Entajei loipon, mexri twra exete egkatasthsei to Linux ston H/Y, poy apotelei thn gateway sas. Mporei akomh kai na 'xete ry8misei mia apo tis kartes diktuoy sas, kai th sundesh me to Internet. Wstoso, 8' arxisoyme apo to mhden, kai 8a kanoyme sa na mhn egine kammia ru8mish.
Kante login ws root. Oles oi odhgies aytou toy keimenoy
proupo8etoyn oti exete kanei login ws root.
O pyrhnas toy Linux anaferetai stis duo ethernet kartes sas ws
eth0 kai eth1, ara me ton idio tropo 8' anaferomai ki
egw s' aytes eis to ejhs. To problhma, omws, einai oti den jeroyme poia
einai poia. Oriste enas "aplos" tropos na to broume, poy doyleuei
eggyhmena toylaxiston sto 50% twn periptwsewn : Balte ton H/Y sas
epanw sto grafeio me th motherboard se orizontia 8esh, kai na blepete to
pisw meros. (Sa na eprokeito na ton anoijete, kai na kanete kapoia ergasia
sto eswteriko toy.) H eth0 karta einai h pio aristera - isws na
8elete na shmeiwsete th 8esh ths me mia etiketa. Twra, shmeiwste s' ena
fullo xarti th marka kai to montelo kai ths eth0, kai ths
eth1.
Entajei, as doume twra an kai thn eth0 kai thn eth1
tis anagnwrizei aytomata o pyrhnas. Dwste : ifconfig eth0 kai :
ifconfig eth1. Kai stis duo periptwseis, an o pyrhnas anagnwrizei
thn antistoixh karta, prepei na deite ena mhnyma san to parakatw (me ta
noumera kai ta ypoloipa, bebaia, na einai diaforetika) :
eth0 Link encap: Ethernet HWaddr 00:60:67:4A:02:0A
inet addr:0.0.0.0 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:466 errors:0 dropped:0 overruns:0 frame:0
TX packets:448 errors:0 dropped:0 overruns:0 carrier:0
collisions:85 txqueuelen:100
Interrupt:10 Base address:0xe400
An o pyrhnas den anagnwrizei thn karta diktuoy sas, 8a deite ena mhnyma san to parakatw :
eth0: error fetching interface information: Device not found.
An to Linux brei kai tis duo kartes sas, pate thn epomenh enothta. Alliws, diabaste aythn edw.
As poume oti o pyrhnas den anagnwrizei th mia karta, h kai tis duo. Ayto den einai kanena spoydaio problhma. O,ti prepei na kanoyme, einai na ejhghsoyme ston pyrhna pws na brei tis kartes. Yparxoyn polla kolpa edw, alla den 8a t' anaferw ola. Monaxa 8ymh8eite pws, otan ta pragmata dyskoleuoyn, yparxei kai to Ethernet HOWTO. Idou, omws, merikes symboyles se syntomia :
/proc/pci kai shmeiwnontas
markes kai montela.Twra, mia poy jerete tis markes - montela twn eth0 kai eth1,
mporeite na pate sth
selida symbatothtas toy
Ethernet HOWTO, kai na cajete gia tis kartes sas. Shmeiwste ton
synistwmeno driver, ka8ws kai ka8e plhroforia gia eidikes ry8miseis, poy
tyxon apaitoun oi kartes sas.
Eftase h stigmh na epemboyme s' ena arxeio ry8misewn! To arxeio poy 8a
dior8wsoyme, einai to /etc/conf.modules. Anoijte to me ton text
editor ths epiloghs sas. Epeidh yparxoyn polles epiloges kai syndyasmoi,
poy mporoun na proste8oun sto sygkekrimeno arxeio, 8a sas dwsw san
paradeigma tis ry8miseis gia th dikh moy gateway. Exw mia PCI karta twn
10/100 Mbps, poy basizetai sto oloklhrwmeno VIA Rhine, ki enan typikotato
ISA klwno toy protupoy NE2000, sta 10 Mbps. Xrhsimopoiw thn karta twn 100
Mbps gia to eswteriko diktyo, kai thn 10ara gia th sundesh me to ejwteriko
diktyo. To diko moy /etc/conf.modules arxeio einai kapws etsi :
alias parport_lowlevel parport_pc alias eth0 ne options ne io=0x300 irq=10 alias eth1 via-rhine
H ejhghsh twn grammwn toy conf.modules arxeioy moy einai h ejhs :
alias eth0 ne) leei ston pyrhna na
xrhsimopoihsei ton ne driver gia th syskeyh eth0.options ne io=0x300 irq=10) leei ston ne
driver se poia dieu8ynsh IO kai se poia IRQ 8a brei thn ISA karta.
An exete kai seis karta ISA, pi8anotata prepei na gracete mia
paromoia grammh sto arxeio. Apla, antikatasthste ton driver kai tis
IO kai irq me ta antistoixa gia thn karta sas.alias eth1 via-rhine) leei ston pyrhna na
xrhsimopoihsei sthn karta eth1 ton driver gia oloklhrwmena
via-rhine. Epeidh, twra, h eth1 karta moy einai PCI, den
xreiazetai na gracw odhgies gia tis io kai irq : To yposusthma PCI
ry8mizei thn karta aytomata.Prepei na bebaiw8eite oti yparxoyn grammes alias kai gia tis dyo kartes
sas sto arxeio conf.modules , kai na balete tis swstes grammes
epilogwn gia oles tis ISA kartes sas. Mporei kai na yparxoyn hdh grammes
sto conf.modules, gia ka8e karta ethernet poy ry8misate kata thn
egkatastash
Otan teleiwsete th dior8wsh toy conf.modules, janadokimaste
tis entoles ifconfig eth0 kai ifconfig eth1. Isws sas
xreiastei na kanete kamposes dokimes, an skalizete tis diey8unseis IO kai
tis IRQs, xwris na koitazete to egxeiridio toy kataskeyasth.
Eseis o jupnios, poy agorasate duo akribws idies kartes diktuoy, twra
den mporeite na tis balete na doylecoyn mazi; Mhn anhsyxeite, to n'
anagkastoun na symbiwsoyn einai apla 8ema swsths suntajhs twn grammwn toy
arxeioy /etc/conf.modules. Sto paradeigma mas, oi ari8moi IO
diey8unsewn kai IRQ's einai apla ths fantasias mas, alla 8a ypo8esw oti
agorasate ena tairiasmeno zeygari klwnwn toy protupoy NE2000 (pragma poy
einai mia synh8ismenh epilogh). To diko sas arxeio /etc/conf.modules
logika moiazei kapws etsi :
alias eth0 ne alias eth1 ne options ne io=0x330,0x360 irq=7,9
Oi parametroi diey8ynsiodothshs didontai oles sthn idia grammh, kai o
prwtos ari8mos se ka8e parametro anaferetai sthn eth0. O deuteros sthn
eth1.
To "eswteriko" diktyo einai ayto, me to opoio epikoinwnoun oloi oi H/Y mas sto spiti h sto grafeio. To "ejwteriko" diktyo einai to megalo, tromaktiko Internet, sthn allh pleyra toy gateway H/Y mas. Gia ton perissotero xrono, to eswteriko diktyo 8a einai plhrws apomonwmeno apo to ejwteriko me th boh8eia toy gateway H/Y, o opoios 8a energei ws firewall metrias isxuos.
Mia poy oi drivers sas doyleuoyne twra, kai mporeite na deite kai thn
eth0 kai thn eth1 me to ifconfig, hr8e h stigmh
na ry8misoyme to eswteriko diktyo. Ypo8etw oti 8a balete to eswteriko sas
diktyo sthn eth1, kai to ejwteriko diktyo sthn eth0.
To eswteriko sas diktyo 8a einai idiwtikhs xrhshs, kai ara prepei na to
kanoyme diktyo tetoias morfhs : 192.168.1.0. Ayto epishma legetai
"idiwtiko diktyo Tajhs C", se periptwsh poy 8elete na entypwsiasete
toys filoys sas.
Prwta, prepei na bebaiw8oume oti exei energopoih8ei h diktuwsh. Allajte
to arxeio /etc/sysconfig/network, kai bebaiw8eite pws periexei
tis ejhs grammes :
NETWORKING=yes FORWARD_IPV4=yes
H prwth grammh leei sto Linux pws epi8ymoume h diktuwsh na energopoieitai katey8eian me thn ekkinhsh toy H/Y. H deuterh grammh leei sto Linux na energopoihsei thn prow8hsh ari8mwn IP (IP forwarding). Ayth apaiteitai gia th ru8mish toy maskarismatos (masquerading), poy 8a poume sthn enothta 4 toy HowTo.
Shmeiwsh gia to RedHat : To RedHat 6.2 apaitei allages sto
arxeio /etc/sysctl.conf, gia na yposthrijei swsta to IP forwarding
kai to masquerading. Bebaiw8eite oti yparxoyn ki exoyn tis swstes times
parametrwn oi akoloy8es grammes :
net.ipv4.ip_forward = 1 net.ipv4.ip_always_defrag = 1
Oles oi ry8miseis diktuoy gia to RedHat kai tis paragwges dianomes toy
RedHat periexontai se arxeia, sto directory
/etc/sysconfig/network-scripts directory. Kante cd s' ayto to
directory, kai ftiajte ena neo arxeio, to ifcfg-eth1. Mesa s' ayto
gracte ta ejhs :
DEVICE=eth1 IPADDR=192.168.1.1 ONBOOT=yes
Aytos o kwdikas leei sta scripts diktuoy na ry8misoyn thn eth1 kata thn
ekkinhsh, kai na ths dwsoyn mia sygkekrimenh dieu8ynsh IP. Energopoieiste
tis nees ry8miseis sto diktyo sas me thn akoloy8h entolh :
/etc/rc.d/init.d/network restart
Enas DHCP server apodidei aytomata diey8unseis IP stoys H/Y poy briskontai syndedemenoi sto spitiko sas diktyo. Einai polu xrhsimos, otan exoyme forhtous H/Y : Mporoume apla na syndesoyme toys forhtous H/Y sto diktyo, kai amesws na diktyw8oun swsta. An den 8elete DHCP server sto eswteriko sas diktyo, na proxwrhsete sthn epomenh enothta.
Prwta prepei na bebaiw8eite oti o DHCP server einai egkatesthmenos.
Kante mount to CD toy Linux sas, kai egkatasthste to paketo dhcp
RPM. Twra, allajte to arxeio /etc/dhcpd.conf, kai pros8este ta
ejhs (kai monon ayta) :
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.2 192.168.1.60;
default-lease-time 86400;
max-lease-time 86400;
option routers 192.168.1.1;
option ip-forwarding off;
option broadcast-address 192.168.1.255;
option subnet-mask 255.255.255.0;
}
An prokeitai na sthsete ton Linux H/Y sas san caching domain name server, dwste thn akoloy8h epilogh :
option domain-name-servers 192.168.1.1;
Ean gnwrizete thn ejwterikh DNS dieu8ynsh sas, kai den prokeitai na xrhsimopoihsete ton Linux H/Y gia DNS, dwste thn akoloy8h epilogh (opoy x.x.x.x kai y.y.y.y einai ari8moi IP twn DNS servers) :
option domain-name-servers x.x.x.x, y.y.y.y;
Ean prokeitai na balete thn koinh xrhsh arxeiwn me to protypo Samba ston Linux H/Y sas (gia xarh twn H/Y sas me Windows), pros8este tis akoloy8es grammes, wste o Linux H/Y na ginei o ej orismou WINS kai browsing server :
option netbios-name-servers 192.168.1.1; option netbios-dd-server 192.168.1.1; option netbios-node-type 8; option netbios-scope "";
Oi ry8miseis twn Samba kai WINS briskontai polu ejw apo ta oria toy parontos keimenoy. An xreiazeste kapoies ypodeijeis, jekinhste me to SMB HOWTO, kai synexiste apo ekei.
Yparxoyn akomh liga bhmata. Twra, anoijte to arxeio
/etc/rc.d/init.d/dhcpd, kai cajte na breite thn ejhs grammh :
/sbin/route add -host 255.255.255.255 dev eth1
Oi DHCP clients me Windows apaitoun ekpomph mias sygkekrimenhs
dieu8ynshs stis apokriseis DHCP, kai h parapanw entolh anagkazei ton
TCP/IP stack toy Linux na thn paragei. Ean den mporeite na breite ayth th
grammh sto arxeio ayto, pros8este thn. An breite mia
paromoia grammh, bebaiw8eite oti h syskeyh sthn opoia anaferetai, einai h
eth1.
To epomeno bhma einai n' allajoyme to arxeio
/etc/rc.d/init.d/dhcpd, wste na dexetai san default th syskeyh
eth1. Antikatasthste th grammh :
daemon /usr/sbin/dhcpd
me :
daemon /usr/sbin/dhcpd eth1
Twra eimaste etoimoi na jekinhsoyme to DHCP. Prwta jekiname ton DHCP
server, me thn entolh : /etc/rc.d/init.d/dhcpd start.
Telika, prepei na bebaiw8oume oti o DHCP server 8a jekinhsei kata thn
epanekkinhsh. Merika paketa RPM toy DHCP server den periexoyn entoles, poy
na sigoyreuoyn oti o server 8a jekinaei ka8e fora, ara prepei na
bebaiw8oume emeis oti jekinaei, dinontas thn entolh : chkconfig dhcpd on.
Ayth h entolh kanei to RedHat na pros8esei to script ekkinhshs toy dhcp
sta diafora directories twn runlevels, katw apo to /etc/rc.d. O
DHCP server jekinaei sta runlevels 3 kai 5 (multiuser konsola kai multiuser
X). Sta runlevels 0, 1 kai 6 (shutdown, monoxrhsia kai reboot), o DHCP
server stamataei.
An exete hdh ry8misei to DHCP, einai polu eukolo na ry8misete kai toys client H/Y sas : Apla energopoieiste th ru8mish toy DHCP. Gia H/Y me Windows, ayto shmainei n' anoijete ton Pinaka Ry8misewn ("Control Panel"), kai meta thn epilogh diktuwshs ("Networking"). Breite to prwtokollo "TCP/IP", kai balte Ru8mish ("Configure"). Kante tsekarisma sto koytaki, poy leei na ry8misoyme aytomata th dieu8ynsh TCP/IP ("Configure TCP/IP address automatically"), efarmoste tis allages sas, kai epanekkinhste.
Prin epanekkinhsete, omws, ton server, mporeite na dwsete kai thn ejhs
entolh : tail -f /var/log/messages. Ayth parakoloy8ei synexws ta
logs sto Linux. An ola pane kala, me thn epanekkinhsh twn Windows H/Y sas 8a
deite na zhtane dieu8ynsh IP, kai o DHCP server n' antapokrinetai. (H
entolh tail -f termatizetai, an pathsoyme Control-C.)
An den exete ry8misei to DHCP, h ru8mish ejakoloy8ei na paramenei eukolh. 3ananoijte th Diktuwsh ("Networking") toy Pinaka Ry8misewn ("Control Panel"), kai epilejte th ru8mish toy prwtokolloy TCP/IP. Mporeite na dwsete stoys client H/Y sas opoiadhpote dieu8ynsh toy diktuoy 192.168.1.0 , ektos ths 192.168.1.0 (dhl. ths dieu8ynshs toy idioy toy diktuoy), ths 192.168.1.255 (dhl. ths dieu8ynshs broadcast), h ths 192.168.1.1 (ths dieu8ynshs toy Linux server H/Y). Pote mh dwsete thn idia dieu8ynsh IP se duo H/Y. Kante th dieu8ynsh "Gateway" 192.168.1.1, wste h kykloforia pros to ejw diktyo na pernaei apo ton gateway H/Y.
To IP Masquerading HOWTO exei leptomereis plhrofories gia tis ry8miseis twn clients, sto kefalaio twn ry8misewn.
Genika, gia na ry8misoyme enan client H/Y, eite energopoioume th ru8mish DHCP, eite ths dinoyme me to xeri mia dieu8ynsh sthn perioxh 192.168.1.x, me gateway 192.168.1.1 . O DNS server prepei na einai eite o 192.168.1.1, an trexete enan caching DNS server (des parakatw), h na katey8unei to DNS stis diey8unseis poy sas edwse o Internet Provider sas.
Ry8mizontas ton Linux H/Y sas san caching DNS server, 8a kalytereusei (elafra) thn taxuthta serfarismatos, epeidh oi syxnhs xrhshs diey8unseis DNS 8a kasaristoun mesa sto diktyo sas, kai den 8a tis pairnete ka8e fora ap' ejw.
Ean endiafereste na ylopoihsete ena plhres DNS, yparxoyn polla sun8eta pragmata poy prepei na ma8ete. Yparxei ena DNS HOWTO dia8esimo, kai to biblio DNS and BIND apotelei mia kalh (kai polu katanohth) grapth phgh anaforas.
Gia na ekmetalleytoun ton caching server oi client H/Y sas, prepei na ry8mistoun, wste na xrhsimopoihsoyn th Linux gateway ws ton prwteuonta DNS server toys. Ena tropos gia na ginei ayto, einai oi katey8ynthries entoles gia to DHCP, poy didontai sthn enothta 3.2.2 . An ry8mizete me to xeri toys client H/Y sas, mporeite n' allajete tis ry8miseis toy DNS me ton idio tropo poy xrhsimopoihsate gia na gracete th dieu8ynsh IP.
Gia na egkatasthsete ton DNS server, prwta egkatasthste to paketo
bind RPM, kai meta to caching-nameserver RPM. S' ayto to
shmeio, exoyme sxedon teleiwsei.
O caching server 8a doylecei mia xara me ton tropo poy ton
egkatasthsame. Wstoso, an gnwrizete tis diey8unseis IP twn DNS servers toy
Internet Provider sas (sto ejhs "ISP" - s.t.m.), mporeite n'
ayjhsete akomh ligo thn apodosh, allazontas to arxeio
/etc/named.conf, kai pros8etontas thn ejhs grammh meta th grammh
directory (opoy x.x.x.x kai y.y.y.y einai antistoixa o prwteuwn
kai o deytereuwn DNS servers) :
forwarders { x.x.x.x; y.y.y.y; };
Ayth h allagh kanei ton DNS server prwta na rwtaei toys DNS servers toy ISP, prin diasxisei to Internet caxnontas gia mia sygkekrimenh dieu8ynsh. Oi servers toy ISP synh8ws exoyne para polles diey8unseis kasarismenes, kai epomenws mporoun na dwsoyn taxuterh apanthsh ap' o,ti 8a mporouse o dikos sas server.
O daemon named eixe kapoia problhmata asfaleias to prohgoumeno
12mhno, ara einai polu shmantiko to na exete thn pleon prosfath ekdosh,
kai na kanete kapoies allages stis ej orismou ry8miseis, wste n' ayjhsete
thn asfaleia toy systhmatos.
bind sas, kai bebaiw8eite oti einai
toylaxiston h 8.2.2. Phgainete sto site
Ananewseis toy RedHat,
h sto
Ananewseis toy Mandrake, wste na cajete gia thn pio prosfath
ekdosh.allow-query { 192.168.1/24; 127.0.0.1/32; }; sto arxeio
/etc/named.conf, meta th grammh forwarders.root. Ean o
server trexei ws root, ena xakema toy server 8a dwsei ston xaker ta
pronomia toy root. An trexete ton server ws xrhsths xwris polla
dikaiwmata, px san nobody, 8a xamhlwsete to epipedo
kindunoy xakematos toy name server. Gia na trejete ton name server
ws nobody, dior8wste to arxeio
/etc/rc.d/init.d/named, kai allajte th grammh
daemon named se daemon named -u nobody -g nobody.Bebaiw8eite oti o DNS server sas 8a energopoih8ei me to bootarisma :
chkconfig named on. Pali, ayto sigoyreuei oti o server 8a jekinhsei
sta synh8ismena runlevels (3 kai 5) kata to bootarisma.
Entajei, twra mporeite na jekinhsete ton DNS server sas :
/etc/rc.d/init.d/named start
To DNS den 8a doylecei mexri na ry8misoyme to ejwteriko diktyo, (mia
poy prepei na epikoinwnhsei me alloys DNS servers epanw sto Internet), alla
me to programma ping mporoume na testaroyme thn basikh eswterikh
sundesh.
Anoijte ena para8yro termatikou (MS-DOS) s' enan apo toys client H/Y sas,
kai dwste : ping 192.168.1.1. Ayth h entolh 8a stelnei se taktika
xronika diasthmata paketa pros ton Linux H/Y sas, ki aytos 8a ta janastelnei
pisw. An ola doyleuoyn swsta, 8a blepete ena sunolo xronwn epistrofhs twn
paketwn.
Twra eimaste etoimoi na ry8misoyme to ejwteriko diktyo. Merikes fores ayto 8a einai duskolo, analoga me to poso kala yposthrizei to Linux o ISP sas. An exete dyskolies, yparxei to ADSL mini-HOWTO, poy kaluptei ta 8emata ths sundeshs ADSL arketa leptomereiaka. Ean brw kai kanena Cable Modem HOWTO, 8a balw link kai gi' ayto.
To kurio problhma me tis perissoteres ejwterikes syndeseis einai to
na pareis mia dieu8ynsh IP. Merikoi ISPs dinoyn statikes diey8unseis
IP se syndromhtes me sundesh cable (kalwdiako) modem h ADSL, kai s' ayth
thn periptwsh h ru8mish einai eukolh. Wstoso, oi perissoteroi ISPs exoyne
pleon prosanatolistei se dynamikh sundesh mesw (swsta mantecate!) DHCP.
Ayto shmainei oti o Linux H/Y sas 8a einai DHCP server sthn karta
diktuoy eth1 interface, kai DHCP client sthn karta
diktuoy eth0.
Epipleon, polloi ISPs parexoyn tis yphresies toys me ejeidikeymeno tropo, poy proupo8etei oti oi pelates toys xrhsimopoioun Windows. Merikes ap' aytes tis periptwseis 8a syzhth8oun sto telos ths enothtas 3.3.2. .
Ean o ISP sas sas edwse statikh dieu8ynsh IP, exete jenoiasei. Ftiajte
ena neo arxeio ry8misewn ths sundeshs, to
/etc/sysconfig/network-scripts/ifcfg-eth0, kai balte ta ejhs mesa
toy :
DEVICE=eth0 IPADDR=x.x.x.x NETMASK=y.y.y.y ONBOOT=yes
Apla antikatasthste ta x.x.x.x kai y.y.y.y me tis times poy sas edwse o
ISP. Twra, dior8wste to arxeio /etc/resolv.conf, kai gracte tis
akoloy8es grammes :
search provider_domain_here nameserver n.n.n.n nameserver m.m.m.m
To provider_domain prepei kanonika na sas to dwsei o ISP sas. Epishs,
balte toys prwteuonta kai deytereuonta DNS servers stis grammes n.n.n.n kai
m.m.m.m . An exete ry8misei ton Linux H/Y san DNS server, pros8este mia
grammh prin tis grammes gia toys alloys nameservers :
nameserver 127.0.0.1. Ayth 8a kanei ton Linux server na
xrhsimopoihsei ton caching server, prin zhthsei apo toys ejwterikous
servers plhrofories gia DNS.
An o ISP sas exei ry8mistei ws DHCP, prepei na ftiajete ena neo arxeio
ry8misewn ths sundeshs, to
/etc/sysconfig/network-scripts/ifcfg-eth0, kai pros8este toy ta
ejhs :
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes
Twra, bebaiw8eite oti o dhcpcd client daemon einai egkatesthmenos sto
susthma sas. Phgainete sta Linux CD sas, ki egkatasthste to paketo
dhcpcd RPM.
Eftase loipon h stigmh na dokimasoyme tis ry8miseis toy neoy mas
diktuoy. Apla dinoyme thn entolh /etc/rc.d/init.d/network restart.
Meta, me ping kanoyme dokimh ths ejwterikhs sundeshs. Kanoyme ping s' enan
H/Y sto Internet, san ton www.yahoo.com, kai perimenoyme mhpws
epistrecei kapoio paketo.
H katastash me to diktyo sas mporei na einai diaforetikh apo ta apla paradeigmata poy perigrafontai parapanw. Idou merikes suntomes parathrhseis epanw stis diafores dyskolies, kai links kai diey8unseis pros perissotero egkyres phges. Eyxaristw ton John Mellor, poy moy edwse ta links kai thn w8hsh na pros8esw aythn thn enothta.
Merikoi ADSL providers (px h Bell Atlantic) epimenoyn teleytaia na syndeontai oi neoi toys pelates mesw toy prwtokolloy "PPP over Ethernet" (PPPoE). Gia ton skopo ayto, dinoyne stoys neoys syndromhtes ena client programma gia Windows : kati oxi idiaitera xrhsimo se xrhstes Linux. Eytyxws, omws, to PPPoE einai ena aplo prwtokollo, kai ginontai hdh polles prospa8eies na yposthrix8ei kai apo to Linux.
Ena apo ta agaphmena kolpa twn ISPs einai to na se syndeoyn m' ena kai monadiko host name, h akomh kai me mia kai monadikh karta prosbashs sto diktyo. Ayto ypo8etika ginetai gia na s' empodisei na bazeis pollous H/Y sto diktyo soy, me th xrhsh hub. (Fysika, me xrhsh Linux kai masquerading exoyme to idio apotelesma me kaluterh asfaleia, kai o ISP den dia8etei tropo na gnwrizei an egine ayto!!)
Ean o ISP sas edwse ena host name, kai epemeine na dwsete ston Windows H/Y sas ayto to onoma, wste na sas afhsei na xrhsimopoihsete th sundesh, tote prepei na sigoyreyteite oti o Linux H/Y sas stelnei prwta ayto to host name, otan zhtaei mia dieu8ynsh apo ton DHCP server.
Otan bazete dhcp sto BOOTPROTO, sto arxeio ry8misewn ths sundeshs,
kaleitai men o RedHat DHCP client, alla xwris n' anaferetai se kapoio host
name. Gia na kaleite to programma me host name sto RedHat 6.1, dior8wste
to arxeio /etc/sysconfig/network, kai allajte th grammh :
HOSTNAME=
wste na grafei :
HOSTNAME=your_isp_assigned_name
Ayto mporei na mh doylecei se merikes parallages toy RedHat. An den
doylecei, elegjte to /sbin/ifup script kai koitajte an oi klhseis
twn dhcpcd kai pump perilambanoyn mia parametro -h $HOSTNAME. An
oxi, pros8este thn, wste oi klhseis na ginoyn kapws etsi :
/sbin/dhcpcd -i $DEVICE -h $HOSTNAME kai
/sbin/pump -i $DEVICE -h $HOSTNAME.
H etairia kalwdiakwn syndesewn Road Runner exei mia eidikh diadikasia login, poy prepei na trejei prin xrhsimopoih8ei o server. Eytyxws, yparxei ena leptomeres Linux Road Runner HOWTO.
Twra, mporeite na 8aymasete to ergo sas. Dwste ifconfig, gia na
deite oles tis ry8mismenes syskeyes sas. Ston diko moy gateway H/Y, pairnw
ta ejhs :
eth0 Link encap:Ethernet HWaddr 00:60:67:4A:02:0A
inet addr:24.65.182.43 Bcast:24.65.182.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:487167 errors:0 dropped:0 overruns:0 frame:0
TX packets:467064 errors:0 dropped:0 overruns:0 carrier:0
collisions:89 txqueuelen:100
Interrupt:10 Base address:0xe400
eth1 Link encap:Ethernet HWaddr 00:80:C8:D3:30:2C
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:284112 errors:0 dropped:0 overruns:0 frame:1
TX packets:311533 errors:0 dropped:0 overruns:0 carrier:0
collisions:37938 txqueuelen:100
Interrupt:5 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:12598 errors:0 dropped:0 overruns:0 frame:0
TX packets:12598 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Shmeiwste oti h karta eth0 exei mia entypwsiakh ejwterikh
dieu8ynsh IP, kai h karta eth1 mia idiwtikh eswterikh dieu8ynsh.
Mporeite na deite ta routes toy diktuoy, dinontas thn entolh
route. Ston gateway H/Y moy, pairnw ena mhnyma san ayto :
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 255.255.255.255 * 255.255.255.255 UH 0 0 0 eth1 192.168.1.0 * 255.255.255.0 U 0 0 0 eth1 24.65.182.0 * 255.255.255.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 24.65.182.1 0.0.0.0 UG 0 0 0 eth0
Edw mporoume na doume oti to ejwteriko diktyo einai ry8mismeno, to eswteriko diktyo einai ry8mismeno, h topikh syskeyh epishs, h eidikh dieu8ynsh broadcast 255.255.255.255 epishs, kai to default route einai ry8mismeno na deixnei thn gateway toy ISP. Teleio!
Twra exoyme kai ta ejw, kai ta mesa. Apomenei n' anoijoyme thn porta metaju toys. Wstoso, prwta prepei na bebaiw8oume oti den mporoun na mpoyn mesa tipote terata ap' ejw.
Ena apo ta meionekthmata ths monimhs sundeshs sto Internet mesw ADSL h kalwdiakou modem, einai pws o H/Y mas einai ekte8eimenos se pi8anes apeiles ths asfaleias toy 24 wres th mera, 7 meres thn ebdomada. H xrhsh toy Linux ws gateway periorizei to risko, epeidh krubei oloys toys ypoloipoys H/Y sto diktyo sas : Oson afora to ypoloipo Internet, syndedemenos einai monon o Linux H/Y sas. Ayto shmainei oti to diktyo sas mporei na einai toso sigoyro, oso o Linux H/Y sas, epomenws s' ayto to shmeio 8a sas dwsw merikes basikes symboyles, gia na ton kanete asfalestero.
Prwta, prepei na kleisete ejw oloys toys kakous. Gia na ginei ayto,
dior8wste to arxeio /etc/hosts.deny, kai bebaiw8eite oti egine
akribws opws parakatw :
# # hosts.deny Ayto to arxeio perigrafei ta onomata twn host H/Y, poy # *den* epitrepetai na xrhsimopoioun tis topikes yphresies # INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server. # # H grammh gia ton portmap einai peritth, alla afhnetai gia # na sas 8ymizei oti o neos asfalhs portmap xrhsimopoiei to # hosts.deny kai to hosts.allow . Eidikotera, 8a eprepe na # gnwrizete oti to NFS xrhsimopoiei ton portmap! ALL: ALL
Ta parapanw lene stoys "TCP wrappers" (oi opoioi elegxoyn to 95%
twn eiserxomenwn syndesewn) na arnh8oun ka8e sundesh apo ka8e host H/Y.
Ayth einai arketa kalh apagoreysh! Alla epishs 8a sas empodisei kai na
synde8eite me ton Linux H/Y sas apo to eswteriko spitiko sas diktyo, pragma
enoxlhtiko. Epomenws, 8a kanoyme mia ejairesh. Dior8wnoyme to arxeio
/etc/hosts.allow, kai to kanoyme akribws etsi :
# # hosts.allow Ayto to arxeio perigrafei ta onomata twn host H/Y, poy # toys epitrepetai na xrhsimopoioun tis topikes yphresies # INET, opws ka8orizetai apo ton "/usr/sbin/tcpd" server. # ALL: 127.0.0.1 ALL: 192.168.1.
Ta parapanw lene stoys "TCP wrappers" oti mporoun na epitrecoyn syndeseis pros oles tis yphresies ths topikhs syskeyhs (local device, 127.0.0.1), kai pros to spitiko diktyo (192.168.1.) .
Twra exete kleidwsei ta terata ejw, me isxyro loyketo. An 8elete na balete mpares kai synagermous, prepei na exete polu perissoteres gnwseis. To Security HOWTO einai ena kalo meros gia n' arxisete to diabasma, an 8elete na ma8ete perissotera gia to pws n' asfalizete ton Linux H/Y sas.