Home Networking HOWTO ------------------------ 1.Who should be reading this HOWTO 2.Hardware 3.The Scenario This doc explains how to setup a simple two computer network and configure various services. 1 . Who should be reading this HOWTO ------------------------------------- a.If you are totally new to networking b.You have done some sort of networking before ,but not in Linux c.You want to setup a small network (less than 5 comps) for your organisation or home. 2. Hardware ----------- Having the right and working hardware is the first and the most important requirement for a network setup. You can read the Ethernet HOWTO for more details about Ethernet hardware. Here are the most important points you should keep in mind a. Most Ethernet cards currently available are automatically configured when they are detected. Refer to the Ethernet HOWTO, in case your h/w does not get configured. b. Remember, they are different ways of crimping the network cable, one for PC to PC and the other for PC to hub or switch. In this HOWTO we will be considering only PC-to-PC, so crimp it appropriately. Again details in Ethernet HOWTO. c.If possible check Ethernet cards and cables in a working network setup before proceeding. 3. The Setup ------------- This section explains the sample setup that is used through the rest of document. No. Of PCs = 2 One is called server and the other yashman Both of them running Redhat Linux 7.3 Two Ethernet cards - server - Maxcom and yashman - 3Com PC to PC twisted pair cable connecting the two computers. I selected the following private IP addresses - server - 192.168.1.1 yashman - 192.168.1.2 The above are two of the private addresses which are part of the reserved address.Refer to ****** for a detailed discussion on how to assign IP address. Since this is a small setup, static addressing is enough. Convention Used : commands are in bold and sample files are in italics and file names are underlined.### indicates start or end of a sample file. From here onwards server ad yashman refer to computers as defined as above. Let's start ------------ 1. How to assign IP addresses - a. use ifconfig eg - ifconfig eth0 192.168.1.1 netmask 255.255.255.0 where eth0 is your network device name.netmask specifies the class of the network (in this case class C). You will have to do this every time you boot the system. For a permanent setting use the - b. edit the file /etc/sysconfig/network contents of the file for server - NETWORKING=yes HOSTNAME=server.frodo.com GATEWAY="192.168.1.1" also edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file sample from server - ### DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.1 NETMASK=255.255.255.0 ### sample from yashman ### DEVICE=eth0 ONBOOT=yes BOOTPROTO=static IPADDR=192.168.1.2 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 BROADCAST=192.168.1.255 #### As you can see the hostname for the two systems have also been set. To effect the settings use the following command- service network restart now type ifconfig eth0 to check the settings. 2. Let's test the settings,the best way to do that is to ping from server to yashman and vice versa. ping 192.168.1.2 On success, ping will then display the time taken ,ttl and some other details. if you get an error message saying destination host unreachable,check your hardware (cables,ethernet cards) and try again.Proceed further only after ping succeeds. Type ctrl c to terminate ping. 3.Next we will setup the hosts files in /etc directory. a. /etc/hosts this file is used for mapping hostnames to IP addresses. /etc/hosts is manually managable for a small network like the one we are configuring. /etc/hosts files in server --- #### # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 server.frodo.com server 192.168.1.2 yashman.frodo.com ##### /etc/hosts in yashman -- ### # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.frodo.com localhost 192.168.1.1 server.frodo.com ### b.Simliarily hosts.allow and hosts.deny are two very important files.check out the respective man pages for more details.for your information the file /etc/hosts.allow from server is given- ### # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: ALL #WARNING ,donot do this #in.telnetd:192.168.1.2 portmap:ALL ##### 4.We will now configure the TCP/IP services on server and test their working from yashman. Before testing ,you need to change the firewall settings on server.(WARNING-this step assumes that security is not a major issue as of now). Type setup and select firewall settings in the menu that appears.set it to No Firewall,and quit the application.You can setup program for configuring various.explore it further. a.Telnet - edit your /etc/xinetd.conf file and add the telnet service. Sample file from server - ### # # Simple configuration file for xinetd # # Some defaults, and include /etc/xinetd.d/ defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.d service telnet { socket_type = stream wait = no nice = 10 user = root server = /usr/sbin/in.telnetd rlimitas = 8M rlimit_cpu = 20 } tcpserver -u 506 -g 506 smtp /var/qmail/bin/qmail-smtpd & ### after you save the file,to effect the settings type- service xinetd restart At yashman type- telnet server.frodo.com if you get a prompt ,wow,success.Let's continue. b.ftp - we will now setup a simple ftp service on server .for that first you will need the ftp server rpm ,which is usually wu-ftpd.install the server and client rpms on server and the ftp client on yashman.(to check ftp client is already installed ,just type ftp and if you get a prompt ,ftp client is already installed.) the file which controls access to the ftp service is /etc/ftpaccess.see the ftpaccess man page for an explaination.i have configured anonymous ftp on server.the sample file is given below.the files that are accessible by anonymous logins are under /var/ftp/pub directory.so place the appropriate files under that directory. Sample /etc/ftpaccess file from server- ### # This file controls the behavior of the wu-ftpd # ftp server. # # If you're looking for a graphical frontend to # editing it, try kwuftpd from the kdeadmin # package. # Don't allow system accounts to log in over ftp deny-uid %-99 %65534- deny-gid %-99 %65534- allow-uid ftp allow-gid ftp class anonclass anonymous * # Chroot all users to their home directory by default # (comment this out if you don't want to chroot most of your users) guestuser * # If you wish to allow user1 and user2 to access other # directories, use the line below: # realuser user1,user2 # The ftpchroot group doesn't exist by default, this # entry is just supplied as an example. # To chroot a user, modify the line below or create # the ftpchroot group and add the user to it. # # You will need to setup the required applications # and libraries in the root directory (set using # guest-root). # # Look at the anonftp package for the files you'll need. guestgroup ftpchroot guestgroup client # User classes... class all real,guest,anonymous * #class localclass real 192.168.0.* # Set this to your email address email root@localhost # Allow 5 mistyped passwords loginfails 5 # Notify the users of README files at login and when # changing to a different directory readme README* login readme README* cwd=* # Messages displayed to the user message /welcome.msg login message .message cwd=* # Allow on-the-fly compression and tarring compress yes all tar yes all # Prevent anonymous users (and partially guest users) # from executing dangerous commands chmod no guest,anonymous delete no anonymous overwrite no anonymous rename no anonymous # Turn on logging to /var/log/xferlog log transfers anonymous,guest,real inbound,outbound # If /etc/shutmsg exists, don't allow logins # see ftpshut man page shutdown /etc/shutmsg # Ask users to use their email address as anonymous # password passwd-check rfc822 warn ### after you save the file,type wu-ftpd to start the ftp deamon. At yashman type- ftp server.frodo.com if you get a prompt ,wow,success.use the ftp commands to copy files from server to yashman.see ftp man page for ftp commands. c.NFS - Network File System. Nfs allows you to mount file systems on a different system and use it as a partition on your own system.All file operations such as open,close,delete etc are implemented on the remote system. In the above sample hosts.allow file ,we have set portmap:ALL.this allows all systems to access portmap services. We will configure server and yashman such that ,we can mount filesystems on server in yashman.for our sample setup,we have specified ALL:ALL in hosts.allow .if you want to allow only specific hosts to have access to nfs ,you can control that in the exports file as shown below. The file /etc/exports contains the file systems which cam be mounted.example file on server is shown below. ### /usr/sharefiles 192.168.1.0/255.255.255.0 (rw) /mnt/cdrom 192.168.1.2(ro) ### The line shows that any host with IP address in the range 192.168.1.0 - 192.168.1.255 can mount the directory /var/sharefiles in read only mode. You can also use rw etc. to enable nfs you can issue the following commands on server- portmap rpc.nfsd rpc.mountd rpc.statd use rpcinfo -p to ensure all the deamons are working exportfs -a shows all the exports. to enable nfs during boot time,enable it using the setup program. On yashman - use the following command to mount the exports - mount -t nfs server.frodo.com:/var/sharefiles /local_directory or you can add the following entry in the /etc/fstab file server.frodo.com:/var/sharefiles /local_directory nfs rsize=8292,wsize=8192,hard,intr,nolock 0 0 and mount using mount -t nfs -a see mount man page for an explaination of the parameters. d.Sharing you Internet connection - Let's assume that you have only one modem and you want to all the systems on the network to be connected to the Net using a single dail-up connection.It's possible with IP-Masquereding.Read the IP-Masquereding HOW TO for all the theoritical aspects,here i 'll will just give you the steps you need to follow to share a single modem. server has a modem and a dial-up connection.you 'd like to be able to browse from yashman also. First ensure that yashman's gateway address is set to server's IP address.if not edit /etc/sysconfig/network file and restart network for the changes to take effect.also at this point you will need the primary and secondary DNS server addresses .contact your ISP for these. Edit /etc/resolve.conf on yashman and server ,so that they look like the following sample - nameserver primary_DNS_address nameserver secondary_DNS_address search localdomain when not connected to the Net.it's better to have localdomain entry before the DNS addresses otherwise ,any reference a localhost will take a long time to resolve. On server create the file /etc/rc.d/rc.firewall-2.4 sample file from server - ### FWVER=0.7 echo -e "\n Loading firewall version $FWVER \n" IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod INSMOD=/sbin/insmod EXTIF="ppp0" INTIF="eth0" echo -en " loading modules " $DEPMOD -a $INSMOD ip_tables $INSMOD ip_conntrack $INSMOD ip_conntrack_ftp $INSMOD ip_conntrack_irc $INSMOD iptable_nat $INSMOD ip_nat_ftp $INSMOD ip_nat_irc echo "1" > /proc/sys/net/ipv4/ip_forward echo "1" > /proc/sys/net/ipv4/ip_dynaddr $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -t nat -F $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT $IPTABLES -A FORWARD -j LOG $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE ### Read the IP-Masquerading HOWTO for a complete explaination of the above ruleset. Once you are finished with editing the /etc/rc.d/rc.firewall ruleset, make it executable by typing in chmod 700 /etc/rc.d/rc.firewall-2.4 to automatically load the ruleset on reboot ,create a file /etc/rc.d/init.d/firewall-2.4START with the following in it - ### #!/bin/sh # # chkconfig: 2345 11 89 # # description: Loads the rc.firewall-2.4 ruleset. # # processname: firewall-2.4 # pidfile: /var/run/firewall.pid # config: /etc/rc.d/rc.firewall # probe: true # ---------------------------------------------------------------------------- # v02/09/02 # # Part of the copyrighted and trademarked TrinityOS document. # http://www.ecst.csuchico.edu/~dranch # # Written and Maintained by David A. Ranch # dranch@trinnet.net # # Updates # ------- # # ---------------------------------------------------------------------------- # Source function library. . /etc/rc.d/init.d/functions # Check that networking is up. # This line no longer work with bash2 #[ ${NETWORKING} = "no" ] && exit 0 # This should be OK. [ "XXXX${NETWORKING}" = "XXXXno" ] && exit 0 [ -x /sbin/ifconfig ] || exit 0 # The location of various iptables and other shell programs # # If your Linux distribution came with a copy of iptables, most # likely it is located in /sbin. If you manually compiled # iptables, the default location is in /usr/local/sbin # # ** Please use the "whereis iptables" command to figure out # ** where your copy is and change the path below to reflect # ** your setup # IPTABLES=/sbin/iptables # See how we were called. case "$1" in start) /etc/rc.d/rc.firewall-2.4 ;; stop) echo -e "\nFlushing firewall and setting default policies to DROP\n" $IPTABLES -P INPUT DROP $IPTABLES -F INPUT $IPTABLES -P OUTPUT DROP $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -F FORWARD $IPTABLES -F -t nat # Delete all User-specified chains $IPTABLES -X # # Reset all IPTABLES counters $IPTABLES -Z ;; restart) $0 stop $0 start ;; status) $IPTABLES -L ;; mlist) cat /proc/net/ip_conntrack ;; *) echo "Usage: firewall-2.4 {start|stop|status|mlist}" exit 1 esac exit 0 ### after you save the file ,run the following command - chkconfig -level=345 firewall-2.4START on see man chkconfig. Testing the setup - Reboot the system. Run the command - /etc/rc.d/rc.firewall connect server to the ISP.type ifconfig on server and note it's dynamically assigned IP address. On yashman ,try pingin to the above noted address.if the ping is successful,you are done.Fire up a browser and start surfing. For any trouble shooting,see the IP-Masquerading HOWTO.