Bering-uClibc 7.x - User Guide - IPv4 Networking - Internal Network Connections

From bering-uClibc
Revision as of 18:20, 24 October 2020 by Jeanrocco (Talk | contribs) (Created page with "{| summary="Navigation header" width="100%" ! colspan="3" align="center" | Bering-uClibc 7.x - User Guide - IPv4 Networking - Internal Network Connections|IPv4 Networking -...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
IPv4 Networking - Internal Network Connections
Prev Bering-uClibc 7.x - User Guide Next


Network Configuration menu

You are now going to declare your network configuration through the Network configuration menu.

Important: If you want to permanently change any of the following parameters, do not forget to backup your configuration!

Through the LEAF configuration menu type 1 to access to the Network configuration menu:

                        Network configuration menu

        1) interfaces file                   (/etc/network/interfaces)
        2) hosts IP addresses                (/etc/hosts)
        3) hostname                          (/etc/hostname)
        4) resolv.conf                       (/etc/resolv.conf)
        5) super server daemon configuration (/etc/inetd.conf)
        6) hosts.allow                       (/etc/hosts.allow)
        7) hosts.deny                        (/etc/hosts.deny)
        8) networks                          (/etc/networks)

  q) quit
  ----------------------------------------------------------------------------
        Selection:

interfaces file (/etc/network/interfaces)

By default, the LEAF Bering-uClibc firewall uses eth0 as the external interface with a dynamic IP provided by dhcpcd.lrp and eth1 as the internal interface at address 192.168.1.254.

Select 1) interfaces file to modify those settings.

Typical LEAF configurations are provided in the interfaces file, simply uncomment what you need and comment (#) what you will not need!

Check the Debian interfaces man pages for /etc/network/interfaces.

The network configuration is activated in the /etc/init.d/networking script through the ifupdown functions.

Bering(-uClibc) essentially uses Debian style network configs, so the docs from them are quite helpful: http://www.debian.org/doc/manuals/reference/ch05.en.html#_the_basic_network_configuration_with_ifupdown_legacy

Important: Be sure that any interface change is reflected in your firewall configuration (step 6 below). Adjust Shorewall params file accordingly!

hosts IP addresses (/etc/hosts)

The /etc/hosts file is where you put the name and IP address of local hosts. If you place a host in this file, then you do not need to query the domain name server to get its IP Address. The disadvantage of doing this is that if the IP address for that host changes, you must keep this file up to date yourself. In a well managed system, the only hostnames that usually appear in this file are an entry for the loopback interface, and also the local hosts name. By default:

127.0.0.1 localhost
192.168.1.254 firewall

Important: Do not forget to declare the internal address(es) of a ssh client in this file if you want to connect quickly to your firewall machine!

hostname (/etc/hostname)

By default, the name of your machine is:

firewall

resolv.conf (/etc/resolv.conf)

The /etc/resolv.conf file is the main configuration file for DNS resolution. Its format is quite simple. It is a text file that has one keyword per line. There are three keywords typically used by the file. These keywords are:

  • domain: This keyword specifies the local domain name
  • search: This keyword specifies a list of alternate domain names to search for a hostname
  • name server: This keyword, which may be used many times, specifies an IP address of a domain name server to query when resolving names

By default this file is set to:

nameserver 127.0.0.1
nameserver 192.168.1.254

You should not need to change it. The file, by default, shows the address of the local DNS server (192.168.1.254) provided by dnsmasq. dhcpcd won't override the address unless you implicitly allow it. Check the dhcpcd documentation below if you want to change that.

Super server daemon configuration (/etc/inetd.conf)

The /etc/inetd.conf file is the configuration file for the inetd server daemon. Its function is to tell inetd what to do when it receives a connection request for a particular service. For each service that you wish to accept connections, you must tell inetd what network server daemon to run (and how to run it).

Its format is also fairly simple. It is a text file with each line describing a service that you wish to provide. Any text in a line following a `#' is both ignored, and it is considered a comment. Each line contains seven fields separated by any number of whitespace (tab or space) characters.

hosts.allow (/etc/hosts.allow)

The /etc/hosts.allow file is a configuration file for the /usr/sbin/tcpd program. The hosts.allow file contains rules describing which hosts are allowed access to a service on your machine.

 # /etc/hosts.allow: list of hosts that are allowed to access the system.  See
 #                   hosts_access(5) and /usr/doc/net/portmapper.txt
 #
 # Example:    ALL: LOCAL @some_netgroup
 #             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
 #
 # Allow anything from the local net
 ALL: 192.168.1.0/255.255.255.0

Any host from the internal network in the 192.168.1.0/24 IP range will be allowed to access to ssh, www and stat through inetd.

hosts.deny (/etc/hosts.deny)

The /etc/hosts.deny file is a configuration file for the /usr/sbin/tcpd program. The hosts.deny file contains entries for the rules defining which hosts will NOT be allowed access to a service on your machine.

The default in LEAF is:

 # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
 #                  See hosts_access(5) and /usr/doc/net/portmapper.txt
 #
 # Example:    ALL: some.host.name, .some.domain
 #             ALL EXCEPT in.fingerd: other.host.name, .other.domain
 #
 # The PARANOID wildcard matches any host whose name does not match its
 # address.
 ALL: PARANOID
 # Prevent all access not explicitly allowed in hosts.allow
 ALL: ALL

network (/etc/network)

The /etc/networks file has a similar function to that of the /etc/hosts file.This file provides a simple database of network names against network addresses. Its format differs in that there may be only two fields per line, and that the fields are coded as:

The default in LEAF is:

localnet        127.0.0.0

system variables (/etc/sysctl.conf), in System Configuration menu

Default variables in this file are the following:

 # ip_forward
 #net.ipv4.ip_forward=1
 #
 # ipv6_forward
 #net.ipv6.conf.all.forwarding=1
 #
 # spoofprotect
 net.ipv4.conf.default.rp_filter=1
 net.ipv4.conf.all.rp_filter=1
 #
 # syncookies
 #net.ipv4.tcp_syncookies=1

These are default variables generally acceptable. The ip_forward variable is set back to true by Shorewall - so if you do not use Shorewall and want to enable IPv4 forwarding you will have to uncomment this variable. The ipv6_forward variable is set back to true by Shorewall6 - so if you do not use Shorewall6 and want to enable IPv6 forwarding you will have to uncomment this variable.



Prev Up Next