diff options
Diffstat (limited to 'core/network.html')
| -rw-r--r-- | core/network.html | 437 |
1 files changed, 0 insertions, 437 deletions
diff --git a/core/network.html b/core/network.html deleted file mode 100644 index 0d359f3..0000000 --- a/core/network.html +++ /dev/null @@ -1,437 +0,0 @@ -<!DOCTYPE html> -<html dir="ltr" lang="en"> - <head> - <meta charset='utf-8'> - <title>2.2. Network</title> - </head> - <body> - <a href="index.html">Core OS Index</a> - - <h1>2.2. Network</h1> - - <p>Operation of the network can be handle with init scripts or with - <a href="#nm">network manager</a>;</p> - - <dl> - <dt><a href="conf/rc.d/iptables">/etc/rc.d/iptables</a></dt> - <dd>Configure <a href="#iptables">iptables</a>, "start" option - loads set of rules from file /etc/iptables/(name).v4, "open" option - allows everything to outside and blocks everything from outside, - "stop" option will block and log everything.</dd> - <dt><a href="conf/rc.d/net">/etc/rc.d/net</a></dt> - <dd>Configure Ethernet interface with static or dynamic (dhcp) - IP, set default route and add default gateway.</dd> - <dt><a href="conf/rc.d/wlan">/etc/rc.d/wlan</a></dt> - <dd>Configure Wireless interface, launch wpa_supplicant to handle - wireless authenticationand dynamic (dhcp) - connection to router and add as default gateway.</dd> - <dt><a href="conf/rc.d/wlan">/etc/rc.d/networkmanager</a></dt> - <dd>Use network manager to handle connections.</dd> - </dl> - - <p>Choose wireless (wlan), cable network (net) or network manager in - <a href="conf/rc.conf">/etc/rc.conf</a> to handle configuration of the - network at startup, example using network manager;</p> - - <pre> - # - # /etc/rc.conf: system configuration - # - - FONT=default - KEYMAP=dvorak - TIMEZONE="Europe/Lisbon" - HOSTNAME=machine - SYSLOG=sysklogd - SERVICES=(lo iptables networkmanager crond) - - # End of file - </pre> - - <p>If is first boot after install configure iptables and one of above - described scripts then proceed to - <a href="package.html#sysup">update system.</a></p> - - <h2 id="resolv">2.2.1. Resolver</h2> - - <p>This example will use - <a href="http://www.chaoscomputerclub.de/en/censorship/dns-howto">Chaos Computer Club</a> - server, edit /etc/resolv.conf and make it immutable;</p> - - <pre> - # /etc/resolv.conf.head can replace this line - nameserver 2.2.73.91.35 - # /etc/resolv.conf.tail can replace this line - </pre> - - <pre> - # chattr +i /etc/resolv.conf - </pre> - - <h2 id="static">2.2.2. Static IP</h2> - - <p>Current example of <a href="conf/rc.d/net">/etc/rc.d/net</a>;</p> - - <pre> - Address: 192.168.0.1 11000000.10101000.00000000 .00000001 - Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000 - Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111 - => - Network: 192.168.0.0/24 11000000.10101000.00000000 .00000000 (Class C) - Broadcast: 192.168.0.255 11000000.10101000.00000000 .11111111 - HostMin: 192.168.0.1 11000000.10101000.00000000 .00000001 - HostMax: 192.168.0.254 11000000.10101000.00000000 .11111110 - Hosts/Net: 254 (Private Internet) - </pre> - - <p>Other IP class that can used for private network;</p> - - <pre> - Address: 10.0.0.1 00001010.00000000.00000000 .00000001 - Netmask: 255.255.255.0 = 24 11111111.11111111.11111111 .00000000 - Wildcard: 0.0.0.255 00000000.00000000.00000000 .11111111 - => - Network: 10.0.0.0/24 00001010.00000000.00000000 .00000000 (Class A) - Broadcast: 10.0.0.255 00001010.00000000.00000000 .11111111 - HostMin: 10.0.0.1 00001010.00000000.00000000 .00000001 - HostMax: 10.0.0.254 00001010.00000000.00000000 .11111110 - Hosts/Net: 254 (Private Internet) - </pre> - - <p>Manual configuring like net script;</p> - - <pre> - # DEV=enp8s0 - # ADDR=192.168.1.9 - # MASK=24 - # GW=192.168.1.254 - </pre> - - <pre> - # ip addr flush dev ${DEV} - # ip route flush dev ${DEV} - # ip addr add ${ADDR}/${MASK} dev ${DEV} broadcast + - # ip link set ${DEV} up - # ip route add default via ${GW} - </pre> - - <h2 id="iptables">2.2.3. Iptables</h2> - - <p>For more information about firewall systems read arch wiki - <a href="https://wiki.archlinux.org/index.php/Iptables">iptables</a> - and <a href="https://wiki.archlinux.org/index.php/nftables">nftables</a>.</p> - - <p>Diagram of a package route throw iptables;</p> - - <pre> - - XXXXXXXXXXXXXXXXX - XXXX Network XXXX - XXXXXXXXXXXXXXXXX - + - | - v - +-------------+ +------------------+ - |table: filter| >---+ | table: nat | - |chain: INPUT | | | chain: PREROUTING| - +-----+-------+ | +--------+---------+ - | | | - v | v - [local process] | **************** +--------------+ - | +---------+ Routing decision +------< |table: filter | - v **************** |chain: FORWARD| - **************** +------+-------+ - Routing decision | - **************** | - | | - v **************** | - +-------------+ +------< Routing decision >---------------+ - |table: nat | | **************** - |chain: OUTPUT| | + - +-----+-------+ | | - | | v - v | +-------------------+ - +--------------+ | | table: nat | - |table: filter | +----+ | chain: POSTROUTING| - |chain: OUTPUT | +--------+----------+ - +--------------+ | - v - XXXXXXXXXXXXXXXXX - XXXX Network XXXX - XXXXXXXXXXXXXXXXX - - </pre> - - <p>Command line usage;</p> - - <pre> - iptables [-t table] {-A|-C|-D} chain rule-specification - iptables [-t table] {-A|-C|-D} chain rule-specification - iptables [-t table] -I chain [rulenum] rule-specification - iptables [-t table] -R chain rulenum rule-specification - iptables [-t table] -D chain rulenum - iptables [-t table] -S [chain [rulenum]] - iptables [-t table] {-F|-L|-Z} [chain [rulenum]] [options...] - iptables [-t table] -N chain - iptables [-t table] -X [chain] - iptables [-t table] -P chain target - iptables [-t table] -E old-chain-name new-chain-name - rule-specification = [matches...] [target] - match = -m matchname [per-match-options] - </pre> - - <p>Targets, can be a user defined chain;</p> - - <pre> - ACCEPT - accepts the packet - DROP - drop the packet on the floor - QUEUE - packet will be stent to queue - RETURN - stop traversing this chain and - resume ate the next rule in the - previeus (calling) chain. - - if packet reach the end of the chain or - a target RETURN, default policy for that - chain is applayed. - </pre> - - <p>Target Extensions</p> - - <pre> - AUDIT - CHECKSUM - CLASSIFY - DNAT - DSCP - LOG - Torn on kernel logging, will print some - some information on all matching packets. - Log data can be read with dmesg or syslogd. - This is a non-terminating target and a rule - should be created with matching criteria. - - --log-level level - Level of logging (numeric or see sys- - log.conf(5) - - --log-prefix prefix - Prefix log messages with specified prefix - up to 29 chars log - - --log-uid - Log the userid of the process with gener- - ated the packet - NFLOG - This target pass the packet to loaded logging - backend to log the packet. One or more userspace - processes may subscribe to the group to receive - the packets. - - ULOG - This target provides userspace logging of maching - packets. One or more userspace processes may then - then subscribe to various multicast groups and - then receive the packets. - </pre> - - <p>Commands</p> - <pre> - -A, --append chain rule-specification - -C, --check chain rule-specification - -D, --delete chain rule-specification - -D, --delete chain rulenum - -I, --insert chain [rulenum] rule-specification - -R, --replace chain rulenum rule-specification - -L, --list [chain] - -P, --policy chain target - </pre> - - <p>Parameters</p> - <pre> - -p, --protocol protocol - tcp, udp, udplite, icmp, esp, ah, sctp, all - -s, --source address[/mask][,...] - -d, --destination address[/mask][,...] - -j, --jump target - -g, --goto chain - -i, --in-interface name - -o, --out-interface name - -f, --fragment - -m, --match options module-name - iptables can use extended packet matching - modules. - -c, --set-counters packets bytes - </pre> - - <p>See current rules and packets counts;</p> - - <pre> - # iptables -L -n -v | less - </pre> - - <h3 id="ipt_scripts">2.2.3.1. Iptable scripts</h3> - - <p>Scripts help to setup iptables rules so they can be saved using iptables-save - and later restored using iptables-restore utilities. Init script - <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> - loads set of rules from /etc/iptables folder at boot time. - Start option "open" option allows everything to outside - and blocks new connections from outside, "stop" will block and log - everything.</p> - - <p>Setup init script and rules;</p> - - <pre> - # mkdir /etc/iptables - # cp core/conf/iptables/*.sh /etc/iptables/ - # cp core/conf/rc.d/iptables /etc/rc.d/ - # chmod +x /etc/rc.d/iptables - </pre> - - <p>Change /etc/rc.conf and add iptables;</p> - - <pre> - SERVICES=(iptables lo net crond) - </pre> - - <p>Change <a href="conf/rc.d/iptables">/etc/rc.d/iptables</a> and define type; server, bridge or open.</p> - - <p>Adjust <a href="conf/ipt-conf.sh">/etc/iptables/ipt-conf.sh</a> - with your network configuration, and adjust - <a href="conf/ipt-server.sh">/etc/iptables/ipt-server.sh</a>, <a href="conf/ipt-bridge.sh">/etc/iptables/ipt-bridge.sh</a>, <a href="conf/ipt-open.sh">/etc/iptables/ipt-open.sh</a> according with host necessities.</p> - - <p>When is everything configured run script to load the rules and save them on /etc/iptables. Example for bridge setup;</p> - - <pre> - # cd /etc/iptables - # bash ipt-bridge.sh - </pre> - - <p>From now on use /etc/rc.d/iptables to start and stop.<p> - - <h2 id="wpa">2.2.4. Wpa and dhcpd</h2> - - <p>There is more information on - <a href="http://crux.nu/Wiki/WifiStartScripts">Wiki Wifi Start Scripts</a> and - see <a href="conf/rc.d/wlan">/etc/rc.d/wlan</a>. Manual or first time configuration;</p> - - <pre> - # ip link - </pre> - - <pre> - # iwlist wlp2s0 scan - </pre> - - <pre> - # iwconfig wlp2s0 essid NAME key s:ABCDE12345 - </pre> - - <h3>2.2.4.1. Wpa Supplicant</h3> - - <p>Configure wpa supplicant edit;</p> - - <pre> - # vim /etc/wpa_supplicant.conf - </pre> - - <pre> - ctrl_interface=/var/run/wpa_supplicant - update_config=1 - fast_reauth=1 - ap_scan=1 - </pre> - - <pre> - # wpa_passphrase <ssid> <password> >> /etc/wpa_supplicant.conf - </pre> - - <p>Now start wpa_supplicant with:</p> - - <pre> - # wpa_supplicant -B -i wlp2s0 -c /etc/wpa_supplicant.conf - Successfully initialized wpa_supplicant - </pre> - - <p>Use <a href="conf/rc.d/wlan">/etc/rc.d/wlan</a> - init script to auto load wpa configuration and dhcp - client.</p> - - <h3>2.2.4.2. Wpa Cli</h3> - - <pre> - # wpa_cli - > status - </pre> - - <pre> - > add_network - 3 - </pre> - - <pre> - > set_network 3 ssid "Crux-Network" - OK - </pre> - - <pre> - > set_network 3 psk "uber-secret-pass" - OK - </pre> - - <pre> - > enable_network 3 - OK - </pre> - - <pre> - > list_networks - </pre> - - <pre> - > select_network 3 - </pre> - - <pre> - > save_config - </pre> - - <h2 id="nm">2.2.5. Network Manager</h2> - - <p>Wifi status;</p> - - <pre> - $ nmcli radio wifi - $ nmcli radio wifi on - </pre> - - <p>List wifi networks;</p> - - <pre> - $ nmcli device wifi rescan - $ nmcli device wifi list - </pre> - - <p>Connect to a wifi network;</p> - - <pre> - $ nmcli device wifi connect "network name" password "network password" - </pre> - - <p>Edit and save network configuration;</p> - - <pre> - $ nmcli connection edit "network name" - nmcli> save persistent - </pre> - - <a href="index.html">Core OS Index</a> - <p> - This is part of the Tribu System Documentation. - Copyright (C) 2020 - Tribu Team. - See the file <a href="../fdl-1.3-standalone.html">Gnu Free Documentation License</a> - for copying conditions.</p> - - </body> -</html> |