Network configuration
- Ethernet connection - DHCP or static IP.
- Install network card driver - Find and load Kernel modules.
- Netbox - Configure network.
- PPPoE kernel-mode - Dial-up modem connection in Kernel mode.
- PPPoE with rp-pppoe - Dial-up modem.
- Firewall - Manage the Firewall (Iptables).
Ethernet connection
By default SliTaz starts a DHCP client (udhcpc) on eth0 at boot time. If your
network card has been identified as an eth0
interface and you use
a router, your connection should already be working. DHCP is dynamically
configured, on each boot the client asks for a new IP address from
the DHCP server, which is integrated into the router, or on another computer.
If you need a static IP, you can directly edit config files or use the GUI
netbox
available from JWM menu --> System tools. In a terminal
or a Linux console, you can list all available network interfaces with the
command ifconfig
followed by the -a
option:
$ ifconfig -a
To display the Kernel's IP routing table, you can use the route
command
without any arguments:
$ route
The system wide network configuration file is /etc/network.conf
.
It can be graphically configured with netbox
or directly edited by
the root administrator.
Install network card driver
In case you need a network card driver and don't know the driver name, you can
use the command lspci
to find your card and then modprobe
to load a module. In Live mode you can use the SliTaz boot option
modprobe=modules
to automatically load Kernel modules. To get a
list of all available network card drivers, display PCI eth cards and load a
module:
# modprobe -l | grep drivers/net # lspci | grep [Ee]th # modprobe -v module_name
On an installed system you just need to add the module_name to the variable
LOAD_MODULES
in /etc/rcS.conf
to load your module
on each boot.
Netbox - Configure network
Netbox is a small GTK+ application to configure a network interface using DCHP or a fixed (static) IP address. The tabs can be used to start/stop the connections and automatically change the values in the system files. Netbox also provides a system wide tab from which you can directly edit network configuration files. You can start netbox from the system tools menu or via a terminal:
# netbox
PPPoE connection kernel-mode
PPPoE connection in kernel-mode needs 2 files. The first file is
/etc/ppp/options
where you must specify your login name:
plugin rp-pppoe.so name <your provider connection ID> noipdefault defaultroute mtu 1492 mru 1492 lock
Now you have to configure /etc/ppp/pap-secrets or /etc/ppp/chap-secrets:
# client server secret IP addresses "your_login" * "your_password"
The config file /etc/resolv.conf will be automatically loaded up. Finished, you can
now connect to the internet with pppd
:
pppd eth0
On an installed system you can start pppd on each boot using the local startup
script: /etc/init.d/local.sh
Enable Dial-up Modem - PPPoE with rp-pppoe
To set an ASDL protocol via PPPoE, SliTaz provides the utilities
package rp-pppoe
. Using pppoe-setup
is a snap and you
can quickly configure the network. If you use DCHP it's even easier, because
the server from your ISP will take care of everything. If you do not have DHCP,
you must first disable its use via DHCP="no"
from the
configuration file /etc/network.conf
. It should be noted that to
modify configuration files and system logs you must first become root
.
To install and change the variable DHCP with Nano (ctrl + x to save & exit):
$ su # tazpkg get-install rp-pppoe # nano /etc/network.conf
Configure with pppoe-setup
To begin to configure your PPPoE connection, you must first open an Xterm or
Linux console and launch pppoe-setup
and then begin to answer
the following questions:
# pppoe-setup
- Enter your username, please note that this is the username with which you communicate with your ISP.
- Internet interface, default is eth0 unless you have more than one, in which case you will have eth1, eth2 etc. Usually the Enter key is sufficient.
- If you have a permanent ASDL link answer yes, otherwise answer no (default).
- Specify the primary and secondary DNS your ISP uses (you may have to ask).
- Enter the password with which you communicate with your ISP (you need to enter it twice).
- Choose the firewall settings depending on your hardware. If you have a router you can enter 1 or 2. If in doubt enter 1.
Start and Stop the connection
Still using the command line, simply type pppoe-start
to start
the connection. A few seconds later the system tells you that it is connected.
If it gives you a message like TIMED OUT you may have poorly configured or
the connection is defective. Please check the wiring and repeat the installation
from the beginning. To start the connection:
# pppoe-start
To stop the connection, you can type
pppoe-stop
.
Manage the Firewall (firewall) using Iptables
SliTaz provides a very basic firewall, the kernel security rules are launched at boot time and iptables rules are disabled by default. You can activate/disable these at startup by using the configuration file: /etc/firewall.conf.
The default firewall script begins with it's own set options for the
Kernel ie. ICMP redirects, source routing, logs for unresolved addresses and
spoof filters. The script then launches the rules defined in the
iptables_rules()
function of the configuration file:
/etc/firewall.conf.
The firewall uses Iptables, it consists of two files, the /etc/firewall.conf and /etc/init.d/firewall, you shouldn't need to modify these. Note Iptables has lots of options, for more infomation see the official documentation available online: www.netfilter.org/documentation/.
Start, stop, restart the firewall
The script /etc/init.d/firewall lets you start/restart, stop or display the status of the firewall. The restart option is often used to test new rules after editing the configuration file. Example:
# /etc/init.d/firewall restart
Enable/Disable the firewall at boot
To enable/disable options specific to the Kernel place "yes" or "no" in the variable KERNEL_SECURITY= :
# Enable/disable kernel security at boot time. KERNEL_SECURITY="yes"
and to activate/deactivate the iptables rules, it is necessary to modify the variable IPTABLES_RULES= :
# Enable/disable iptables rules. IPTABLES_RULES="yes"
Add, delete or modify the iptables rules
At the bottom of the configuration file: /etc/firewall.conf, you will find a
function named: iptables_rules()
. This function contains all of
the iptables commands to launch when the firewall starts. To delete a rule, It
is advisable to comment out the corresponding line with a #
. It is
not advisable to leave the function completely empty, if you want to disable the
iptables rules just add "no" to the variable IPTABLES_RULES= in the
configuration file.
Here's an example of using iptables rules. It only allows connections on the localhost and the local network, and ports 80, 22, and 21 used by the web server HTTP, the SSH secure server and FTP respectively. All other incoming and outgoing connections are refused, so it's fairly restrictive.
# Netfilter/iptables rules. # This shell function is included in /etc/init.d/firewall.sh # to start iptables rules. # iptables_rules() { # Drop all connections. iptables -P INPUT DROP iptables -P OUTPUT DROP # Accept all on localhost (127.0.0.1). iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Accept all on the local network (192.168.0.0/24). iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT # Accept port 80 for the HTTP server. iptables -A INPUT -i $INTERFACE -p tcp --sport 80 -j ACCEPT iptables -A OUTPUT -o $INTERFACE -p tcp --dport 80 -j ACCEPT # Accept port 22 for SSH. iptables -A INPUT -i $INTERFACE -p tcp --dport 22 -j ACCEPT iptables -A OUTPUT -o $INTERFACE -tcp --sport 22 -j ACCEPT # Accept port 21 for active FTP connections. iptables -A INPUT -i $INTERFACE -p tcp --dport 21 -j ACCEPT iptables -A OUTPUT -i $INTERFACE -p tcp --sport 21 -j ACCEPT }