 22:48:44 2008 +0000 3.3 @@ -31,55 +31,13 @@ 3.4 <h2><font color="#df8f06">System administration</font></h2> 3.5 3.6 <ul> 3.7 - <li><a href="#network">Network configuration.</a></li> 3.8 <li><a href="#devices">Devices and disks access.</a></li> 3.9 <li><a href="#users-admin">Users, groups and passwords.</a></li> 3.10 <li><a href="#locale">Language and keyboard.</a></li> 3.11 - <li><a href="#bash">Install the Bash shell</a></li> 3.12 - <li><a href="#time">Set the system time</a></li> 3.13 + <li><a href="#bash">Install the Bash shell.</a></li> 3.14 + <li><a href="#time">Adjust the system time.</a></li> 3.15 </ul> 3.16 3.17 -<a name="network"></a> 3.18 -<h3>Network configuration</h3> 3.19 -<p> 3.20 -By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your 3.21 -network card has been identified as an <code>eth0</code> interface and you use 3.22 -a router, your connection should already be working. DHCP is dynamically 3.23 -configured, on each boot the client asks for a new IP address from 3.24 -the DHCP server, which is integrated into the router, or on another computer. 3.25 -If you need a static IP, you can directly edit config files or use the GUI 3.26 -<code>netbox</code> available from JWM menu --> System tools. In a terminal 3.27 -or a Linux console, you can list all available network interfaces with the 3.28 -command <code>ifconfig</code> followed by the <code>-a</code> option: 3.29 -</p> 3.30 -<pre> 3.31 - $ ifconfig -a 3.32 -</pre> 3.33 -<p> 3.34 -The system wide network configuration file is <code>/etc/network.conf</code>, 3.35 -it can be graphically configured with <code>netbox</code> or directly edited by 3.36 -the root administrator. 3.37 -</p> 3.38 -<h4>Install network card driver</h4> 3.39 -<p> 3.40 -In case you need a network card driver and dont know the driver name, you can 3.41 -use the command <code>lspci</code> to find your card and then <code>modprobe</code> 3.42 -to load a module. In Live mode you can use the SliTaz boot option 3.43 -<code>modprobe=modules</code> to automatically load Kernel modules. To get a 3.44 -list of all available network card drivers, display PCI eth cards and load a 3.45 -module: 3.46 -</p> 3.47 -<pre> 3.48 - # modprobe -l | grep drivers/net 3.49 - # lspci | grep [Ee]th 3.50 - # modprobe -v module_name 3.51 -</pre> 3.52 -<p> 3.53 -On an installed system you just need to add the module_name to the variable 3.54 -<code>LOAD_MODULES </code> in <code>/etc/rcS.conf</code> to load your module 3.55 -on each boot. 3.56 -</p> 3.57 - 3.58 <a name="devices"></a> 3.59 <h3>Devices and disks access</h3> 3.60 <p> 3.61 @@ -119,7 +77,8 @@ 3.62 user passwords and a single user can only change his/her own password. To add 3.63 or remove a user named linux: 3.64 </p> 3.65 -<pre> # adduser linux 3.66 +<pre> 3.67 + # adduser linux 3.68 # deluser linux 3.69 </pre> 3.70 <p> 3.71 @@ -127,9 +86,18 @@ 3.72 <code>delgroup</code>. To change the current user password or change the 3.73 password of a specific user, you must use the command <code>passwd</code>: 3.74 </p> 3.75 -<pre> $ passwd 3.76 +<pre> 3.77 + $ passwd 3.78 # passwd username 3.79 </pre> 3.80 +<h4>Audio group</h4> 3.81 +<p> 3.82 +If you want a new user to be able to listen to music he must be in the 3.83 +<code>audio</code> group. To add an existing user to the audio group: 3.84 +</p> 3.85 +<pre> 3.86 + # adduser -G audio user_name 3.87 +</pre> 3.88 3.89 <a name="locale"></a> 3.90 <h3>Language and keyboard layout</h3> 3.91 @@ -150,9 +118,11 @@ 3.92 To check all available locales or your current configuration you can use the 3.93 command <code>locale</code> as a single user or root (C for English): 3.94 </p> 3.95 -<pre> $ locale -a 3.96 +<pre> 3.97 + $ locale -a 3.98 $ locale 3.99 </pre> 3.100 + 3.101 <a name="bash"></a> 3.102 <h3>Bash Shell</h3> 3.103 <p> 3.104 @@ -161,7 +131,7 @@ 3.105 as <code>su</code> install bash, copy the <code>.profile</code> found in your 3.106 home directory and rename it <code>.bashrc</code>, then edit the 3.107 <code>/etc/passwd</code> file with your favorite text editor and change your 3.108 -shell to :/bin/bash 3.109 +shell to: /bin/bash 3.110 </p> 3.111 <pre> 3.112 # tazpkg get-install bash 3.113 @@ -182,7 +152,8 @@ 3.114 can edit with your favorite text editor or simply <code>echo</code> the changes. 3.115 Here's an example using the timezone Europe/London: 3.116 </p> 3.117 -<pre># echo "Europe/London" > /etc/TZ 3.118 +<pre> 3.119 + # echo "Europe/London" > /etc/TZ 3.120 </pre> 3.121 <h4>Rdate</h4> 3.122 <p> 3.123 @@ -195,8 +166,7 @@ 3.124 <p> 3.125 To display the time on the remote server, use the <code>rdate -p</code> command. 3.126 </p> 3.127 -<pre> 3.128 - $ rdate -p tick.grayware.com 3.129 +<pre> $ rdate -p tick.grayware.com 3.130 </pre> 3.131 <h4>Hwclock</h4> 3.132 <p> 3.133 @@ -237,3 +207,4 @@ 3.134 3.135 </body> 3.136 </html> 3.137 +