====== Linux Networking Tips ==
===== Internet Connection ==
==== Wireless ==
See [[wireless_setup]]
==== Wired with DSL Router ==
The DSL Router usually sets up the internet connection with [[wp>PPPOE]]. This means, on your computer you just have to enable DHCP with ''netconfig''. Thats all.
==== With Dsl Modem ==
Backup:
cp -a /etc/ppp /etc/ppp.org''
cp /etc/resolv.conf /etc/resolv.conf.org
setup command (as root): ''pppoe-setup'' (was till Slack10.0 adsl-setup) :
PPPoE user name: frn6/stbeckert # Freenet
Ethernet Interface: eth0
Activate-on-demand: 180 # yes; idle timeout = 180 seconds
DNS addresses: server # Supplied by ISP's server
PPPoE password: ? # Provided by ISP
Firewalling: 0 # = NONE : No firewall
Die Einstellungen kann man nachträglich noch in /etc/ppp/ppoe.conf ändern.
Put ''pppoe-start'' into rc.local
At the first connection there is no resolv.conf, so a ping to e.g web.de won't start the demand-connection. Do a ping to an IP, eg 217.72.195
==== With analog Modem ==
* ISP example: [[http://www.billiger-surfen.de/anbieter.php3?name=knUUT|knuut]]
* FIXME Doc ''pppsetup'' with usepeerdns demand debug
To add another ISP later, add username & password to /etc/ppp/pap-secrets (or chap-secrets):
# Username Server Password IP addresses
"knUUt" * "knUUt"
"smart91" * "surfen"
"avisgo" * "avisgo"
Then adjust the phone number of the ISP in /etc/ppp/pppscript at the line ''OK atdtXXXXXX"''
And finally change the name entry in /etc/ppp/options or options.demand to the username provided by the ISP, eg: ''name "knUUt"''
===== Firewall setup ==
Create ''/etc/rc.d/rc.firewall'' and make it runnable. Thus ''rc.firewall'' will be called automatically by ''rc.inet2'' (which is called by ''rc.M'' which is usually called at boot time).
#!/bin/sh
# Information sources:
# [1] Masquerading-Simple-HOWTO
# [2] man iptables
ODEV=ppp0
# LOAD KERNEL MODULES
# ipt_MASQUERADE it will load ip_tables, ip_conntrack and iptable_nat. [1]
# If the kernel is configured with automatic module loading, an attempt will be
# made to load the appropriate module for that table [2]
#modprobe ipt_MASQERADE
# FLUSCH IPTABLES (empty chains, does not reset the policy)
iptables -F # -t filter ist the default
iptables -t nat -F
iptables -t mangle -F
# FIREWALL:
# allow any existing connections, or anything related (e.g. ftp server
# connecting back to you)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow new connections only from our intranet (localhost / internal network).
# The ! $ODEV means anything but external device (important also for loopbak)
iptables -A INPUT -m state --state NEW -i ! $ODEV -j ACCEPT
# Default policy: deny everything else:
iptables -P INPUT DROP
# necessary ???
# mal nachgucken, ob sich die Ausgabe von iptables -L mit & ohne diesem Befehl
# unterscheidet:
iptables -A FORWARD -i $ODEV -o $ODEV -j REJECT
# MASQUERADING
# In der NAT-Tabelle (-t nat) eine Regel fuer alle ueber das Internet-
# Device (-o) ausgehenden Pakete, die maskiert werden sollen, hinter dem
# Routing (POSTROUTING) anhaengen (-A).
iptables -t nat -A POSTROUTING -o $ODEV -j MASQUERADE
# Definitions:
# There are 3 tables: filter (default), nat, mangle
# A table contains chains (built in or user defined)
# A chain is a list of rules and a policy
# A rule specifies packet criteria and a target
# A target can be ACCEPT, DROP, user-defined chain, MASQUERADE, REJECT, ...
#
# General: (simplyfied)
# The first rule in the chain with matching packet criteria sends the packet to its rule-target.
# If the end of a built-in chain is reached, because no rule matched the chain policy treats the packet.
#
# Overview:
# Table:
# Chain:
# filter
# INPUT packets coming into the box itself
# FORWARD packets being routed through the box
# OUTPUT locally-generated packets
# nat
# PREROUTING altering packets as soon as they come in
# OUTPUT altering locally-generated packets before routing
# POSTROUTING altering packets as they are about to go out
# mangle
# ...
FIXME Check, if this is the same as in my old homepage