Here is where the fun begins. This section is rather network-centric, though many other tasks await you.
Networking is a vast subject which cannot be fully covered here. The reference is the NET-3 HOWTO, and most distributions provide documentation on setting up network services. Only a few points will be recalled here.
A quick to-do list for the services you may want to install: cron and timed tasks like calendar or reminder, Http, Samba, telnet/ssh access, anonymous ftp, POP/IMAP server, NFS...
If your network card wasn't recognised at install time, don't worry: in most cases it's either NE2000 or 3c59x compatible. Issue the command modprobe ne
or modprobe 3c59x
and see if the relevant module is loaded, then add this line in /etc/conf.modules:
alias eth0 ne # or 3c59x
Now you're ready to use netcfg
or similar tool to set up the network configuration. The relevant files are /etc/HOSTNAME, etc/hosts, /etc/resolv.conf, /etc/sysconfig/network, and /etc/sysconfig/network-scripts/ifcfg-eth0; services should be started with scripts in /etc/rc.d/init.d.
This is a sample etc/hosts:
127.0.0.1 localhost 192.168.1.1 paleo.eocene.net paleo 192.168.1.2 nautilus.eocene.net nautilus
This is /etc/resolv.conf:
search df.unibo.it,eocene.net nameserver 195.210.91.100
This is /etc/sysconfig/network (Red Hat-dependent):
NETWORKING=false FORWARD_IPV4=true HOSTNAME=nautilus.eocene.net DOMAINNAME=eocene.net
And finally, /etc/sysconfig/network-scripts/ifcfg-eth0. This one, too, is Red Hat-dependent; it must be executable.
DEVICE=eth0 IPADDR=192.168.1.2 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 ONBOOT=no
Although the actual method of starting network services of your distribution may be much more complex, the following script should be enough to get you started:
#!/bin/sh # net-up.sh: set up network access DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 NETWORK=192.168.1.0 GATEWAY=192.168.1.1 ifconfig $DEVICE $IPADDR netmask $NETMASK up route add -net $NETWORK netmask $NETMASK $DEVICE route add default gw $GATEWAY
This script is handy for enabling network access when you use a rescue disk. Obviously, this lets you only ping, ftp and telnet to the outside; it won't start any daemon.
When you plug the network PC card in, the script /etc/pcmcia/network will be executed. All it needs is a properly set up /etc/sysconfig/network-scripts/ifcfg-eth0.
Setting up the network can become a bit trickier, though. In fact, you must provide the right settings for each network you connect to, as well as settings for the notebook when it's not connected.
I rolled up a rough but functional solution. I use my notebook as a stand-alone machine, connecting to the net via PPP; at home, IP address 192.168.1.2; and at university, IP 137.204.x.y. So, I created a set of configuration files for each network; all these are kept in /etc/mobnet. A script is then used to select the working environment. For instance, this is /etc/mobnet/home.cfg:
# /etc/mobnet/home.conf HOSTNAME=nautilus.eocene.net # complete hostname DOMAINNAME=eocene.net # your domain IPADDR=192.168.1.2 NETMASK=255.255.255.0 NETWORK=192.168.1.0 BROADCAST=192.168.1.255 GATEWAY=192.168.1.1 FORWARD_IPV4=true NAMESERVER=195.210.91.100 # required SEARCH=df.unibo.it,eocene.net # optional SERVICES="inet httpd smb sshd"
This is mnet
, the script I use to choose the network profile:
#!/bin/sh # mnet: script to set up the "mobile network" configuration. # Last modified: 15 July 2000 # start or stop services activate_services() { for service in $(echo $SERVICES) ; do [ -x /etc/rc.d/init.d/$service ] && /etc/rc.d/init.d/$service $1 done } # usage if [ $# = 0 ] ; then echo "Usage: mnet <config name>" echo "Example: mnet office" exit 1 fi # check if the configuration exists if [ ! -e /etc/mobnet/$1.conf ]; then echo "This configuration doesn't exist." exit 1 fi # read the configuration . /etc/mobnet/$1.conf # set up the host name echo $HOSTNAME > /etc/HOSTNAME /bin/hostname $HOSTNAME # set up the name server(s) cat <<EOF > /etc/resolv.conf # /etc/resolv.conf search $SEARCH nameserver $NAMESERVER EOF # stop previous services, if any if [ -f /etc/mobnet/services.prev ]; then NEWSERVICES=$SERVICES . /etc/mobnet/services.prev activate_services stop SERVICES=$NEWSERVICES fi if [ $1 != "none" ]; then # set up the network parameters cat <<EOF > /etc/sysconfig/network NETWORKING=yes FORWARD_IPV4=true HOSTNAME=$HOSTNAME DOMAINNAME=$DOMAINNAME GATEWAY=$GATEWAY GATEWAYDEV=eth0 EOF cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 IPADDR=$IPADDR NETMASK=$NETMASK NETWORK=$NETWORK BROADCAST=$BROADCAST ONBOOT=no EOF /bin/chmod +x /etc/sysconfig/network-scripts/ifcfg-eth0 # copy the other config files /bin/cp -f /etc/mobnet/hosts.$1 /etc/hosts /bin/cp -f /etc/mobnet/smb.conf.$1 /etc/smb.conf echo -n "Insert the network PC card and press <enter> when done: " read # OK, now start services activate_services start echo "SERVICES=\"$SERVICES\"" > /etc/mobnet/services.prev else # it's not "none" cat <<EOF > /etc/sysconfig/network NETWORKING=false FORWARD_IPV4=false HOSTNAME=$HOSTNAME DOMAINNAME=$DOMAINNAME EOF /bin/rm -f /etc/sysconfig/network-scripts/ifcfg-eth0* /sbin/ifconfig eth0 down echo "SERVICES=$SERVICES" > /etc/mobnet/services.prev echo "Now you may remove the PC card." exit 0 fi # end of mnet.
As I said, it is rough and even not complete: other files may depend on the network, like /etc/fstab, /etc/exports, and /etc/printcap. Think about network printers and NFS shares. Feel free to adapt this bare-bone solution to your needs.
One of the most useful tasks for a Linux server. Currently, most stock kernels come with IP firewalling, masquerading and forwarding enabled by default; if in doubt, consult the IP-Masquerade mini-HOWTO to learn how to enable them. Then install ipfwadm (kernels 2.0.x; http://www.xos.nl/linux/ipfwadm/) or ipchains (kernels 2.2.x; http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html). Remember to enable kernel modules for the services you need, e.g. for ftp you'll add this line to /etc/rc.d/rc.sysconfig:
/sbin/modprobe ip_masq_ftp
Other modules are usually found in /lib/modules/KERNEL-VERSION/ipv4.
Enabling IP masquerading for other machines in your local network is very simple. First, check the network initialisation scripts (/etc/sysconfig/network should be the right place) to see if they contain a line that reads FORWARD_IPV4=true
. It's used to set /proc/sys/net/ipv4/ip_forward to 1 when the network subsystem comes up.
Add these lines to /etc/rc.d/rc.sysinit:
# default: packets cannot reach the outside /sbin/ipfwadm -F -p deny # allow all machines on the local network to reach the Internet /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 # alternatively, allow only these two machines # /sbin/ipfwadm -F -a m -S 192.168.1.100/24 -D 0.0.0.0/0 # /sbin/ipfwadm -F -a m -S 192.168.1.101/24 -D 0.0.0.0/0
If you use a kernel of the 2.2.x series, use ipfwadm-wrapper
instead of ipfwadm
to get started quickly. More information at http://ipmasq.cjb.net.
Now you'll want something to let client machines dial the ISP; I use Mserver ( http://cpwright.villagenet.com/mserver/). Edit etc/mserver.conf; the only entries that you should modify are ``checkhost'', ``shadow'', and ``cname''. Then define your connection(s). Obviously, install a suitable client on the client machines.
Let's suppose you connect to the Internet via PPP. Once you're connected, your machine may become vulnerable to attacks. Insert this in /etc/hosts.allow:
# only allow access to localhost ALL: 127.
and this in /etc/hosts.deny:
# deny access to everyone ALL: ALL
If you belong to a network with direct Internet access, you had better disable finger, telnet, and possibly other services for security reasons; use ssh
instead of telnet. The file to edit is /etc/inet.conf. Alternatively, you can restrict network access putting this in /etc/hosts.allow:
in.telnetd: 192.168.1., .another.trusted.network in.ftpd: 192.168.1., .another.trusted.network
and this in /etc/hosts.deny:
in.telnetd: ALL in.ftpd: ALL
It is common to export home directories on the server; a problem arises if a user's UID and GID are not consistent across different machines. If user `guido' has UID/GID = 500 on server
and UID/GID = 512 on client
, a convenient configuration is this:
# /etc/exports /tmp my.client.machine(rw) /home/guido my.client.machine(rw,all_squash,anonuid=512,anongid=512)
Almost trivial, but there's always a little bit to do. If you want to connect Windows 98/NT clients, did you remember to read the docs and, in case, enable clear text passwords? The distribution includes .reg files for Win9x/NT/2000; if your clients can't connect to the Linux server, load them on every client.
Samba comes with a fairly complete sample /etc/smb.conf, but strangely it lacks a section showing how to (un)mount removable media. The clauses preexec
and postexec
do the trick:
[cdrom] comment = CD-ROM path = /mnt/cdrom public = yes read only = yes ; you might need to use "root preexec/postexec" preexec = mount /mnt/cdrom postexec = umount /mnt/cdrom
Also: you know what Swat is, don't you? Enable it adding this line in your /etc/inetd.conf:
swat stream tcp nowait.400 root /usr/sbin/swat swat
and this in /etc/services
:
swat 901/tcp
Restart inetd
with SIGHUP, and point your browser to http://localhost:901
.