Default gateway: % /sbin/route add default gw $GATEWAY_ADDR To enable IP forwarding: % echo "1" > /proc/sys/net/ipv4/ip_forward % ipchains -P forward deny % ipchains -A forward -s 192.168.1.0/24 -j MASQ When Masquerading or IP forwarding (NAT): To use ftp % /sbin/modprobe ip_masq_ftp To use raudio % /sbin/modprobe ip_masq_raudio To use irc % /sbin/modprobe ip_masq_irc Look for other modules in "/lib/modules/$(uname -r)/ipv4" The modules can be loaded in the "/etc/rc.d/rc.local" script. #------------------------------------------------------------------------------------ Network Address: 192.168.1.0 Broadcast Address: 192.168.1.255 Reserved Private Network Allocations (RFC1597): Class Netmask Address - Range - CIDR A 255.0.0.0 10.0.0.0 - 10.255.255.255 - "/8" B 255.255.0.0 172.16.0.0 - 172.31.255.255 - "/16" C 255.255.255.0 192.168.0.0 - 192.168.254.255 - "/24" Domain Names: hostname.subdomain.com hostname.domainname (everything to the right of hostname) fully.qualified.domain.name (the entire name) Configuring a network interface: % ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up % ifconfig eth0 down Ifconfig Options: interface The name of the interface. Usually a driver name followed by a unit number, for example: eth0 for the first ethernet interface. up Activates an interface. This is not needed if an address is assigned to an interface (it is implicit). down Deactivates an interface. [-]arp Enables or disables use of the address resolution protocol. [-]promisc Enables or disables promiscuous mode. If selected, all packets on the network will be rx by the interface. [-]allmulti Enables or disables the reception of all hardware multicast packets. Harware multicast enables groups of hosts to rx packets addressed to special destinations. This is normally not used. metric N This parameter sets the interface metric. mtu N Allows you to set the MTU of the device. netmask addr This parameter allows you to set the network mask of the network this device belongs to. add addr prefixlen Adds an IPv6 address to an interface. del addr prefixlen Removes an IPv6 address from an interface. tunnel aa.bb.cc.dd Creates a new SIT (IPv6-in-IPv4) device, tunnelling to the given destination. irq addr Sets the IRQ of the hardware device. Only works on certain types of hardware. ip_addr addr Sets the start address in I/O space for this device. mem_start addr Sets the start address for shared memory used by this device. Only a few devices need this. media type Sets the physical port or medium type to be used by the device. Not all devices can change this setting, and those that can vary in what values they support. Typical values for type are 10base2 (thin Ethernet), 10baseT (twisted-pair 10Mbps Ethernet), AUI (extenal transceiver), etc. The special media type of auto can be used to tell the driver to auto-sense the media. [-]broadcast [addr] Allows you to enable and set the accepting of datagrams destined to the broadcast address, or to disable reception of the datagrams. [-]pointopoint [addr] Allows you to set the address of the machine at the remote end of a point to point link such as for slip or ppp. hw type addr Allows you to set the hardware address of certain types of network devices. This is not often useful for ethernet. multicast Set the multicast flag on the interface. This should not normally be needed as the drivers set the flag correctly themselves. address The IP address to be assigned to this interface. txqueuelen length Set the length of the transmit queue of the device. It is useful to set this to small values for slower devices with a high latency (modem links, ISDN) to prevent fast bulk transfers from disturbing interactive traffic like telnet excessively. #------------------------------------------------------------------------------------ Routing: To add an entry to a routing table once the interface is brought up, use the route command. % route add -net 192.168.0.0 netmask 255.255.255.0 eth0 All packets not matching the above settings will be routed to the default route (the gateway). % route add default gw 192.168.0.1 eth0 Gateway configuration: % route add -net 192.168.1.0 netmask 255.255.255.0 eth0 % route add -net 192.168.2.0 netmask 255.255.255.0 eth1 % route add -net 192.168.3.0 netmask 255.255.255.0 eth2 % route add default ppp0 /etc/networks is similar to /etc/hosts file but only uses two arguments. When you use commands like the 'route' command, if a destination is a network and that network has an entry in the /etc/networks file, then the route command will display that network name instead of its address. #------------------------------------------------------------------------------------ Ethernet Cards: The drivers for the ethernet cards can be either compiled into the kernel or exist as a loadable module. Most newer distributions use the module technique. The module configuration file is /etc/conf.modules. Consider a machine with three NE2000 cards, one at 0x300, one at 0x240, and one at 0x220. You would add the following lines to the conf.modules files: alias eth0 ne alias eth1 ne alias eth2 ne options ne io=0x220, 0x240, 0x300 This tells the program 'modprobe' to look for 3 NE based cards at the following addresses. It also states in what order they should be found and the device they should be assigned. Most ISA modules can take multiple comma seperated I/O values. For example: alias eth0 3c501 alias eth1 3c501 options eth0 -o 3c501-0 io=0x280 irq=5 options eth1 -o 3c501-1 io=0x300 irq=7 The -o option allows for a unique name to be assigned to each module. The reason for this is that you cannot have two copies of the same module loaded (under the same name). By default, the kernel only probes for one Ethernet device, you need to pass command line arguments to the kernel in order to force detection of multiple boards. Another method of configuring two network cards is to describe the cards in the lilo.conf file. The IRQ, I/O address, and device are all declared in the file: append="ether=12,0x300,eth0 ether=15,0x340,eth1" #------------------------------------------------------------------------------------ Network File Systems (NFS) /etc/fstab: diamond:/mnt/cdrom /mnt/diamond_cd nfs noauto,user,rw 0 0 #------------------------------------------------------------------------------------ Redhat Linux: /etc/sysconfig/network-scripts/: These scripts are executed during the bootstrap phase to bring the machine up with network access. #------------------------------------------------------------------------------------ /etc/hosts: 127.0.0.1 localhost 192.168.1.1 your.domain.com host 192.168.1.10 some.other.machine nickname /etc/networks: loopback 127.0.0.0 localnet 192.168.1.0 /etc/rc.d/rc.sysconfig if ! /etc/sysconfig/network, $HOSTNAME is set here. /etc/sysconfig/network: HOSTNAME=sappire.spcsys.com NETWORKING=yes # bring up devices during bootstrap FORWARD_IPV4=yes # required for IP masquerading (Redhat 6.2) /etc/sysct1.conf: net.ipv4.ip_forward = 1 net.ipv4.ip_always_defrag = 1 /etc/sysconfig/network-scripts/ifcfg-eth1: DEVICE=eth1 IPADDR=192.168.1.1 ONBOOT=yes To restart network after configuration: % /etc/rc.d/init.d/network restart #------------------------------------------------------------------------------------ DHCP Server: A DHCP Server will automatically configure devices on your network with IP addresses. This is particularly useful for users with laptops. Install the DHCP server RPM (dhcp). /etc/dhcpd.conf: subnet 192.168.1.0 netmask 255.255.255.0 { range 192.168.1.2 192.168.1.60; default-lease-time 86400; max-lease-time 86400; option routers 192.168.1.1; option ip-forwarding off; option broadcast-address 192.168.1.255; option subnet-mask 255.255.255.0; option domain-name-servers x.x.x.x, y.y.y.y; # If caching domain name server... # option domain-name-servers 198.168.1.1; # If using Samba for file sharing, add the following to use linux # box as the default WINS and browsing server... # option netbios-name-servers 192.168.1.1; # option netbios-dd-server 192.168.1.1; # option netbios-node-type 8; # option netbios-scope ""; } Windows DHCP clients require a particular broadcast address in DHCP responses, the following command will force the Linux TCP/IP stack to produce it... /etc/rc.d/init.d/hdcpd: /sbin/route add -host 255.255.255.255 dev eth1 To make sure the eth1 is the default device, replace the following... /etc/rc.d/init.d/hdcpd: daemon /usr/sbin/dhcpd ...with... daemon /usr/sbin/dchpd eth1 To start the DHCP server... /etc/rc.d/init.d/dhcpd start To make sure the dhcp server is started during the bootstrap, use the Redhat command chkconfig to add it to the proper runlevels... % chkconfig dhcpd on DHCP Clients: To configure Windows workstations for DHCP, go into the conrol panel->networking applet, find the TCP/IP protocol binded to the network card. Open the protocol properties and put a checkmark in the box "Configure TCP/IP address automatically", apply the changes and restart Windows. Before you reboot Windows, you may want to watch the /var/log/messages file and watch the Windows workstation request an IP address and the DHCP server assign that address... % tail -f /var/log/messages % ^C # to exit #------------------------------------------------------------------------------------ DNS Server: Security: 1. bind version should be >= 8.2.2 2. restrict access "allow-query { 192.168.1/24; 127.0.0.1/32; };" 3. Avoid running bind as root, run bind as nobody: change /etc/rc.d/init.d/named: daemon named ...to... daemon named -u nobody -g nobody Make sure bind runs on bootstrap... % chkconfig named on #------------------------------------------------------------------------------------ Configuring an outside network (CABLE/DSL) Static IP: /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 IPADDR=x.x.x.x # given by ISP NETMASK=y.y.y.y # given by ISP ONBOOT=yes Dynamic IP (DHCP): /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes Install the DHCP client RPM package (dhcpcd). Restart the network to load new configurations: % /etc/rc.d/init.d/network restart If your gateway being assigned an IP via DHCP, you must allow the configuration packets into the system. /etc/rc.d/rc.local: /sbin/ipchains -M -S 7200 10 60 /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 68 -d 0/0 67 -p udp