Default gateway:

	% /sbin/route add default gw $GATEWAY_ADDR

To enable IP forwarding:

	% echo "1" > /proc/sys/net/ipv4/ip_forward
	% ipchains -P forward deny
	% ipchains -A forward -s 192.168.1.0/24 -j MASQ

When Masquerading or IP forwarding (NAT):

	To use ftp	% /sbin/modprobe ip_masq_ftp
	To use raudio	% /sbin/modprobe ip_masq_raudio
	To use irc	% /sbin/modprobe ip_masq_irc

	Look for other modules in "/lib/modules/$(uname -r)/ipv4"

	The modules can be loaded in the "/etc/rc.d/rc.local" script.
#------------------------------------------------------------------------------------
Network Address:

	192.168.1.0

Broadcast Address:

	192.168.1.255

Reserved Private Network Allocations (RFC1597):

	Class   Netmask         Address     - Range             - CIDR
	A       255.0.0.0       10.0.0.0    - 10.255.255.255    - "/8"
	B       255.255.0.0     172.16.0.0  - 172.31.255.255    - "/16"
	C       255.255.255.0   192.168.0.0 - 192.168.254.255   - "/24"

Domain Names:

	hostname.subdomain.com
	hostname.domainname (everything to the right of hostname)
	fully.qualified.domain.name (the entire name)

Configuring a network interface:

	% ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up
	% ifconfig eth0 down

Ifconfig Options:

	interface
		The name of the interface. Usually a driver name followed by a unit
		number, for example: eth0 for the first ethernet interface.
	up
		Activates an interface. This is not needed if an address is assigned
		to an interface (it is implicit).
	down
		Deactivates an interface.
	[-]arp
		Enables or disables use of the address resolution protocol.
	[-]promisc
		Enables or disables promiscuous mode. If selected, all packets on
		the network will be rx by the interface.
	[-]allmulti
		Enables or disables the reception of all hardware multicast packets.
		Harware multicast enables groups of hosts to rx packets addressed
		to special destinations. This is normally not used.
	metric N
		This parameter sets the interface metric.
	mtu N
		Allows you to set the MTU of the device.
	netmask addr
		This parameter allows you to set the network mask of the network
		this device belongs to.
	add addr prefixlen
		Adds an IPv6 address to an interface.
	del addr prefixlen
		Removes an IPv6 address from an interface.
	tunnel aa.bb.cc.dd
		Creates a new SIT (IPv6-in-IPv4) device, tunnelling to the given
		destination.
	irq addr
		Sets the IRQ of the hardware device. Only works on certain types
		of hardware.
	ip_addr addr
		Sets the start address in I/O space for this device.
	mem_start addr
		Sets the start address for shared memory used by this device.
		Only a few devices need this.
	media type
		Sets the physical port or medium type to be used by the device. Not
		all devices can change this setting, and those that can vary in what
		values they support. Typical values for type are 10base2 (thin
		Ethernet), 10baseT (twisted-pair 10Mbps Ethernet), AUI (extenal
		transceiver), etc. The special media type of auto can be used to
		tell the driver to auto-sense the media.
	[-]broadcast [addr]
		Allows you to enable and set the accepting of datagrams destined
		to the broadcast address, or to disable reception of the datagrams.
	[-]pointopoint [addr]
		Allows you to set the address of the machine at the remote end of
		a point to point link such as for slip or ppp.
	hw type addr
		Allows you to set the hardware address of certain types of network
		devices. This is not often useful for ethernet.
	multicast
		Set the multicast flag on the interface. This should not normally
		be needed as the drivers set the flag correctly themselves.
	address
		The IP address to be assigned to this interface.
	txqueuelen length
		Set the length of the transmit queue of the device. It is useful
		to set this to small values for slower devices with a high latency
		(modem links, ISDN) to prevent fast bulk transfers from disturbing
		interactive traffic like telnet excessively.

#------------------------------------------------------------------------------------

Routing:

	To add an entry to a routing table once the interface is brought up,
	use the route command.

	% route add -net 192.168.0.0 netmask 255.255.255.0 eth0

	All packets not matching the above settings will be routed to the
	default route (the gateway).

	% route add default gw 192.168.0.1 eth0

	Gateway configuration:

	% route add -net 192.168.1.0 netmask 255.255.255.0 eth0
	% route add -net 192.168.2.0 netmask 255.255.255.0 eth1
	% route add -net 192.168.3.0 netmask 255.255.255.0 eth2
	% route add default ppp0

	/etc/networks is similar to /etc/hosts file but only uses two arguments.
	When you use commands like the 'route' command, if a destination is a
	network and that network has an entry in the /etc/networks file, then the
	route command will display that network name instead of its address.

#------------------------------------------------------------------------------------

Ethernet Cards:

	The drivers for the ethernet cards can be either compiled into the
	kernel or exist as a loadable module. Most newer distributions use
	the module technique. The module configuration file is
	/etc/conf.modules.

	Consider a machine with three NE2000 cards, one at 0x300, one at 0x240,
	and one at 0x220. You would add the following lines to the conf.modules
	files:

		alias eth0 ne
		alias eth1 ne
		alias eth2 ne
		options ne io=0x220, 0x240, 0x300

	This tells the program 'modprobe' to look for 3 NE based cards at the
	following addresses. It also states in what order they should be found
	and the device they should be assigned.

	Most ISA modules can take multiple comma seperated I/O values.
	For example:

		alias eth0 3c501
		alias eth1 3c501
		options eth0 -o 3c501-0 io=0x280 irq=5
		options eth1 -o 3c501-1 io=0x300 irq=7

	The -o option allows for a unique name to be assigned to each module.
	The reason for this is that you cannot have two copies of the same module
	loaded (under the same name).

	By default, the kernel only probes for one Ethernet device, you need to
	pass command line arguments to the kernel in order to force detection
	of multiple boards.

	Another method of configuring two network cards is to describe the cards
	in the lilo.conf file. The IRQ, I/O address, and device are all declared
	in the file:

		append="ether=12,0x300,eth0 ether=15,0x340,eth1"

#------------------------------------------------------------------------------------

Network File Systems (NFS)

/etc/fstab:
	diamond:/mnt/cdrom     /mnt/diamond_cd     nfs     noauto,user,rw 0 0
#------------------------------------------------------------------------------------

Redhat Linux:

	/etc/sysconfig/network-scripts/:
		These scripts are executed during the bootstrap phase to bring
		the machine up with network access.

#------------------------------------------------------------------------------------

/etc/hosts:
	127.0.0.1	localhost
	192.168.1.1	your.domain.com host
	192.168.1.10	some.other.machine nickname

/etc/networks:
	loopback	127.0.0.0
	localnet	192.168.1.0

/etc/rc.d/rc.sysconfig
	if ! /etc/sysconfig/network, $HOSTNAME is set here.

/etc/sysconfig/network:
	HOSTNAME=sappire.spcsys.com
	NETWORKING=yes		# bring up devices during bootstrap
	FORWARD_IPV4=yes	# required for IP masquerading

(Redhat 6.2) /etc/sysct1.conf:
	net.ipv4.ip_forward = 1
	net.ipv4.ip_always_defrag = 1

/etc/sysconfig/network-scripts/ifcfg-eth1:
	DEVICE=eth1
	IPADDR=192.168.1.1
	ONBOOT=yes

To restart network after configuration:
	% /etc/rc.d/init.d/network restart

#------------------------------------------------------------------------------------

DHCP Server:

	A DHCP Server will automatically configure devices on your network with
	IP addresses. This is particularly useful for users with laptops.

	Install the DHCP server RPM (dhcp).

/etc/dhcpd.conf:

	subnet 192.168.1.0 netmask 255.255.255.0 {
		range 192.168.1.2 192.168.1.60;
		default-lease-time 86400;
		max-lease-time 86400;
		option routers 192.168.1.1;
		option ip-forwarding off;
		option broadcast-address 192.168.1.255;
		option subnet-mask 255.255.255.0;
		option domain-name-servers x.x.x.x, y.y.y.y;

		# If caching domain name server...
		# option domain-name-servers 198.168.1.1;

		# If using Samba for file sharing, add the following to use linux
		# box as the default WINS and browsing server...
		# option netbios-name-servers 192.168.1.1;
		# option netbios-dd-server 192.168.1.1;
		# option netbios-node-type 8;
		# option netbios-scope "";
	}

Windows DHCP clients require a particular broadcast address in DHCP responses,
the following command will force the Linux TCP/IP stack to produce it...
/etc/rc.d/init.d/hdcpd:
	/sbin/route add -host 255.255.255.255 dev eth1

To make sure the eth1 is the default device, replace the following...
/etc/rc.d/init.d/hdcpd:
	daemon /usr/sbin/dhcpd
	...with...
	daemon /usr/sbin/dchpd eth1

To start the DHCP server...
	/etc/rc.d/init.d/dhcpd start

To make sure the dhcp server is started during the bootstrap, use the Redhat
command chkconfig to add it to the proper runlevels...
	% chkconfig dhcpd on

DHCP Clients:

To configure Windows workstations for DHCP, go into the conrol panel->networking
applet, find the TCP/IP protocol binded to the network card. Open the protocol
properties and put a checkmark in the box "Configure TCP/IP address automatically",
apply the changes and restart Windows.

Before you reboot Windows, you may want to watch the /var/log/messages file and
watch the Windows workstation request an IP address and the DHCP server assign
that address...
	% tail -f /var/log/messages
	% ^C	# to exit

#------------------------------------------------------------------------------------

DNS Server:

	Security:
		1. bind version should be >= 8.2.2

		2. restrict access "allow-query { 192.168.1/24; 127.0.0.1/32; };"

		3. Avoid running bind as root, run bind as nobody:
			change /etc/rc.d/init.d/named:
				daemon named
				...to...
				daemon named -u nobody -g nobody
			

	Make sure bind runs on bootstrap...
		% chkconfig named on

#------------------------------------------------------------------------------------

Configuring an outside network (CABLE/DSL)

Static IP:

	/etc/sysconfig/network-scripts/ifcfg-eth0:
		DEVICE=eth0
		IPADDR=x.x.x.x		# given by ISP
		NETMASK=y.y.y.y		# given by ISP
		ONBOOT=yes

Dynamic IP (DHCP):

	/etc/sysconfig/network-scripts/ifcfg-eth0:
		DEVICE=eth0
		BOOTPROTO=dhcp
		ONBOOT=yes

	Install the DHCP client RPM package (dhcpcd).

	Restart the network to load new configurations:
		% /etc/rc.d/init.d/network restart

	If your gateway being assigned an IP via DHCP, you must allow the
	configuration packets into the system. /etc/rc.d/rc.local:
		/sbin/ipchains -M -S 7200 10 60
		/sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp