Chapter 8. Configure your network

Chapter 8. Configure your network
Prev	Bering-uClibc Installation Guide	Next

Table of Contents

interfaces file (/etc/network/interfaces)
network options file (/etc/network/options)
hosts IP addresses (/etc/hosts)
hostname (/etc/hostname)
resolv.conf (/etc/resolv.conf)
Super server daemon configuration (/etc/inetd.conf)
hosts.allow (/etc/hosts.allow)
hosts.deny (/etc/hosts.deny)
network (/etc/network)

You are now going to declare your network configuration through the Network configuration menu.

Important

If you want to permanently change any of the following parameters, do not forget to backup etc.lrp !

Through the LEAF configuration menu type 1 to access to the Network configuration menu:


                        Network configuration menu

        1) interfaces file                   (/etc/network/interfaces)
        2) network options file              (/etc/network/options)
        3) hosts IP addresses                (/etc/hosts)
        4) hostname                          (/etc/hostname)
        5) resolv.conf                       (/etc/resolv.conf)
        6) super server daemon configuration (/etc/inetd.conf)
        7) hosts.allow                       (/etc/hosts.allow)
        8) hosts.deny                        (/etc/hosts.deny)
        9) networks                          (/etc/networks)

  q) quit
  ----------------------------------------------------------------------------
        Selection:

interfaces file (`/etc/network/interfaces`)

By default, the LEAF Bering-uClibc firewall uses eth0 as the external interface with a dynamic IP provided by dhcpcd.lrp and eth1 as the internal interface at address 192.168.1.254.

Edit 1) interfaces to modify those settings.

Typical LEAF configurations are provided in the interfaces file, simply uncomment what you need and comment (#) what you will not need!

Check the interfaces man pages for /etc/network/interfaces.

The network configuration is activated in the /etc/init.d/networking script through the ifupdown functions.

Once your interfaces are configured, remember to save and backup the etc.lrp package !

Important

Be sure that any interface change is reflected in your firewall configuration (step 6 below). Adjust Shorewall params file accordingly !

network options file (`/etc/network/options`)

Default variables in this file are the following:

ip_forward=no
ipv6_forward=no
spoofprotect=yes
syncookies=no

These are default variables generally acceptable. The ip_forward variable is set back to yes by Shorewall - so if you do not use Shorewall and want to enable ip forwarding you will have to set this variable to yes.

The ipv6_forward variable is set back to yes by 6wall - so if you do not use 6wall and want to enable ipv6 forwarding you will have to set this variable to yes.

From Bering-uClibc-3.0 onwards the /etc/network/options file is deprecated. The above variables can now be set in /etc/sysctl.conf which is acceseble via the System configuration menu, System variables.

hosts IP addresses (`/etc/hosts`)

The /etc/hosts file is where you put the name and IP address of local hosts. If you place a host in this file, then you do not need to query the domain name server to get its IP Address. The disadvantage of doing this is that if the IP address for that host changes, you must keep this file up to date yourself . In a well managed system, the only hostnames that usually appear in this file are an entry for the loopback interface, and also the local hosts name. By default:

127.0.0.1 localhost
192.168.1.254 firewall

Important

Do not forget to declare the internal address(es) of a ssh client in this file if you want to connect quickly to your firewall machine!

hostname (`/etc/hostname`)

By default, the name of your machine is:

firewall

resolv.conf (`/etc/resolv.conf`)

The /etc/resolv.conf file is the main configuration file for DNS resolution. Its format is quite simple. It is a text file that has one keyword per line. There are three keywords typically used by the file. These keywords are:

domain: This keyword specifies the local domain name
search: This keyword specifies a list of alternate domain names to search for a hostname
name server: This keyword, which may be used many times, specifies an IP address of a domain name server to query when resolving names

By default this file is set to:

nameserver 127.0.0.1
nameserver 192.168.1.254

You should not need to change it. The file, by default, shows the address of the local DNS server (192.168.1.254) provided by dnsmasq. dhcpcd won't override the address unless you implicitly allow it. Check the dhcpcd documentation below if you want to change that.

Super server daemon configuration (`/etc/inetd.conf`)

The /etc/inetd.conf file is the configuration file for the inetd server daemon. Its function is to tell inetd what to do when it receives a connection request for a particular service. For each service that you wish to accept connections, you must tell inetd what network server daemon to run (and how to run it).

Its format is also fairly simple. It is a text file with each line describing a service that you wish to provide. Any text in a line following a `#' is both ignored, and it is considered a comment. Each line contains seven fields separated by any number of whitespace (tab or space) characters.

By default the two following services are open through inetd:

www     stream  tcp     nowait  sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
stat    stream  tcp     nowait  root     /usr/sbin/tcpd  /usr/sbin/stat.sh

hosts.allow (`/etc/hosts.allow`)

The /etc/hosts.allow file is a configuration file for the /usr/sbin/tcpd program. The hosts.allow file contains rules describing which hosts are allowed access to a service on your machine.

The default for LEAF is:

# /etc/hosts.allow: list of hosts that are allowed to access the system.  See
#                   hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# Allow anything from the local net
ALL: 192.168.1.0/255.255.255.0

Any host from the internal network in the 192.168.1.0/24 IP range will be allowed to access to ssh, www and stat through inetd.

If you want that only 192.168.1.1 from your internal network can access to the firewall through ssh and weblet, you will have:

ssh: 192.168.1.1/255.255.255.255
www: 192.168.1.1/255.255.255.255
stat: 192.168.1.1/255.255.255.255

hosts.deny (`/etc/hosts.deny`)

The /etc/hosts.deny file is a configuration file for the /usr/sbin/tcpd program. The hosts.deny file contains entries for the rules defining which hosts will NOT be allowed access to a service on your machine.

The default in LEAF is:

# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See hosts_access(5) and /usr/doc/net/portmapper.txt
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
ALL: PARANOID
# Prevent all access not explicitly allowed in hosts.allow
ALL: ALL

network (`/etc/network`)

The /etc/networks file has a similar function to that of the /etc/hosts file.This file provides a simple database of network names against network addresses. Its format differs in that there may be only two fields per line, and that the fields are coded as:

The default in LEAF is:

localnet        127.0.0.0

Prev	Up	Next
Chapter 7. Configure your keyboard	Home	Chapter 9. Configure Shorewall