diff options
Diffstat (limited to 'core/network.html')
| -rw-r--r-- | core/network.html | 165 |
1 files changed, 70 insertions, 95 deletions
diff --git a/core/network.html b/core/network.html index 5913845..4a412ad 100644 --- a/core/network.html +++ b/core/network.html @@ -2,14 +2,15 @@ <html dir="ltr" lang="en"> <head> <meta charset='utf-8'> - <title>2.3. Network</title> + <title>2.2. Network</title> </head> <body> <a href="index.html">Core OS Index</a> - <h1>2.3. Network</h1> + <h1>2.2. Network</h1> - <p>Operation of the network can be handle with init scripts;</p> + <p>Operation of the network can be handle with init scripts or with + <a href="#nm">network manager</a>;</p> <dl> <dt><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a></dt> @@ -24,11 +25,13 @@ <dd>Configure Wireless interface, launch wpa_supplicant to handle wireless authenticationand dynamic (dhcp) connection to router and add as default gateway.</dd> + <dt><a href="conf/rc.d/wlan">/etc/rc.d/networkmanager</a></dt> + <dd>Use network manager to handle connections.</dd> </dl> - <p>Choose wireless or net as connection to outside world and configure - <a href="conf/rc.conf">/etc/rc.conf</a> to run at startup, example - connecting using wireless interface;</p> + <p>Choose wireless (wlan), cable network (net) or network manager in + <a href="conf/rc.conf">/etc/rc.conf</a> to handle configuration of the + network at startup, example using network manager;</p> <pre> # @@ -40,7 +43,7 @@ TIMEZONE="Europe/Lisbon" HOSTNAME=machine SYSLOG=sysklogd - SERVICES=(lo iptables wlan crond) + SERVICES=(lo iptables networkmanager crond) # End of file </pre> @@ -49,7 +52,7 @@ described scripts then proceed to <a href="package.html#sysup">update system.</a></p> - <h2 id="resolv">2.3.1. Resolver</h2> + <h2 id="resolv">2.2.1. Resolver</h2> <p>This example will use <a href="http://www.chaoscomputerclub.de/en/censorship/dns-howto">Chaos Computer Club</a> @@ -57,7 +60,7 @@ <pre> # /etc/resolv.conf.head can replace this line - nameserver 213.73.91.35 + nameserver 2.2.73.91.35 # /etc/resolv.conf.tail can replace this line </pre> @@ -65,7 +68,7 @@ # chattr +i /etc/resolv.conf </pre> - <h2 id="static">2.3.2. Static IP</h2> + <h2 id="static">2.2.2. Static IP</h2> <p>Current example of <a href="conf/rc.d/net">/etc/rc.d/net</a>;</p> @@ -112,37 +115,11 @@ # ip route add default via ${GW} </pre> - <h2 id="iptables">2.3.3. Iptables</h2> + <h2 id="iptables">2.2.3. Iptables</h2> <p>For more information about firewall systems read arch wiki <a href="https://wiki.archlinux.org/index.php/Iptables">iptables</a> - an <a href="https://wiki.archlinux.org/index.php/nftables">nftables</a>.</p> - - <p>To setup iptables rules a set of scripts is used, init script - <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> - loads set of rules from file /etc/iptables/net.v4 at boot time. - Start option "open" option allows everything to outside - and blocks everything from outside, "stop" will block and log - everything. Setup init script and rules ;</p> - - <pre> - # mkdir /etc/iptables - # cp core/conf/iptables/net.v4 /etc/iptables/ - # cp core/conf/rc.d/iptables /etc/rc.d/ - # chmod +x /etc/rc.d/iptables - </pre> - - <p>Change /etc/rc.conf and add iptables;</p> - - <pre> - SERVICES=(iptables lo net crond) - </pre> - - <p>See current rules and packets counts;</p> - - <pre> - # iptables -L -n -v | less - </pre> + and <a href="https://wiki.archlinux.org/index.php/nftables">nftables</a>.</p> <p>Diagram of a package route throw iptables;</p> @@ -286,74 +263,44 @@ -c, --set-counters packets bytes </pre> - <h3 id="ipt_server">2.3.3.1. Server iptables</h3> - - <p>Adjust <a href="scripts/iptables.sh">iptables.sh</a> with - your network configuration then run it;</p> - - <p>Default configuration;</p> + <p>See current rules and packets counts;</p> <pre> - server) - - echo "Setting server network..." - ####### Input Chain ###### - $IPT -A INPUT -j blocker - - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${DNS} -j cli_dns_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_https_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_ssh_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -s ${BR_NET} -j srv_git_in - $IPT -A INPUT -i ${PUB_IF} -d ${PUB_IP} -j cli_https_in - - ####### Output Chain ###### - $IPT -A OUTPUT -j blocker - - $IPT -A OUTPUT -o ${PUB_IF} -d ${DNS} -s ${PUB_IP} -j cli_dns_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_https_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_ssh_out - $IPT -A OUTPUT -o ${PUB_IF} -d ${BR_NET} -s ${PUB_IP} -j srv_git_out - $IPT -A OUTPUT -o ${PUB_IF} -s ${PUB_IP} -j cli_https_out + # iptables -L -n -v | less + </pre> - ## log everything else and drop - iptables_log + <h3 id="ipt_scripts">2.2.3.1. Iptable scripts</h3> - iptables-save > /etc/iptables/net.v4 - exit 0 + <p>Scripts help to setup iptables rules so they can be saved using iptables-save + and later restored using iptables-restore utilities. Init script + <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> + loads set of rules from /etc/iptables folder at boot time. + Start option "open" option allows everything to outside + and blocks new connections from outside, "stop" will block and log + everything.</p> - ;; - </pre> + <p>Setup init script and rules;</p> <pre> - # bash core/scripts/iptables.sh + # mkdir /etc/iptables + # cp core/conf/iptables/net.v4 /etc/iptables/ + # cp core/conf/rc.d/iptables /etc/rc.d/ + # chmod +x /etc/rc.d/iptables </pre> - <h3 id="ipt_client">2.3.3.2. Client iptables </h3> - - <p></p> - <h3 id="ipt_client">2.3.3.3. Bridge iptables</h3> + <p>Change /etc/rc.conf and add iptables;</p> <pre> - $IPT -A FORWARD -j blocker - $IPT -A FORWARD -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - $IPT -A FORWARD -o lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT - - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -d ${BR_NET} -j srv_ssh_in - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_ssh_out - - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_https_in - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_https_out - - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_rip + SERVICES=(iptables lo net crond) + </pre> - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j srv_dhcp - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j srv_dhcp + <p>Change <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> and define type; server, bridge or open.</p> - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in tap2 --physdev-out ${PUB_IF} -j cli_https_out - $IPT -A FORWARD -i ${BR_IF} -o ${BR_IF} -m physdev --physdev-in ${PUB_IF} --physdev-out tap2 -j cli_https_in - <pre> + <p>Adjust <a href="conf/ipt-conf.sh">/etc/iptables/ipt-conf.sh</a> + with your network configuration, and adjust + <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a>, <a href="conf/ipt-bridge.sh">/etc/iptables/ipt-bridge.sh</a>, <a href="conf/ipt-open.sh">/etc/iptables/ipt-open.sh</a> according with host necessities.</p> - <h2 id="wpa">2.3.4. Wpa and dhcpd</h2> + <h2 id="wpa">2.2.4. Wpa and dhcpd</h2> <p>There is more information on <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a> and @@ -371,7 +318,7 @@ # iwconfig wlp2s0 essid NAME key s:ABCDE12345 </pre> - <h3>2.3.4.1. Wpa Supplicant</h3> + <h3>2.2.4.1. Wpa Supplicant</h3> <p>Configure wpa supplicant edit;</p> @@ -401,7 +348,7 @@ init script to auto load wpa configuration and dhcp client.</p> - <h3>2.3.4.2. Wpa Cli</h3> + <h3>2.2.4.2. Wpa Cli</h3> <pre> # wpa_cli @@ -440,11 +387,39 @@ > save_config </pre> + <h2 id="nm">2.2.5. Network Manager</h2> + + <p>Wifi status;</p> + + <pre> + $ nmcli radio wifi + $ nmcli radio wifi on + </pre> + + <p>List wifi networks;</p> + + <pre> + $ nmcli device wifi rescan + $ nmcli device wifi list + </pre> + + <p>Connect to a wifi network;</p> + + <pre> + $ nmcli device wifi connect "network name" password "network password" + </pre> + + <p>Edit and save network configuration;</p> + + <pre> + $ nmcli connection edit "network name" + nmcli> save persistent + </pre> <a href="index.html">Core OS Index</a> <p> This is part of the Hive System Documentation. - Copyright (C) 2018 + Copyright (C) 2019 Hive Team. See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> for copying conditions.</p> |