blob: 92f0e1eab9b4c42272e396041f27bdfdb591ab4d (
plain) (
tree)
|
|
<!DOCTYPE html>
<html dir="ltr" lang="en">
<head>
<meta charset='utf-8'>
<title>2.3. Network</title>
</head>
<body>
<a href="index.html">Core OS Index</a>
<h1>2.3. Network</h1>
<p>Operation of the network can be handle with init scripts;</p>
<dl>
<dt><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a></dt>
<dd>Configure iptables, start option loads set of rules from
file /etc/iptables/rules_file_name, open option allows everything
to outside and blocks everything from outside, stop will block
and log everything.</dd>
<dt><a href="conf/rc.d/net">/etc/rc.d/net</a></dt>
<dd>Configure Ethernet interface with static or dynamic (dhcp)
IP, set default route and add default gateway.</dd>
<dt><a href="conf/rc.d/wlan">/etc/rc.d/wlan</a></dt>
<dd>Configure Wireless interface, launch wpa_supplicant to handle
wireless authenticationand dynamic (dhcp)
connection to router and add as default gateway.</dd>
</dl>
<p>Choose wireless or net as connection to outside world and configure
<a href="conf/rc.conf">/etc/rc.conf</a> to run at startup, example
connecting using wireless interface;</p>
<pre>
#
# /etc/rc.conf: system configuration
#
FONT=default
KEYMAP=dvorak
TIMEZONE="Europe/Lisbon"
HOSTNAME=c9
SYSLOG=sysklogd
SERVICES=(lo iptables wlan crond)
# End of file
</pre>
<p>If is first boot after install configure iptables and one of above
described scripts then proceed to
<a href="package.html#sysup">update system.</a></p>
<h2 id="resolv">2.3.1. Resolver</h2>
<p>This example will use
<a href="http://www.chaoscomputerclub.de/en/censorship/dns-howto">Chaos Computer Club</a>
server, edit /etc/resolv.conf and make it immutable;</p>
<pre>
# /etc/resolv.conf.head can replace this line
nameserver 213.73.91.35
# /etc/resolv.conf.tail can replace this line
</pre>
<pre>
# chattr +i /etc/resolv.conf
</pre>
<h2 id="static">2.3.2. Static IP</h2>
<p>Current example of <a href="conf/rc.d/net">/etc/rc.d/net</a>;</p>
<pre>
Address: 192.168.0.1 11000000.10101000.00000000 .00000001
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
=>
Network: 192.168.0.0/24 11000000.10101000.00000000 .00000000 (Class C)
Broadcast: 192.168.0.255 11000000.10101000.00000000 .11111111
HostMin: 192.168.0.1 11000000.10101000.00000000 .00000001
HostMax: 192.168.0.254 11000000.10101000.00000000 .11111110
Hosts/Net: 254 (Private Internet)
</pre>
<p>Other IP class that can used for private network;</p>
<pre>
Address: 10.0.0.1 00001010.00000000.00000000 .00000001
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111
=>
Network: 10.0.0.0/24 00001010.00000000.00000000 .00000000 (Class A)
Broadcast: 10.0.0.255 00001010.00000000.00000000 .11111111
HostMin: 10.0.0.1 00001010.00000000.00000000 .00000001
HostMax: 10.0.0.254 00001010.00000000.00000000 .11111110
Hosts/Net: 254 (Private Internet)
</pre>
<p>Manual configuring like net script;</p>
<pre>
# DEV=enp8s0
# ADDR=192.168.1.9
# MASK=24
# GW=192.168.1.254
</pre>
<pre>
# ip addr flush dev ${DEV}
# ip route flush dev ${DEV}
# ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast +
# ip link set ${DEV} up
# ip route add default via ${GW}
</pre>
<h2 id="iptables">2.3.3. Iptables</h2>
<p>For more information about iptables read
<a href="https://wiki.archlinux.org/index.php/Iptables">arch wiki</a>.
You can use
<a href="conf/iptables/rules.v4">/etc/iptables/rules.v4</a>
or
<a href="conf/iptables/iptables-lan.sh">/etc/iptables/iptables-lan.sh</a>
as a template, replace interfaces by correct ones.
This configuration file is used at boot time by iptables-restore command,
if you use a script or change the rules of running system you can
use iptables-save command to save configuration to a file.</p>
<pre>
# mkdir /etc/iptables
# cp c9-doc/core/conf/iptables/rules.v4 /etc/iptables/
# cp c9-doc/core/conf/rc.d/iptables /etc/rc.d/
# chmod +x /etc/rc.d/iptables
</pre>
<p>Adjust rules.v4 to your needs, then;</p>
<pre>
# sh /etc/rc.d/iptables start
</pre>
<p>See current rules and packets;</p>
<pre>
# iptables -L -n -v | less
</pre>
<p>Copy init script, edit if you dont like to
let drop when you call stop.</p>
<p>Re-configure your rc.conf and add iptables before (w)lan is up;</p>
<pre>
SERVICES=(lo iptables net crond)
</pre>
<p>
<h2 id="wpa">2.3.4. Wpa and dhcpd</h2>
<p>There is more information on
<a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a> and
see <a href="conf/rc.d/wlan">/etc/rc.d/wlan</a>. Manual or first time configuration;</p>
<pre>
# ip link
</pre>
<pre>
# iwlist wlp2s0 scan
</pre>
<pre>
# iwconfig wlp2s0 essid NAME key s:ABCDE12345
</pre>
<h3>2.3.4.1. Wpa Supplicant</h3>
<p>Configure wpa supplicant edit;</p>
<pre>
# vim /etc/wpa_supplicant.conf
</pre>
<pre>
ctrl_interface=/var/run/wpa_supplicant
update_config=1
fast_reauth=1
ap_scan=1
</pre>
<pre>
# wpa_passphrase <ssid> <password> >> /etc/wpa_supplicant.conf
</pre>
<p>Now start wpa_supplicant with:</p>
<pre>
# wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.conf
Successfully initialized wpa_supplicant
</pre>
<p>Use <a href="conf/rc.d/wlan">/etc/rc.d/wlan</a>
init script to auto load wpa configuration and dhcp
client.</p>
<h3>2.3.4.2. Wpa Cli</h3>
<pre>
# wpa_cli
> status
</pre>
<pre>
> add_network
3
</pre>
<pre>
> set_network 3 ssid "Crux-Network"
OK
</pre>
<pre>
> set_network 3 psk "uber-secret-pass"
OK
</pre>
<pre>
> enable_network 3
OK
</pre>
<pre>
> list_networks
</pre>
<pre>
> select_network 3
</pre>
<pre>
> save_config
</pre>
<a href="index.html">Core OS Index</a>
<p>
This is part of the c9-doc Manual.
Copyright (C) 2017
c9 team.
See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a>
for copying conditions.</p>
</body>
</html>
|