lunar networking howto
Bachman Kharazmi
bkw at lindesign.se
Thu Apr 1 18:37:15 GMT 2004
I'am writing 'Lunar Linux networking howto' right now. I've those sections in the doc.
Table of Contents
1. How can I help?
2. How to use this HOWTO
3. Supported hardware
3.1. Fast Ethernet 10/100Mbit nics
3.2. Wireless IEEE 802.11b/g nics
4. Configure Lunar-Linux in existing network
4.1 Dynamic configuration
4.2 Static configuration
4.3 Dialup
4.4 WLAN
5. IPV6
5.1 Kernel
6. Basic services
6.1. FTP
6.2. NFS
6.3. Samba
I would like to ask if somebody with experience in WLAN+lunar could write section 4.4. Nestu will write the DIALUP since he is the only one I know on dialup running lunar.
I've not finished the doc yet, anyhow I'll attach it as txt file written in emacs. If possible, keep the comments till I'am done with the howto. thanks.
/bkw
--
#################################
# BKW - Bachman Kharazmi #
# cellphone: +46 707 310 886 #
# bkw at lindesign.se #
# uin: #24089491 #
# LUND - SWEDEN #
#################################
-------------- next part --------------
Lunar-Linux Networking HOWTO
version 0.1
Last update: 2004-03-23
Bachman Kharazmi
Copyright © 2004
Table of Contents
1. How can I help?
2. How to use this HOWTO
3. Supported hardware
3.1. Fast Ethernet 10/100Mbit nics
3.2. Wireless IEEE 802.11b/g nics
4. Configure Lunar-Linux in existing network
4.1 Dynamic configuration
4.2 Static configuration
4.3 Dialup
4.4 WLAN
5. IPV6
5.1 Kernel
6. Basic services
6.1. FTP
6.2. NFS
6.3. Samba
7. Resources and Credits
8. Copyright
-----------------------------------------------------------
2. How to use this HOWTO - Lunar Networking howto
Everything are not covered in this howto. Please also read the main documentation that will include more details. Links to main docs can be found after 'Link:' in each section.Before compiles make sure you've the latest modules, (lin moonbase/theedge).
-------------------------------------------------------------------------------------------------
3.1 Supported Ethernet Cards - Lunar Networking howto
3Com
* 3Com 3c501 - (3c501 driver)
* 3Com 3c503 (3c503 driver), 3c505 (3c505 driver), 3c507 (3c507 driver), 3c509/3c509B (ISA) / 3c579 (EISA)
* 3Com Etherlink III Vortex Ethercards (3c590, 3c592, 3c595, 3c597) (PCI)
* 3Com Etherlink XL Boomerang (3c900, 3c905) (PCI) and Cyclone (3c905B, 3c980) Ethercards (3c59x driver)
* 3Com Fast EtherLink Ethercard (3c515) (ISA) (3c515 driver)
* 3Com 3ccfe575 Cyclone Cardbus (3c59x driver)
* 3Com 3c575 series Cardbus (3c59x driver) (ALL PCMCIA ??)
AMD, ATT, Allied Telesis, Ansel, Apricot
* AMD LANCE (79C960) / PCnet-ISA/PCI (AT1500, HP J2405A, NE1500/NE2100)
* ATT GIS WaveLAN
* Allied Telesis AT1700
* Allied Telesis LA100PCI-T
* Allied Telesyn AT2400T/BT ("ne" module)
* Ansel Communications AC3200 (EISA)
* Apricot Xen-II / 82596
Cabletron, Cogent, Crystal Lan
* Cabletron E21xx
* Cogent EM110
* Crystal Lan CS8920, Cs8900
Danpex, DEC, Digi, DLink
* Danpex EN-9400
* DEC DE425 (EISA) / DE434/DE435 (PCI) / DE450/DE500 (DE4x5 driver)
* DEC DE450/DE500-XA (dc21x4x) (Tulip driver)
* DEC DEPCA and EtherWORKS
* DEC EtherWORKS 3 (DE203, DE204, DE205)
* DECchip DC21x4x "Tulip"
* DEC QSilver's (Tulip driver)
* Digi International RightSwitch
* DLink DE-220P, DE-528CT, DE-530+, DFE-500TX, DFE-530TX
Fujitsu, HP, ICL, Intel
* Fujitsu FMV-181/182/183/184
* HP PCLAN (27245 and 27xxx series)
* HP PCLAN PLUS (27247B and 27252A)
* HP 10/100VG PCLAN (J2577, J2573, 27248B, J2585) (ISA/EISA/PCI)
* ICL EtherTeam 16i / 32 (EISA)
* Intel EtherExpress
* Intel EtherExpress Pro
KTI, Macromate, NCR NE2000/1000, Netgear, New Media
* KTI ET16/P-D2, ET16/P-DC ISA (work jumperless andjumper lessware-configuration options)
* Macromate MN-220P (PnP or NE2000 mode)
* NCR WaveLAN
* NE2000/NE1000
* Netgear FA-310TX (Tulip chip)
* New Media Ethernet
PureData, SEEQ, SMC
* PureData PDUC8028, PDI8023
* SEEQ 8005
* SMC Ultra / EtherEZ (ISA)
* SMC 9000 series
* SMC PCI EtherPower 10/100 (DEC Tulip driver)
* SMC EtherPower II (epic100.c driver)
Sun Lance, Sun Intel, Schneider, WD, Zenith, IBM, Enyx
* Sun LANCE adapters (kernel 2.2 and newer)
* Sun Intel adapters (kernel 2.2 and newer)
* Schneider and Koch G16
* Western Digital WD80x3
* Zenith Z-Note / IBM ThinkPad 300 built-in adapter
* Znyx 312 etherarray (Tulip driver)
--------------------------------------------------------------------------------------------------------------------
3.2 Supported Wireless cards - Lunar Networking howto
Please visit http://www.linux-wlan.org/docs/wlan_adapters.html.gz for a regulary updated list of supported wlan nics.
---------------------------------------------------------------------------------------------------------------------
6. Basic Services - Lunar Networking howto
Why?
There are several reasons including this section. Ftp, nfs and samba are common services people wanna use. Quick transfer methods that are simple to configure even for a newbie :P We will only show how to compile, _configure_ and run these daemons. Example confs will also available at the end of each section. This section won't cover the client usage.
What ?
There're tons of ftp server flavours. In this howto we'll explain one of them. The one we prefer best. Let's get started with vsftpd.
6.1 FTP
Description:
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable.
Link:
http://vsftpd.beasts.org/
Definitions.
o Short for File Transfer Protocol, the protocol used on the Internet for exchanging files.
Mostly used for upload or download files to a server. FTP is a protocol in the Internet protocol suite, findout more about OSI layers here
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ip.htm#13851
o Install and configuration.
Make sure there's no ftpd already running. If there's a ftpd running. Stop it by using the init.d script.
bkw at venus ~ $ ps ax | grep ftp
o OK, no ftpd runnning. Become root now. Keep in mind which version you're compiling so you can findout if there're reported bugs already. Answer the questions so they suit your needs, if unsure do as us. We choose the standalone mode here.
bkw at venus ~ $ su -
Password:
root at venus ~ # lvu version vsftpd
1.2.1
root at venus ~ # lin vsftpd
mod_v = mod= vsftpd
vsftpd: Invoke ftp via xinetd? [y]n
Downloading source file vsftpd-1.2.1.tar.gz for module vsftpd
--15:39:03-- ftp://vsftpd.beasts.org/users/cevans/vsftpd-1.2.1.tar.gz
=> `vsftpd-1.2.1.tar.gz'
Resolving vsftpd.beasts.org... 195.82.107.246
Connecting to vsftpd.beasts.org[195.82.107.246]:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD /users/cevans ... done.
==> SIZE vsftpd-1.2.1.tar.gz ... done.
==> PORT ... done. ==> REST 36200 ... done.
==> RETR vsftpd-1.2.1.tar.gz ... done.
Length: 136,041 [99,841 to go]
89% [++++++++++++++++++++++++++++++++++++++++++++=========================================>] 100%
o Configure and compile starts. This should just work flawless. When done the output bellow should appear.
Creating /var/log/lunar/compile/vsftpd-1.2.1.bz2
Creating /var/log/lunar/install/vsftpd-1.2.1
Creating /var/log/lunar/md5sum/vsftpd-1.2.1
Creating /var/cache/lunar/vsftpd-1.2.1-i686-pc-linux-gnu.tar.bz2
root at venus ~ #
o Edit /etc/vsftpd.conf.
o /etc/vsftpd.conf example.
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you
#will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do
#ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote
#parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may
#wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses.
#Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror"
#assume
# the presence of the "-R" option, so there is a strong case for enabling
#it.
#ls_recurse_enable=YES
listen=YES
chroot_local_user=YES
--------------------------------------------------------------------------------------
o Starting the ftpd.
root at venus ~ # vsftpd /etc/vsftpd.conf &
[1] 31087
root at venus ~ # ps ax | grep vsftpd
31087 pts/0 S 0:00 vsftpd /etc/vsftpd.conf
o OK, ftpd listen to p21. Now add 'vsftpd /etc/vsftpd.conf &' to /etc/init.d/bootmisc if you want vsftpd startup at boot.
o DONE
----------------------------------------------------------------------------------------
6.3 Samba
Description:
SMB server to provide Windows NT and LAN manager-style file and print services to SMB clients such as Windows. A NetBIOS nameserver which can provide browsing support. A ftp-like SMB client for accessing PC resources from Unix.
Links:
http://www.samba.org
http://fi.samba.org/samba/docs/man/
Definitions.
o SMB (Server Message Block)
This is an older, generic protocol for sharing files, printers, serial ports and communications abstractions such as named pipes and mail slots between computers.
Microsoft implements their own form of the SMB Protocol, to provide file and printer sharing in all versions of Windows.
o CIFS (Common Internet File System)
This is the new name for SMB. Around 1996, Microsoft apparently decided that SMB needed the word "Internet" in it, so they changed it to CIFS. CIFS provides better
interoperability with newer servers including Windows Server 2003 and CIFS-based NAS appliances, is optimized for the current versions of the SMB/CIFS protocol and has
better POSIX file I/O semantics. CIFS is built in to the Linux 2.6 kernel and is available currently as a patch for the 2.4 kernel.
o Marshalling
This means to take variable data, serialize (i.e., place in order) it, and send it in transmittable form across a network or to a file. Unmarshalling is the reverse
process. In DCE/RPC terminology, marshaling and unmarshalling refers to the flattening and unpacking of a data stream between a client and server. These two terms show
up a lot when debugging with the Samba logfile.
o NetBIOS (Network Basic Input/Output System)
This is standard, not a protocol. It can help to think of this in comparison your computer's BIOS -- it controls the essential functions of your input/output hardware
- whereas NetBIOS controls the essential functions of your input/output traffic via the network.Again, this is a bit of an exaggeration but it should help that paradigm shift. What is important to realize is that NetBIOS is a transport standard, not a protocol. Unfortunately, even technically brilliant people tend to interchange
NetBIOS with terms like NetBEUI without a second thought; this will cause no end (and no doubt) of confusion.
o NetBEUI (NetBIOS Extended User Interface)
This is a protocol, not a standard. It is also not routable, so traffic on one side of a router will be unable to communicate with the other side.Understanding NetBEUI
is not essential to deciphering SMB; however it helps to point out that it is not the same as NetBIOS and to improve your score in trivia at parties. NetBEUI was
originally referred to by Microsoft as "NBF", or "The Windows NT NetBEUI Frame protocol driver". It is not often heard from these days and, contrary to popular belief,
is not required for using TCP/IP.
o NBT (NetBIOS over TCP)
This allows the continued use of NetBIOS traffic over TCP/IP. As a result, NetBIOS names are made to IP addresses and NetBIOS name types are conceptually equivalent to
TCP/IP ports. This is how file and printer sharing are accomplished in Windows 95/98/ME. They traditionally rely on three ports: NetBIOS Name Service (nbname) via UDP
port 137, NetBIOS Datagram Service (nbdatagram) via UDP port 138, and NetBIOS Session Service (nbsession) via TCP port 139. All name resolution is done via WINS,
NetBIOS broadcasts, and DNS. NetBIOS over TCP is documented in RFC 1001 (Concepts and methods) and RFC 1002 (Detailed specifications).
o SWAT
SWAT is a Web-based interface that can be used to facilitate the configuration of Samba.
o Install and configuration.
o Become root. Findout the current version and lin the module.
bkw at venus ~ $ su -
Password:
root at venus ~ # lvu version samba
3.0.2a
o We want smbd, nmbd and swat started at boot or invoked by xinetd for several reasons. Please read the definitions and choose the options that fit your needs.
WARNING! Keep in mind that the services open ports. Make them accessable for the internal network in your firewall.
root at venus ~ # lin samba
mod_v = mod= samba
samba: Invoke netbios-ns via xinetd? [y] n
samba: Invoke netbios-ssn via xinetd? [y] n
samba: Invoke swat via xinetd? [y]
samba: Invoke nmbd via init.d automatically at boot ? [y]
samba: Invoke smbd via init.d automatically at boot ? [y]
Checking dependencies for samba
samba: Use optional (presently installed) module openssl
dependency - purpose: for encrypted communication? [y]
mod_v = mod= openssl
Checking dependencies for openssl
samba: Use optional (presently installed) module cups
dependency - purpose: for CUPS printing support? [y]
mod_v = mod= cups
Checking dependencies for cups
Building samba
Downloading source file samba-3.0.2a.tar.bz2 for module samba
--22:48:23-- http://us1.samba.org/samba/ftp/samba-3.0.2a.tar.bz2
=> `samba-3.0.2a.tar.bz2'
Resolving us1.samba.org... 216.251.47.16
Connecting to us1.samba.org[216.251.47.16]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9,289,178 [application/x-bzip2]
14% [=======================> ] 1,371,456 315.39K/s ETA 00:29
*COMPILING*
Stopping xinetd: not running [ WARN ]
Starting xinetd: [PID] [ OK ]
Stopping nmbd: not running [ WARN ]
Starting nmbd: [PID] [ OK ]
Stopping smbd: not running [ WARN ]
Starting smbd: [PID] [ OK ]
Creating /var/log/lunar/compile/samba-3.0.2a.bz2
Creating /var/log/lunar/install/samba-3.0.2a
Creating /var/log/lunar/md5sum/samba-3.0.2a
Creating /var/cache/lunar/samba-3.0.2a-i686-pc-linux-gnu.tar.bz2
root at venus ~ #
o Now you need to configure samba. Type: "http://127.0.0.1:901" in your browser and you'll get a auth box. Fill in root as username and then root's passwd in the correct field
You should now be in swat samba configurators web interface. We won't explain every setting. There're help in the iface even. Do not forget to restart in 'status' when
you're done with the configuration. If you'll use our config, make sure you change all the paths and the network settings also. Since the security level is 'user' you must
add users. See 'man smbpasswd'.
o smb.conf example
# Samba config file
# from localhost.localdomain (127.0.0.1)
# Date: 2004/03/30 20:57:19
# Global parameters
[global]
workgroup = quake
server string = Samba Server %v
interfaces = 192.168.1.1/24 127.0.0.1/24
bind interfaces only = Yes
security = user
encrypt passwords = Yes
#update encrypted = Yes
smb passwd file = /etc/samba/smbpasswd
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = lpstat
dns proxy = No
printing = cups
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
hosts allow = 127. 192.168.1.
hosts deny = *
[homes]
comment = Home Directories
read only = Yes
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr-cups -P %p -o raw %s -r
lpq command = lpstat -o %p
lprm command = cancel %p-%j
browseable = No
[music]
comment = music from linux boxen
path = /home/f00/mymusic
read only = Yes
[pub]
comment = share for the subnet on linux boxen
path = /mnt/extra/tmp
writable = Yes
[dvd]
comment = dvd drive on linux boxen
writable = No
locking = No
path = /mnt/cdrom2
#root preexec = /bin/mount /mnt/cdrom
#root postexec = /bin/umount /mnt/cdrom
----------------------------------------------------------------------------------
o DONE
More information about the Lunar
mailing list