Danny Amor's Online Library

home *** CD-ROM | disk | FTP | other *** search

/ Danny Amor's Online Library / Danny Amor's Online Library - Volume 1.iso / html / faqs / faq / linux / howto.networking.part2 < prev next >

Wrap

Text File | 1995-07-25 | 50.9 KB | 1,515 lines

Subject: Linux NET-2 HOWTO (part 2/3) Newsgroups: comp.os.linux.announce,comp.os.linux.help,comp.os.linux.admin,news.answers,comp.answers From: terryd@extro.ucc.su.oz.au (Terry Dawson) Date: Fri, 18 Nov 1994 17:11:50 GMT Archive-name: linux/howto/networking/part2 Last-modified: 18 Nov 94 ---This is part 2/3--- The above example assumes you are calling a dynamic slip server, if you are calling a static slip server, then remove the following two lines: get $local remote 10 ## Assumes the server sends your IP.. if $errlvl != 0 goto error ## address as soon as you enter slip. When dip is given the get $local command it searches the incoming text from the remote end for a string that looks like an IP address, ie strings numbers seperated by `.' characters. This modification was put in place specifically for dynamic slip servers, so that the process of reading the IP address granted by the server could be automated. The example above will automaticaly create a default route via your slip link, if this is not what you want, you might have an ethernet connection that should be your default route, then remove the default command from the script. After this script has finished running, if you do an ifconfig command, you will see that you have a device sl0. This is your slip device. Should you need to, you can modify its configuration manually, after the dip command has finished, using the ifconfig and route commands. Please note that dip allows you to select a number of different protocols to use with the mode command, the most common example is cslip for slip with compression. Please note that both ends of the link must agree, so you should ensure that whatever you select agrees with what your server is set to. The above example is fairly robust and should cope with most errors. Please refer to the dip man page for more information. Naturally you could, for example, code the script to do such things as redial the server if it doesn't get a connection within a prescribed period of time, or even try a series of servers if you have access to more than one. 8.6.7. Permament slip connection using a leased line and slattach. If you have a cable between two machines, or are fortunate enough to have a leased line, or some other permanent serial connection between your machine and another, then you don't need to go to all the trouble of using dip to set up your serial link. slattach is a very simple to use utility that will allow you just enough functionality to configure your connection. Since your connection will be a permanent one, you will want to add some commands to your rc.inet1 file. In essence all you need to do for a permament connection is ensure that you configure the serial device to the correct speed and switch the serial device into slip mode. slattach allows you to do this with one command. Add the following to your rc.inet1 file: # # Attach a leased line static slip connection # # configure /dev/cua0 for 19.2kbps and cslip /sbin/slattach -p cslip -s 19200 /dev/cua0 & /sbin/ifconfig sl0 IPA.IPA.IPA.IPA pointopoint IPR.IPR.IPR.IPR up # # End static slip. Where: IPA.IPA.IPA.IPA represents your IP address. IPR.IPR.IPR.IPR represents the IP address of the remote end. slattach allocated the first unallocated slip device to the serial device specified. slattach starts with sl0. Therefore the first slattach command attaches slip device sl0 to the serial device specified, and sl1 the next time, etc. slattach allows you to configure a number of different protocols with the -p argument. In your case you will use either slip or cslip depending on whether you want to use compression or not. Note: both ends must agree on whether you want compression or not. 8.7. Configuring a PLIP device. (optional) plip (Parallel Line IP), is like slip, in that it is used for providing a point to point network connection between two machines, except that it is designed to use the parallel printer ports on your machine instead of the serial ports. Because it is possible to transfer more than one bit at a time with a parallel port, it is possible to attain higher speeds with the plip interface than with a standard serial device. In addition, even the simplest of parallel ports, printer ports, can be used, in lieu of you having to purchase comparitively expensive 16550AFN UART's for your serial ports. Please note that some laptops use chipsets that will not work with PLIP because they do not allow some combinations of signals that PLIP relies on, that printers don't use. The Linux plip interface is compatible with the Crywyr Packet Driver PLIP, and this will mean that you can connect your Linux machine to a DOS machine running any other sort of tcp/ip software via plip. When compiling the kernel, there is only one file that might need to be looked at to configure plip. That file is /usr/src/linux/driver/net/CONFIG, and it contains plip timers in mS. The defaults are probably ok in most cases. You will probably need to increase them if you have an especially slow computer, in which case the timers to increase are actually on the other computer. To configure a plip interface, you will need to add the following lines to your rc.inet1 file: # # Attach a PLIP interface # # configure first parallel port as a plip device /sbin/ifconfig plip0 IPA.IPA.IPA.IPA pointopoint IPR.IPR.IPR.IPR up # # End plip Where: IPA.IPA.IPA.IPA represents your IP address. IPR.IPR.IPR.IPR represents the IP address of the remote machine. The pointopoint parameter has the same meaning as for slip, in that it specifies the address of the machine at the other end of the link. In almost all respects you can treat a plip interface as though it were a slip interface, except that neither dip nor slattach need be, nor can be, used. 8.7.1. PLIP cabling diagram. plip has been designed to use cables with the same pinout as those commonly used by the better known of the MS-DOS based pc-pc file transfer programs. The pinout diagram (taken from /usr/src/linux/drivers/net/plip.c) looks as follows: Pin Name Connect pin - pin --------- ------------------------------- GROUND 25 - 25 D0->ERROR 2 - 15 ERROR->D0 15 - 2 D1->SLCT 3 - 13 SLCT->D1 13 - 3 D2->PAPOUT 4 - 12 PAPOUT->D2 12 - 4 D3->ACK 5 - 10 ACK->D3 10 - 5 D4->BUSY 6 - 11 BUSY->D4 11 - 6 D5 7* D6 8* D7 9* STROBE 1* FEED 14* INIT 16* SLCTIN 17* Notes: Do not connect the pins marked with an asterisk `*'. Extra grounds are 18,19,20,21,22,23, and 24. If the cable you are using has a metallic shield, it should be connected to the metallic DB-25 shell at one end only. Warning: A miswired PLIP cable can destroy your controller card. Be very careful, and double check every connection to ensure you don't cause yourself any unnecessary work or heartache. While you may be able to run PLIP cables for long distances, you should avoid it if you can. The specifications for the cable allow for a cable length of about 1 metre or so. Please be very careful when running long plip cables as sources of strong electromagnetic fields such as lightning, power lines, and radio transmitters can interfere with and sometimes even damage your controller. If you really want to connect two of your computers over a large distance you really should be looking at obtaining a pair of thin-net ethernet cards and running some coaxial cable. 9. Routing. (mandatory) After you have configured all of your network devices you need to think about how your machine is going to route IP datagrams. If you have only one network device configured then your choice is easy, as all datagrams for any machine other than yours must go via that interface. If you have more than one network interface then your choice is a little more complicated. You might have both an ethernet device and slip connection to your machine at home. In this situation you must direct all datagrams for your machine at home via your slip interface, and all else via the ethernet device. Routing is actually a very simple mechanism, but don't worry if you find it slightly difficult to understand at first; everybody does. You can display the contents of your routing table by using the route command without any options. There are four commonly used routing mechanisms for unix network configurations. I'll briefly discuss each in turn. 9.1. Static/Manual Routes. Static routing, as its name implies, is `hard coded' routing, that is, it will not change if your network suffers some failure, or if an alternate route becomes available. Static routes are often used in cases where you have a very simple network with no alternate routes available to a destination host, that is, there is only one possible network path to a destination host, or where you want to route a particular way to a host regardless of network changes. In Linux there is a special use for manual routes, and that is for adding a route to a slip or plip host where you have used the ifconfig pointopoint parameter. If you have a slip/plip link, and have the pointopoint parameter specifying the address of the remote host, then you should add a static route to that address so that the ip routing software knows how to route datagrams to that address. The route command you would use for the slip/plip link via leased line example presented earlier would be: #/sbin/route add IPR.IPR.IPR.IPR Where: IPR.IPR.IPR.IPR represents the IP address of the remote end. 9.2. Default Route. The default route mechanism is probably the most common and most useful to most end-user workstations and hosts on most networks. The default route is a special static route that matches every destination address, so that if there is no more specific route for a datagram to be sent to, then the default route will be used. If you have a configuration where you have only a single ethernet interface, or a single slip interface device defined then you should point your default route via it. In the case of an ethernet interface, the Linux kernel knows where to send datagrams for any host on your network. It works this out using the network address and the network mask as discussed earlier. This means that the only datagrams the kernel won't know how to properly route will be those for people not on your network. To make this work you would normally have your default route point to your router address, as it is your means of getting outside of your local network. If you are using a slip connection, then your slip server will be acting as your router, so your default route will be via your slip server. To configure your default route, add the following to your rc.inet1 after all of your network device configurations: # # Add a default route. # /sbin/route add default gw RGA.RGA.RGA.RGA # Where: RGA.RGA.RGA.RGA represents your Router/Gateway Address. 9.3. Proxy ARP. This method is ugly, hazard prone and should be used with extreme care, some of you will want to use it anyway. Those with the greatest need for proxy arp will be those of you who are configuring your Linux machine as a slip dial-in server. For those of you who will be using PPP, the PPP daemon simplifies and automates this task, making it a lot safer to use. Normally when a host on your ethernet network wants to talk to you, it knows your IP address, but doesn't know what hardware (ethernet) address to send datagrams to. The ARP mechanism is there specifically to provide that mapping function between network address and hardware address. If you want to use your machine as a server for other machines, you must get your machine to answer ARP requests for their IP addresses on their behalf, as they will not be physically connected to the ethernet network. Lets say that you have been assigned a number of IP addresses on your local network that you will be offering to dial-in slip users. Lets say those addresses are: 128.253.154.120-124, and that you have an ethernet card with a hardware address of 00:00:C0:AD:37:1C. (You can find the hardware address of your ethernet card by using the ifconfig command with no options). To instruct your Linux server to answer arp requests by proxy for these addresses you would need to add the following commands to the end of your rc.inet1 file: # # Proxy ARP for those dialin users who will be using this # machine as a server: # /sbin/arp -s 128.263.154.120 00:00:C0:AD:37:1C pub /sbin/arp -s 128.263.154.121 00:00:C0:AD:37:1C pub /sbin/arp -s 128.263.154.122 00:00:C0:AD:37:1C pub /sbin/arp -s 128.263.154.123 00:00:C0:AD:37:1C pub /sbin/arp -s 128.263.154.124 00:00:C0:AD:37:1C pub # # End proxy arps. The pub argument stands for `publish'. It is this argument that instructs your machine to answer requests for these addresses, even though they are not for your machine. When it answers it will supply the hardware address specified, which is of course its own hardware address. Naturally you will need to ensure that you have routes configured in your linux server that point these addresses to the slip device on which they will be connecting. If you are using PPP, you don't need to worry about manually messing with the arp table, as the pppd will manage those entries for you if you use the proxyarp parameter, and as long as the IP addresses of the remote machine and the server machine are in the same network. You will need to supply the netmask of the network on the server's pppd command line. 9.4. gated - the routing daemon. gated could be used in place of proxy arp in some cases, and would certainly be much cleaner, but its primary use is if you want your linux machine to act as an intelligent ip router for your network. gated provides support for a number of routing protocols. Among these are RIP, BGP, EGP, HELLO, and OSPF. The most commonly used in small networks being rip. rip stands for `Routing Information Protocol'. If you run gated, configured for rip, your linux machine will periodically broadcast a copy of its routing table to your network in a special format. In this way, all of the other machines on your network will know what addresses are accessible via your machine. gated can be used to replace proxy arp when all hosts on your network run either gated or routed. If you have a network where you use a mixture of manual and dynamic routes, you should mark any manual routes as `passive' to ensure that they aren't destroyed by gated because it hasn't received an update for them. gated would normally be started from your rc.inet2 which is covered in the next section. You might already see a daemon called routed running. gated is superior to routed in that it is more flexible and more functional. So you should use gated and not routed. 9.4.1. Obtaining gated Gated is available from: sunsite.unc.edu /pub/Linux/system/Network/daemons/gated.linux.bin.tgz /gated.linux.man.tgz /gated.linux.tgz gated.linux.tgz is the source, so you probably won't need it unless you wish to recompile the binaries for some reason. 9.4.2. Installing gated The gated binary distribution comprises three programs and two sample configuration files. The programs are: gated the actual gated daemon. gdc the operational user interface for gated. gdc is for controlling the gated daemon, stopping and starting it, obtaining its status and the like. ripquery a diagnostic tool to query the known routes of a gateway using either a `rip query' or a `rip poll'. The configuration files are: gated.conf this is the actual configuration file for the gated daemon. It allows you to specify how gated will behave when it is running. You can enable and disable any of the routing protocols, and control the behaviour of those routing protocols running. gated.version a text file that describes the version number of the gated daemon The gated binary distribution will not install the gated files in the correct place for you. Fortunately there aren't very many, so its fairly simple to do. To install the binaries try the following: # cd /tmp # gzip -dc .../gated.linux.bin.tgz | tar xvf - # install -m 500 bin/gated /usr/etc # install -m 444 bin/gated.conf bin/gated.version /etc # install -m 555 bin/ripquery bin/gdc /sbin # rm -rf /tmp/bin I keep the networking daemons in /usr/etc, if yours are somewhere else then naturally you'll have to change the target directory. The sample gated configuration file included configures gated to emulate the old routed daemon. To install the man files, try the following: # cd /tmp # gzip -dc .../gated.linux.man.tgz | tar xvf - # install -m 444 man/*.8 /usr/man/man8 # install -m 444 man/*.5 /usr/man/man5 # rm -rf /tmp/man The man files contain concise and detailed information on the configuration and use of gated. For information on configuring gated, refer to the gated-config man page. 10. Configuring the network daemons. As mentioned earlier, there are other files that you will need to complete your network installation. These files concern higher level configurations of the network software. Each of the important ones are covered in the following sub-sections, but you will find there are others that you will have to configure as you become more familiar with the network suite. 10.1. /etc/rc.d/rc.inet2 (the second half of rc.net) If you have been following this document you should at this stage have built an rc file to configure each of your network devices with the correct addresses, and set up whatever routing you will need for your particular network configuration. You will now need to actually start some of the higher level network software. Now would be a really good time to read Olaf's Network Administrators Guide, as it really should be considered the definitive document for this stage of the configuration process. It will help you decide what to include in this file, and more importantly perhaps, what not to include in this file. For the security conscious it is a fair statement to say that the more network services you have running, the more likely the chance of your system having a security hole: Run only what you need. There are some very important daemons (system processes that run in the background) that you will need to know a little about. The man pages will tell you more, but they are: 10.1.1. inetd. inetd is a program that sits in the background and manages internet connection requests and the like. It is smart enough that you don't need to leave a whole bunch of servers running when there is nothing connected to them. When it sees an incoming request for a particular service, eg telnet, or ftp, it will check the /etc/services file, find what server program needs to be run to manage the request, start it, and hand the connection over to it. Imagine it as a master server for your internet servers. It also has a few simple standard services inbuilt. These are echo, discard and generate services used for various types of network testing. 10.1.2. syslogd. syslogd is a daemon that handles all system logging. It accepts messages generated for it and will distribute them according to a set of rules contained in /etc/syslogd.conf. For example, certain types of messages you will want to send to the console, and also to a log file, where others you will want only to log to a file. syslogd allows you to specify what messages should go where. 10.2. A sample rc.inet2 file. The following is a sample rc.inet2 file that Fred built. It starts a large number of servers, so you might want to trim it down to just those services that you actually want to run. To trim it down, simply delete or comment out the stanzas (if to fi) that you don't need. All each stanza does is test that the relevant module is a file, that it exists, echoes a comment that you can see when you boot your machine, and then executes the commands with the arguments supplied to ensure that it runs happily in the background. For more detailed information on each of the deamons, check either the Network Administrators Guide or the relevant man pages. #! /bin/sh # # rc.inet2 This shell script boots up the entire INET system. # Note, that when this script is used to also fire # up any important remote NFS disks (like the /usr # distribution), care must be taken to actually # have all the needed binaries online _now_ ... # # Version: @(#)/etc/rc.d/rc.inet2 2.18 05/27/93 # # Author: Fred N. van Kempen, <waltje@uwalt.nl.mugnet.org> # # Constants. NET="/usr/etc" IN_SERV="lpd" LPSPOOL="/var/spool/lpd" # At this point, we are ready to talk to The World... echo -e "\nMounting remote file systems ..." /bin/mount -t nfs -v # This may be our /usr runtime!!! echo -e "\nStarting Network daemons ..." # Start the SYSLOG daemon. This has to be the first server. # This is a MUST HAVE, so leave it in. echo -n "INET: " if [ -f ${NET}/syslogd ] then echo -n "syslogd " ${NET}/syslogd fi # Start the SUN RPC Portmapper. if [ -f ${NET}/rpc.portmap ] then echo -n "portmap " ${NET}/rpc.portmap fi # Start the INET SuperServer # This is a MUST HAVE, so leave it in. if [ -f ${NET}/inetd ] then echo -n "inetd " ${NET}/inetd else echo "no INETD found. INET cancelled!" exit 1 fi # Start the NAMED/BIND name server. if [ ! -f ${NET}/named ] then echo -n "named " ${NET}/named fi # Start the ROUTEd server. # NOTE: routed is now obselete. You should now use gated. #if [ -f ${NET}/routed ] #then # echo -n "routed " # ${NET}/routed -q #-g -s #fi # Start the GATEd server. if [ -f ${NET}/gated ] then echo -n "gated " ${NET}/gated fi # Start the RWHO server. if [ -f ${NET}/rwhod ] then echo -n "rwhod " ${NET}/rwhod -t -s fi # Start the U-MAIL SMTP server. if [ -f XXX/usr/lib/umail/umail ] then echo -n "umail " /usr/lib/umail/umail -d7 -bd </dev/null >/dev/null 2>&1 & fi # Start the various INET servers. for server in ${IN_SERV} do if [ -f ${NET}/${server} ] then echo -n "${server} " ${NET}/${server} fi done # Start the various SUN RPC servers. if [ -f ${NET}/rpc.portmap ] then if [ -f ${NET}/rpc.ugidd ] then echo -n "ugidd " ${NET}/rpc.ugidd -d fi if [ -f ${NET}/rpc.mountd ] then echo -n "mountd " ${NET}/rpc.mountd fi if [ -f ${NET}/rpc.nfsd ] then echo -n "nfsd " ${NET}/rpc.nfsd fi # Fire up the PC-NFS daemon(s). if [ -f ${NET}/rpc.pcnfsd ] then echo -n "pcnfsd " ${NET}/rpc.pcnfsd ${LPSPOOL} fi if [ -f ${NET}/rpc.bwnfsd ] then echo -n "bwnfsd " ${NET}/rpc.bwnfsd ${LPSPOOL} fi fi echo network daemons started. # Done! 10.3. Name Resolution. Name Resolution is the process of converting a hostname in the familiar dotted notation (e.g. tsx-11.mit.edu) into an IP address which the network software understands. There are two principal means of achieving this in a typical installation, one simple, and one more complex. 10.3.1. /etc/hosts /etc/hosts contains a list of ip addresses and the hostnames they map to. In this way, you can refer to other machines on the network by name, as well as their ip address. Using a nameserver (see section `named') allows you to do the same name->ip address translation automatically. (Running named allows you to run your own nameserver on your linux machine). This file needs to contain at least an entry for 127.0.0.1 with the name localhost. If you're not only using loopback, you need to add an entry for your ip address, with your full hostname (such as loomer.vpizza.com). You may also wish to include entries for your gateways and network addresses. For example, if loomer.vpizza.com has the ip address 128.253.154.32, the /etc/hosts file would contain: # /etc/hosts # List of hostnames and their ip addresses 127.0.0.1 localhost 128.253.154.32 loomer.vpizza.com loomer # end of hosts Once again you will need to edit this file to suit your own needs. If you're only using loopback, the only line in /etc/hosts should be for 127.0.0.1, with both localhost and your hostname after it. Note that in the second line, above, there are two names for 128.253.154.32: loomer.vpizza.com and just loomer. The first name is the full hostname of the system, called the "Fully Qualified Domain Name", and the second is an alias for it. The second allows you to type only rlogin loomer instead of having to type the entire hostname. You should ensure that you put the Fully Qualified Domain Name in the line before the alias name. 10.3.2. named - do I need thee ? `I dub thee ..' named is the nameserver daemon for many unix-like operating systems. It allows your machine to serve the name lookup requests, not only for itself, but also for other machines on the network, that is, if another machine wants to find the address for `goober.norelco.com', and you have this machines address in your named database, then you can service the request and tell other machines what `goobers' address is. Under older implementations of Linux tcp/ip, to create aliases for machine names, (even for your own machine), you had to run named on your Linux machine to do the hostname to IP address conversion. One problem with this is that named is comparitively difficult to set up properly, and maintain. To solve this problem, a program called hostcvt.build was made available on Linux systems to translate your /etc/hosts file into the many files that make up named database files. However even with this problem overcome, named still uses CPU overhead and causes network traffic. The bottom line is this: You do not need to run named on your Linux system. The SLS instructions will probably tell you to run hostcvt.build to setup named. This is simply unnecessary unless you want to make your Linux system function as a nameserver for other machines, in which case you probably should learn some more about named anyway. When looking up hostnames, your linux machine will first check the /etc/hosts file, and then ask the nameserver out on the net. The only reason you may want to run named would be if: o You're setting up a network of machines, and need a nameserver for one of them, and don't have a nameserver out on the net somewhere. o Your network administrators want you to run your Linux system as a nameserver for some reason. o You have a slow slip connection, and want to run a small cache-only nameserver on your Linux machine so that you don't have to go out on the serial line for every name lookup that occurs. If you're only going to be connecting to a small number of hosts on the net, and you know what their addresses are, then you can put them in your hosts file and not need to query a nameserver at all. Generally namelookup isn't that slow and should work fine over a slip link anyway. o You want to run a nameserver for fun and excitement. In general, you do NOT need to run named: this means that you can comment it out from your rc.inet2 file, and you don't have to run hostcvt.build. If you want to alias machine names, for example, if you want to refer to loomer.vpizza.com as just loomer, then you can add as alias in /etc/hosts instead. There is no reason to run named unless you have a specific requirement to do so. If you have access to a nameserver, (and your network administrators will tell you its address), and most networks do, then don't bother running named. If you're only using loopback, you can run named and set your nameserver address to 127.0.0.1, but since you are the only machine you can talk to, this would be quite bizzarre, as you'd never need to call it. 10.3.3. /etc/networks The /etc/networks file lists the names and addresses of your own, and other, networks. It is used by the route command, and allows you to specify a network by name, should you so desire. Every network you wish to add a route to using the route command should have an entry in the /etc/networks file, unless you also specify the -net argument in the route command line. Its format is simliar to that of /etc/hosts file above, and an example file might look like: # # /etc/networks: list all networks that you wish to add route commands # for in here # default 0.0.0.0 # default route - recommended loopnet 127.0.0.0 # loopback network - recommended mynet 128.253.154.0 # Example network CHANGE to YOURS # # end of networks 10.3.4. /etc/host.conf The system has some library functions called the resolver library. This file specifies how your system will lookup host names. It should contain at least the following two lines: order hosts,bind multi on These two lines tell the resolve libraries to first check the /etc/hosts file, and then to ask the nameserver (if one is present). The multi entry allows you to have multiple IP addresses for a given machine name in /etc/hosts. This file comes from the implementation of the resolv+ bind library for Linux. You can find further documentation in the resolv+(8) man page if you have it. If you don't, it can be obtained from: sunsite.doc.ic.ac.uk /computing/comms/tcpip/nameserver/resolv+/resolv+2.1.1.tar.Z This file contains the resolv+.8 man page for the resolver library. 10.3.5. /etc/resolv.conf This file actually configures the system name resolver, and contains two types of entries: The addresses of your nameservers (if any), and the name of your domain, if you have one. If you're running your own nameserver (i.e running named on your Linux machine), then the address of your nameserver is 127.0.0.1, the loopback address. Your domain name is your fully qualified hostname (if you're a registered machine on the Internet, for example), with the hostname component removed. That is, if your full hostname is loomer.vpizza.com, then your domain name is vpizza.com, without the hostname loomer. For example, if you machine is goober.norelco.com, and has a nameserver at the address 128.253.154.5, then your /etc/resolv.conf file would look like: domain norelco.com nameserver 127.253.154.5 You can specify more than one nameserver. Each one must have a nameserver entry in the resolv.conf file. Remember, if you're running on loopback, you don't need a nameserver. 10.3.6. Configuring your Hostname - /etc/HOSTNAME After you have configured everything else, there is one small task that remains, you need to configure your own machine with a name. This is so that application programs like sendmail can know who you are to accept mail, and so that your machine can identify itself to other machines that it might be connected to. There are two programs that are used to configure this sort of information, and they are commonly misused. They are hostname and domainname. If you are using a release of net-tools earlier than 1.1.38 then you can include a command in your /etc/rc file that looks like this: /bin/hostname -S and this will cause the hostname command to read a file called /etc/HOSTNAME which it expects will contain a "Fully Qualified Domain Name", that is, your machines hostname including the domainname. It will split the F.Q.D.N. into its DNS hostname and domainname components and set them appropriately for you. For example, the machine above would have the file /etc/HOSTNAME: goober.norelco.com If you are using the hostname that came with net-tools-1.1.38 or later, then you would add a command at the end of your /etc/rc.d/rc.inet1 file like: /bin/hostname goober.norelco.com or if you have upgraded from a previous release, you could add: /bin/hostname -F /etc/HOSTNAME and it would behave in the same way as for the earlier version. The /bin/domainname command is for setting the N.I.S. domain name NOT the D.N.S. domain name. You do not need to set this unless you are running NIS, which is briefly described later. 10.4. Other files. There are of course many other files in the /etc directory which you may need to dabble with later on. Instead of going into them here, I'm going to provide the bare minimum to get you on the net. More information is available in Olaf's Network Administration Guide. It picks up where this HOWTO ends, and some more information will be provided in later versions of this document. Once you have all of the files set up, and everthing in the right place, you should be able to reboot you new kernel, and net away to your hearts content. However I strongly suggest that you keep a bootable copy of your old kernel and possibly even a `recovery disk', in case something goes wrong, so that you can get back in and fix it. You might try HJLu's `single disk boot disk', or `disk1' from an SLS distribution. 11. Advanced Configurations. The configurations above have described how a typical Linux workstation might be configured for normal end-user operation. Some of you will have other requirements which will require slightly more advanced configurations. What follows are examples of some the more common of these. 11.1. PPP - Point to Point Protocol. The Point to Point Protocol is a modern and efficient protocol for conveying multiple protocols, tcp/ip for one, across serial links, that a lot of people use in place of slip. It offers enhanced functionality, error detection and security options. It corrects a number of deficiencies that are found in slip, and is suitable for both asynchronous links and synchronous links alike. An important feature of PPP operation is dynamic address allocation, and this feature will almost certainly be exploited by your PPP server. This feature allows a PPP client, with a specially formatted frame, to request its address from the server. In this way configuration is somewhat less messy than with slip, since this ability to retrieve your address must occur outside of the protocol. The authors of the Linux port are Michael Callahan, <callahan@maths.ox.ac.uk> and Al Longyear, <longyear@netcom.com>. Most of this information has come from the documentation that accompanies the PPP software. The documentation is quite complete, and will tell you much more than I present here. The Linux PPP code has come out of Alpha testing and is now available as a public release. The 1.0.0 Linux PPP code is based on Paul Mackerras's free PPP for BSD-derivative operating systems. The 1.0.0 release is based on version 2.1.1 of the free PPP code. The PPP code comes in two parts. The first is a kernel module which handles the assembly and disassembly of the frames, and the second is a set of protocols called LCP, IPCP, UPAP and CHAP, for negotiating link options, bringing the link into a functioning state and for authentication. 11.1.1. Why would I use PPP in place of SLIP ? You would use PPP in place of SLIP for a few reasons. The most common are: Your Internet Provider supports only PPP The most obvious reason you would use PPP in favour of SLIP is when your Internet Provider supports PPP and not SLIP. Ok, I said it was obvious. You have a normally noisy serial line PPP provides a frame check sequence for each and every frame transmitted, SLIP does not. If you have a noisy serial line, and you are using SLIP, your error correction will be performed end to end, that is between your machine and the destination machine, whereas with PPP the error detection occurs locally, between your machine and the PPP server. This makes for faster recovery from errors. You need to make use of some other feature PPP offers. PPP provides a number of features that SLIP does not. You might for example want to carry not only IP, but also DECNET, or AppleTalk frames over your serial link. PPP will allow you to do this. 11.1.2. Where to obtain the PPP software. The ppp software is available from: sunsite.unc.edu /pub/Linux/system/Networking/serial/ppp-2.1.2a.tar.gz This file contains the kernel source, and the pppd source and binary. Version 1.0.0 is meant for use with kernels 1.0.x and 1.1.x. No support is currently available for Fred's Net-2E kernel. 11.1.3. Installing the PPP software. Installation of the PPP software is fairly straightforward. 11.1.3.1. The kernel driver. Some support for ppp has been built into the kernel for some time. Configuring the kernel is fairly easy, the following should work ok: # cd /usr/src # gzip -dc ppp-2.1.2a.tar.gz | tar xvf - # cp /usr/src/ppp-2.1.2a/linux/ppp.c /usr/src/linux/drivers/net # cp /usr/src/ppp-2.1.2a/pppd/ppp.h /usr/src/linux/include/linux You will then need to uncomment the CONFIG_PPP line in /usr/src/linux/config.in. If you are running a version of the kernel that is 1.1.4 or higher, then you will also need to comment out or delete the macro definition of NET02D in the file /usr/src/linux/drivers/net/ppp.c. If you are running an even more recent version then you make not to make any changes at all. You can then do a make config, select PPP support, and follow with a make dep;make. When you reboot with the new kernel you should see messages at boot time that look something like these: PPP: version 2.1.1 (4 channels) TCP compression code copyright 1989 Regents of the University of California PPP line discipline registered. Now, try looking at the contents of /proc/net/dev. It should look something like this: Inter-| Receive | Transmit face |packets errs drop fifo frame|packets errs drop fifo colls carrier lo: 0 0 0 0 0 0 0 0 0 0 0 ppp0: 0 0 0 0 0 0 0 0 0 0 0 ppp1: 0 0 0 0 0 0 0 0 0 0 0 ppp2: 0 0 0 0 0 0 0 0 0 0 0 ppp3: 0 0 0 0 0 0 0 0 0 0 0 This indicates that the kernel driver is installed correctly. 11.1.3.2. pppd If you want to recompile pppd, type make in the pppd subdirectory of the installation. There will be some warnings when compiling lcp.c, upap.c and chap.c but these are OK. If you want to recompile chat, consult README.linux in the chat directory. To install, type make install in the chat and pppd directories. This will put chat and pppd binaries in /usr/etc and the pppd.8 manual page in /usr/man/man8. pppd needs to be run as root. You can either make it suid root or just use it when you are root. make install will try to install it suid root, so if you are root when you try to install it, it should work ok. 11.1.4. Configuring and using the PPP software. Like slip, you can configure the PPP software as either a client or a server. The chat performs a similar function to the dip program in that it is used to automate the dialling and login procedure to the remote machine, unlike dip though, it does not perform the ioctl to convert the serial line into a PPP line. This is performed by the pppd program. pppd can act as either the client or the server. When used as a client, it normally invokes the chat program to perform the connection and login, and then it takes over by performing the ioctl to change the line discipline to ppp and then steps out of the way to let you operate. Please refer to the pppd and chat man pages for more information. Please also refer to the README file that comes with the ppp software, as its description of the operation of these utilities is much more complete than I have described here. 11.1.4.1. Configuring a PPP client by dial-up modem. This is perhaps what most of you will want to do, so it appears first. You would use this configuration when you have a network provider who supports ppp by dialup modem. When you want to establish your connection you simply have to invoke the pppd program with appropriate arguments. The following example might look a little confusing at first, but it is easier to understand if you can see that all it is doing is taking a command line for the chat program as its first argument and then others for itself later. pppd connect 'chat -v "" ATDT5551212 CONNECT "" ogin: ppp word: password'\ /dev/cua1 38400 debug crtscts modem defaultroute 192.1.1.17: What this says is: o Invoke the chat program with the command line: chat -v "" ATDT5551212 CONNECT "" ogin: ppp word: password Which says: Dial 5551212, wait for the `CONNECT' string, transmit a carriage return, wait for the string `ogin:', transmit the string `ppp', wait for the string `word:', transmit the string `password', and quit. o Use serial device /dev/cua1 o Set its speed to 38400 bps. o debug means log status messages to syslog o crtscts means use hardware handshaking to the modem - recommended. o modem means that pppd will attempt to hang up the call before and after making the call. o defaultroute instructs pppd to add a routing entry that makes this the default route. In most cases this will be what you want. o 192.1.1.17: says to set the ppp interfaces address to 192.1.1.17. This argument normally looks like x.x.x.x:y.y.y.y, where x.x.x.x is your ip address, and y.y.y.y is the ip address of the server. If you leave off the server's address, pppd will ask for it, and x.x.x.x will be set to your machines ip address. Please refer to the pppd and chat man pages for more information. Please also refer to the README file that comes with the ppp software, as its description of the above is much more complete than I have described here. 11.1.4.2. Configuring a PPP client via a leased line. Configuring a PPP client via a leased line is almost as straightforward as for configuring slip with slattach. You will still use the pppd program, but since you won't need to establish the modem link the arguments to the chat program can be much simpler. The example I'm presenting here assumes that the ppp server doesn't require any special login procedure. I do this because every login procedure will be different, and if you are simply running a local connection then it is possible that you might have it set up this way. pppd connect 'echo connecting...' defaultroute noipdefault debug \ kdebug 2 /dev/cua0 9600 This will echo a message to your screen, and set your default route via the ppp interface. The noipdefault argument instructs the pppd program to request the address to use for this device from the server. Debug messages will go to syslog. The kdebug 2 argument causes the debug messages to be set to level 2, this will give you slightly more information on what is going on. It will use /dev/cua0 at 9600 bps. If your ppp server does require some sort of login procedure, you can easily use the chat program as in the example for the dialup server to perform that function for you. Please refer to the pppd and chat man pages for more information. Please also refer to the README file that comes with the ppp software, as its description of the above is much more complete than I have described here. 11.1.4.3. Configuring a PPP server. Configuring a PPP server is similar to establishing a slip server. You can create a special `ppp' account, which uses an executable script as its login shell. The /etc/passwd entry might look like: ppp:EncPasswd:102:50:PPP client login:/tmp:/etc/ppp/ppplogin and the /etc/ppp/ppplogin script might look like: #!/bin/sh exec /usr/etc/pppd passive :192.1.2.23 The address that you provide will be the address that the calling machine will be assigned. Naturally, if you want multiple users to have simultaneous access you would have to create a number of startup scripts and individual accounts for each to use, as you can only put one ip address in each script. 11.1.5. Where to obtain more information on PPP, or report bugs. Most discussion on PPP for Linux takes place on the PPP mailing list. To join the Linux PPP channel on the mail list server, send mail to: linux-activists@niksula.hut.fi with the line: X-Mn-Admin: join PPP at the top of the message body (not the subject line). Please remember that when you are reporting bugs or problems you should include as much information relevant to the problem as you can to assist those that will help you understand your problem. You might also like to check out: RFCS 1548, 1331, 1332, 1333, and 1334. These are the definitive documents for PPP. W. Richard Stevens also describes PPP in his book `TCP/IP Illustrated Volume 1', (Addison-Wessley, 1994, ISBN 0-201-63346-9). 11.2. Configuring Linux as a Slip Server. If you have a machine that is perhaps network connected, that you'd like other people be able to dial into, and provide network services, then you will need to configure your machine as a server. If you want to use slip as the serial line protocol, then currently you have two options as to how to configure your Linux machine as a slip server. I will present a summary of both. 11.2.1. Slip Server using sliplogin sliplogin is a program that you can use in place of the normal login shell for slip users that converts the terminal line into a slip line. The caller will login as per the standard login process, entering their username and password, but instead of being presented with a shell after their login, sliplogin is executed which searches its configuration file (/etc/slip.hosts) for an entry with a login name that matches that of the caller. If it locates one, it configures the line as an 8bit clean line, and uses an ioctl call to convert the line discipline to slip. When this process is complete, the last stage of configuration takes place, where sliplogin invokes a shell script which configures the slip interface with the relevant ip address, netmask and sets appropriate routing in place. This script is usually called /etc/slip.login, but in a similar manner to getty, if you have certain callers that require special initialisation, then you can create configuration scripts called /etc/slip.login.loginname that will be run instead of the default. 11.2.1.1. Where to get sliplogin sliplogin can be obtained from: sunsite.unc.edu /pub/Linux/system/Network/serial/sliplogin.tar.gz The tar file contains both source, precompiled binaries and a man page. To install the binaries into your /sbin directory, and the man page into section 8, do the following: # cd /usr/src # gzip -dc .../sliplogin.tar.gz | tar xvf - # cd src # make install If you want to recompile the binaries before installation, add a make clean before the make install. If you want to install the binaries somewhere else, you will need to edit the Makefile install rule. 11.2.1.2. Configuring /etc/passwd for Slip hosts. You need to create some special logins for Slip callers in your /etc/passwd file. A convention commonly followed is to use the hostname of the calling host with a capital `S' prefixing it. So, for example, if the calling host is called radio then you would create a /etc/passwd entry that looked like: Sradio:FvKurok73:1427:1:radio slip login:/tmp:/sbin/sliplogin Note: the caller doesn't need any special home directory, as they will not be presented with a shell from this machine, so /tmp is a good choice. Also note that sliplogin is used in place of the normal login shell. 11.2.1.3. Configuring /etc/slip.hosts The /etc/slip.hosts file is the file that sliplogin searches for entries matching the login name to obtain configuration details for this caller. It is this file where you specify the ip address and netmask that will be assigned to the caller, and configured for their use. A sample entry for host `radio' might look like: Sradio `hostname` radio <netmask> <opt1> <opt2> The /etc/slip.hosts file entries are: 1. the login name of the caller. 2. ip address of the server machine, ie this machine. 3. ip address that the caller will be assigned. 4. the netmask assigned to the calling machine in hexadecimal notation eg 0xffffff00 for a Class C network mask. 5. optional parameters to enable/disable compression and other features. Note: You can use either hostnames or IP addresses in dotted decimal notation for fields 2 and 3. If you use hostnames then those hosts must be resolvable, that is, your machine must be able to locate an ip address for those hostnames, otherwise the script will fail when it is called. You can test this by trying trying to telnet to the hostname, if you get the `Trying nnn.nnn.nnn...' message then your machine has been able to find an ip address for that name. If you get the message `Unknown host', then it has not. If not, either use ip addresses in dotted decimal notation, or fix up your name resolver configuration. The most commonly used optional paramaters for the opt1 and opt2 fields are: normal to enable normal uncompressed slip. ---End of part 2/3---