Update of /cvsroot/leaf/doc/guide/install-bering-uclibc
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18765
Modified Files:
bookinfo.xml buci-network.xml
Log Message:
reworked "configure network" chapter with Jacques original doc.
Index: bookinfo.xml
===================================================================
RCS file: /cvsroot/leaf/doc/guide/install-bering-uclibc/bookinfo.xml,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** bookinfo.xml 20 Jul 2004 19:31:04 -0000 1.6
--- bookinfo.xml 4 Aug 2004 18:59:15 -0000 1.7
***************
*** 20,27 ****
></authorgroup
><pubdate
! >2004-07-20</pubdate
><revhistory
><revision
><revnumber
>0.4</revnumber
><date
--- 20,37 ----
></authorgroup
><pubdate
! >2004-08-04</pubdate
><revhistory
><revision
><revnumber
+ >0.5</revnumber
+ ><date
+ >2004-08-04</date
+ ><authorinitials
+ >kp</authorinitials
+ ><revremark
+ >network chpt rewritten - originally written by Jacques Nilo </revremark
+ ></revision
+ ><revision
+ ><revnumber
>0.4</revnumber
><date
***************
*** 30,34 ****
>kp</authorinitials
><revremark
! >some more chapters added - originally written by Jacques Nilo </revremark
></revision
><revision
--- 40,44 ----
>kp</authorinitials
><revremark
! >some more chapters added - originally written by Jacques Nilo </revremark
></revision
><revision
Index: buci-network.xml
===================================================================
RCS file: /cvsroot/leaf/doc/guide/install-bering-uclibc/buci-network.xml,v
retrieving revision 1.1
retrieving revision 1.2
diff -C2 -d -r1.1 -r1.2
*** buci-network.xml 12 Nov 2003 17:47:22 -0000 1.1
--- buci-network.xml 4 Aug 2004 18:59:15 -0000 1.2
***************
*** 1,48 ****
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="buci-network">
! <chapterinfo>
! <authorgroup>
! <author>
! <firstname>K.-P.</firstname>
! <surname>Kirchdörfer</surname>
! <affiliation>
! <address><email>kapeka at user.sourceforge.net</email></address>
! </affiliation>
! </author>
! </authorgroup>
! <revhistory>
! <revision>
! <revnumber>0.1</revnumber>
! <date>2003-11-12</date>
! <authorinitials>kp</authorinitials>
! <revremark>Initial version</revremark>
! </revision>
! </revhistory>
! </chapterinfo>
! <title>New entry in /etc/network/options</title>
! <para>The <filename>/etc/network/options</filename> file has an additional
! entry to support ipv6.</para>
! <para>Default variables in this file are the following:</para>
! <para><programlisting>ip_forward=no
ipv6_forward=no
spoofprotect=yes
syncookies=no</programlisting></para>
! <para>These are default variables generally acceptable. The ip_forward
! variable is set back to yes by Shorewall - so if you do not use Shorewall
! and want to enable ip forwarding you will have to set this variable to yes.</para>
! <para>The ipv6_forward variable is set back to yes by 6wall - so if you do
! not use 6wall and want to enable ipv6 forwarding you will have to set this
! variable to yes.</para>
</chapter>
\ No newline at end of file
--- 1,243 ----
<?xml version="1.0" encoding="UTF-8"?>
<chapter id="buci-network">
! <title>Configure your network</title>
! <para>You are now going to declare your network configuration through the
! Network configuration menu.</para>
! <important>
! <para>If you want to permanently change any of the following parameters,
! do not forget to backup etc.lrp !</para>
! </important>
! <para>Through the LEAF configuration menu type 1 to access to the Network
! configuration menu:</para>
! <screen>
! Network configuration menu
! 1) interfaces file (/etc/network/interfaces)
! 2) network options file (/etc/network/options)
! 3) hosts IP addresses (/etc/hosts)
! 4) hostname (/etc/hostname)
! 5) resolv.conf (/etc/resolv.conf)
! 6) super server daemon configuration (/etc/inetd.conf)
! 7) hosts.allow (/etc/hosts.allow)
! 8) hosts.deny (/etc/hosts.deny)
! 9) networks (/etc/networks)
! q) quit
! ----------------------------------------------------------------------------
! Selection:</screen>
! <section>
! <title>interfaces file (<filename>/etc/network/interfaces</filename>)</title>
! <para>By default, the LEAF Bering-uClibc firewall uses eth0 as the
! external interface with a dynamic IP provided by dhcpcd.lrp and eth1 as
! the internal interface at address 192.168.1.254.</para>
! <para>Edit 1) interfaces to modify those settings.</para>
!
! <para>Typical LEAF configurations are provided in the
! <filename>interfaces</filename> file, simply uncomment what you need and
! comment (#) what you will not need!</para>
!
! <para>Check the <ulink
! url="http://leaf.sf.net/devel/jnilo/manpages/interfaces.html";>interfaces</ulink>
! man pages or the Debian network interfaces <ulink
!
url="http://leaf.sf.net/devel/jnilo/manpages/interfaces_network.examples";>examples</ulink>
! for more complicated setup.</para>
!
! <para>The network configuration is activated in the
<filename>/etc/init.d/networking</filename>
! script through the <ulink
! url="http://leaf.sf.net/devel/jnilo/manpages/ifup.html";>ifupdown</ulink>
! functions.</para>
!
! <para>Once your interfaces are configured, remember to save and backup the
! etc.lrp package !</para>
!
! <important>
! <para>Be sure that any interface change is reflected in your firewall
! configuration (step 6 below). Adjust Shorewall params file accordingly !</para>
! </important>
! </section>
!
! <section>
! <title>network options file (<filename>/etc/network/options</filename>)</title>
!
! <para>Default variables in this file are the following:</para>
!
! <para><programlisting>ip_forward=no
ipv6_forward=no
spoofprotect=yes
syncookies=no</programlisting></para>
! <para>These are default variables generally acceptable. The ip_forward
! variable is set back to yes by Shorewall - so if you do not use Shorewall
! and want to enable ip forwarding you will have to set this variable to
! yes.</para>
! <para>The ipv6_forward variable is set back to yes by 6wall - so if you do
! not use 6wall and want to enable ipv6 forwarding you will have to set this
! variable to yes.</para>
! </section>
!
! <section>
! <title>hosts IP addresses (<filename>/etc/hosts</filename>)</title>
!
! <para>The <filename>/etc/hosts</filename> file is where you put the name
! and IP address of local hosts. If you place a host in this file, then you
! do not need to query the domain name server to get its IP Address. The
! disadvantage of doing this is that if the IP address for that host
! changes, you must keep this file up to date yourself . In a well managed
! system, the only hostnames that usually appear in this file are an entry
! for the loopback interface, and also the local hosts name. By default:</para>
!
! <screen>127.0.0.1 localhost
! 192.168.1.254 firewall</screen>
!
! <important>
! <para>Do not forget to declare the internal address(es) of a ssh client
! in this file if you want to connect quickly to your firewall machine!</para>
! </important>
! </section>
!
! <section>
! <title>hostname (<filename>/etc/hostname</filename>)</title>
!
! <para>By default, the name of your machine is:</para>
!
! <screen>firewall</screen>
! </section>
!
! <section>
! <title>resolv.conf (<filename>/etc/resolv.conf</filename>)</title>
!
! <para>The <filename>/etc/resolv.conf</filename> file is the main
! configuration file for DNS resolution. Its format is quite simple. It is a
! text file that has one keyword per line. There are three keywords
! typically used by the file. These keywords are:</para>
!
! <itemizedlist>
! <listitem>
! <para><emphasis>domain</emphasis>: This keyword specifies the local
! domain name</para>
! </listitem>
!
! <listitem>
! <para><emphasis>search</emphasis>: This keyword specifies a list of
! alternate domain names to search for a hostname</para>
! </listitem>
!
! <listitem>
! <para><emphasis>name server</emphasis>: This keyword, which may be
! used many times, specifies an IP address of a domain name server to
! query when resolving names</para>
! </listitem>
! </itemizedlist>
!
! <para>By default this file is set to:</para>
!
! <screen>nameserver 127.0.0.1
! nameserver 192.168.1.254</screen>
!
! <para>You should not need to change it. The file, by default, shows the
! address of the local DNS server (192.168.1.254) provided by dnsmasq.
! dhcpcd won't override the address unless you implicitly allow it.
! Check the dhcpcd documentation below if you want to change that.</para>
! </section>
!
! <section>
! <title>Super server daemon configuration
(<filename>/etc/inetd.conf</filename>)</title>
!
! <para>The <filename>/etc/inetd.conf</filename> file is the configuration
! file for the inetd server daemon. Its function is to tell inetd what to do
! when it receives a connection request for a particular service. For each
! service that you wish to accept connections, you must tell inetd what
! network server daemon to run (and how to run it).</para>
!
! <para>Its format is also fairly simple. It is a text file with each line
! describing a service that you wish to provide. Any text in a line
! following a `#' is both ignored, and it is considered a comment. Each
! line contains seven fields separated by any number of whitespace (tab or
! space) characters.</para>
!
! <para>By default the three following services are open through inetd:</para>
!
! <screen>ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd
-i
! www stream tcp nowait sh-httpd /usr/sbin/tcpd /usr/sbin/sh-httpd
! stat stream tcp nowait root /usr/sbin/tcpd /usr/sbin/stat.sh</screen>
! </section>
!
! <section>
! <title>hosts.allow (<filename>/etc/hosts.allow</filename>)</title>
!
! <para>The <filename>/etc/hosts.allow</filename> file is a configuration
! file for the <filename>/usr/sbin/tcpd</filename> program. The
! <filename>hosts.allow</filename> file contains rules describing which
! hosts are allowed access to a service on your machine.</para>
!
! <para>The default for LEAF is:</para>
!
! <screen># /etc/hosts.allow: list of hosts that are allowed to access the system.
See
! # hosts_access(5) and /usr/doc/net/portmapper.txt
! #
! # Example: ALL: LOCAL @some_netgroup
! # ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
! #
! # Allow anything from the local net
! ALL: 192.168.1.0/255.255.255.0</screen>
!
! <para>Any host from the internal network in the 192.168.1.0/24 IP range
! will be allowed to access to ssh, www and stat through inetd.</para>
!
! <para>If you want that only 192.168.1.1 from your internal network can
! access to the firewall through ssh and weblet, you will have:</para>
!
! <screen>ssh: 192.168.1.1/255.255.255.255
! www: 192.168.1.1/255.255.255.255
! stat: 192.168.1.1/255.255.255.255</screen>
! </section>
!
! <section>
! <title>hosts.deny (<filename>/etc/hosts.deny</filename>)</title>
!
! <para>The <filename>/etc/hosts.deny</filename> file is a configuration
! file for the <filename>/usr/sbin/tcpd</filename> program. The
! <filename>hosts.deny</filename> file contains entries for the rules
! defining which hosts will NOT be allowed access to a service on your
! machine.</para>
!
! <para>The default in LEAF is:</para>
!
! <screen># /etc/hosts.deny: list of hosts that are _not_ allowed to access the
system.
! # See hosts_access(5) and /usr/doc/net/portmapper.txt
! #
! # Example: ALL: some.host.name, .some.domain
! # ALL EXCEPT in.fingerd: other.host.name, .other.domain
! #
! # The PARANOID wildcard matches any host whose name does not match its
! # address.
! ALL: PARANOID
! # Prevent all access not explicitly allowed in hosts.allow
! ALL: ALL
! </screen>
! </section>
!
! <section>
! <title>network (<filename>/etc/network</filename>)</title>
!
! <para>The <filename>/etc/networks</filename> file has a similar function
! to that of the <filename>/etc/hosts</filename> file.This file provides a
! simple database of network names against network addresses. Its format
! differs in that there may be only two fields per line, and that the fields
! are coded as:</para>
!
! <para>The default in LEAF is:</para>
!
! <screen>localnet 127.0.0.0
! </screen>
! </section>
</chapter>
\ No newline at end of file
-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
leaf-cvs-commits mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
