Bering Doc Install 1.0-Stable

LEAF "Bering" installation guide

LEAF "Bering" installation guide 1
Prev Next
Jacques Nilo
Eric Wolzak
Revision History
Revision 0.1 18 January 2002
First draft for review
Revision 0.2 2 February 2002
Second draft for review
Revision 0.3 21 February 2002
Tird draft for review
Revision 0.! 1" #arc 2002
Fourt draft for review
Revision 0.$ 22 %&ri' 2002
Fift draft for review
Revision 0.( 1( June 2002
Sixt draft for review
Revision 0.) 20 *ctober 2002
Sevent draft for review
Revision 0.8 1! Nove+ber 2002
,i-t draft for review
Table of Contents
1. About LEAF "Bering"
1.1. What is the LEAF "Bering" distribution ?
1.2. Why Bering ?
1.3. Feedback
1.4. Acknowedg!ents and thanks
1.". Bering downoad areas
1.#. Bering su$$ort
2. LEAF "Bering" %hangeog
2.1. %urrent &ersion' 1.()stabe ) *o&e!ber+14 2((2
2.2. ,ersion' 1.()rc4 ) -ctober+2( 2((2
2.3. ,ersion' 1.()rc3 ) .une+1# 2((2
2.4. ,ersion' 1.()rc2 ) A$ri+22 2((2
2.". ,ersion' 1.()rc1 ) /arch+1# 2((2
2.#. ,ersion' beta4 ) February 2((2
2.0. ,ersion' beta3 ) February 2((2
2.1. ,ersion' beta2 ) .anuary 2((2
2.2. -der &ersions
3. A&aiabe $ackages on the LEAF "Bering" 3o$$y
3.1. 4he LEAF "Bering" 3o$$y disk content
3.2. 5escri$tion
4. 6nstaation ) ste$ 1' downoad the distribution
4.1. Linu7 users
4.2. Windows users
". 6nstaation ) ste$ 2' downoad the !odues
#. 6nstaation ) ste$ 3' Add8re!o&e the 9un:needed $ackages and !odues
#.1. ;e!o&ing unneeded $ackages
#.2. Edit the syslinux.cfg 3ie
#.3. ;e!o&ing unneeded !odues
#.4. Adding a new $ackage
#.". Adding e7tra !odues in 8ib8!odues
#.#. Adding e7tra !odues in 8boot8ib8!odues
0. 6nstaation ) ste$ 4' con3igure your keyboard
1. 6nstaation ) ste$ "' con3igure your network
1.1. inter3aces 3ie 9 /etc/network/interfaces :
1.2. network o$tions 3ie 9/etc/network/options:
1.3. hosts 6< addresses 9/etc/hosts:
1.4. hostna!e 9/etc/hostname:
1.". reso&.con3 9/etc/resolv.conf:
1.#. =u$er ser&er dae!on con3iguration 9/etc/inetd.conf:
1.0. hosts.aow 9/etc/hosts.allow:
1.1. hosts.deny 9/etc/hosts.deny:
1.2. network 9/etc/network:
2. 6nstaation ) ste$ #' con3igure =horewa
1(. 6nstaation ) ste$ 0' con3igure your syste!
1(.1. /aster L;< settings 9 /etc/lrp.conf :
1(.2. <-=6>ness setting 9/etc/POSIXness.conf:
1(.3. Fie syste! !ounts 9/etc/fstab:
1(.4. Lowest e&e boot)u$ con3iguration 9/etc/inittab:
1(.". =yste! wide $ro3ie 9/etc/profile:
1(.#. <orts root is aowed to ogin to 9/etc/securetty:
1(.0. =yste! ogging con3iguration 9/etc/syslog.conf:
1(.1. =er&ice na!e to nu!ber transation 9/etc/services:
1(.2. Loca ti!e?one 4@ setu$ 9/etc/tvalue:
11. 6n3or!ation on $ackages $ro&ided on the Bering 3o$$y disk
11.1. bridge.r$
11.2. dhc$d.r$
11.3. dnscache.r$
11.4. etc.r$
11.". initrd.r$
11.#. i$tabes.r$
11.0. keyboard.r$
11.1. oca.r$
11.2. og.r$
11.1(. !odues.r$
11.11. $$$.r$
11.12. $$$oe.r$
11.13. $u!$.r$
11.14. root.r$
11.1". shorwa.r$
11.1#. webet.r$
12. 6n3or!ation on $ackages $ro&ided in the Bering $ackages downoad area
12.1. dhcient.r$
12.2. i$sec.r$
12.3. i$sec"(2.r$
12.4. ib!.r$
12.". nt$date.r$
12.#. nt$si!$.r$
12.0. $c!cia.r$8$c!ciaAorinoco.r$8$c!ciaA7irco!.r$
12.1. $$$at!.r$
12.2. $$t$d.r$
12.1(. &an.r$
12.11. tc.r$
12.12. wireess.r$ and wireuti.r$
12.13. wan)ng.r$
Prev .o+e Next
%bout /,%F 01erin-0
1. About LEAF "Bering" 4
Prev /,%F 01erin-0 insta''ation -uide Next
1. About LEAF "Bering"
1.1. What is the LEAF "Bering" distribution ?
Te /,%F 01erin-0 distribution is derived fro+ 2ar'es Stein3ue'er4s 5acstein 6rc27. 8t differs fro+ it on
two 3ey e'e+ents9
8t is based on a 2.!.x 'inux 3erne'
8t re'ies on Sorewa'' for extended firewa''in- faci'ities. 2ec3 a'' te Sorewa'' features ere .
Te +ain ob:ectives are9
To benefit fro+ te netfi'ter;i&tab'es faci'ities
To ave access to te 'atest 3erne' device drivers < fi'esyste+s
To 3ee& everytin- avai'ab'e on a sin-'e f'o&&y for te 'ar-est &ossib'e user4s base 6inc'udin- seria'
+ode+= cab'e +ode+ or %5S/ PPP;PPP*, users7
To 3ee& te si+&'icity &rovided by 5acstein
To stic3 to a standard 'inux 3erne' as +uc as &ossib'e. Tis a''ows /,%F 01erin-0 usa-e and
deve'o&e+ent in a virtua' environ+ent
To stic3 as +uc as &ossib'e to te 5ebian distribution structure
Tis wor3 was +ade &ossib'e after avin- &ro&osed a so'ution to -et rid of te ori-ina' 3erne' /RP &atces
wic do not &ass te can-e introduced in initrd in te 2.!.10 3erne'. Te interested reader can refer
to te 'eaf>deve' +ai'in- 'ist arcives.
1.. Wh! Bering ?
Te na+e 01erin-0 was cosen fro+ te Strait of te sa+e na+e. % strait is a nice sy+bo' for a firewa''9 a 'ot
of traffic and strict navi-ation ru'es. Tose interested by te story of te 1erin- 8s'and can cec3 ere 6Tan3s
to #att Sca'it for te reference7.
1.". Feedback
2o++ent on tis &ac3a-e can be sent to te autors9
Jac?ues Ni'o <jnilo@users.sourceforge.net > or ,ric @o'Aa3 <leaf@wolzak.de >.
1.#. Ackno$ledg%ents and thanks
Tan3s to everyone wo e'& us on tis wor3 and es&ecia''y te +e+bers of te 'eaf>deve' and 'eaf>user
+ai'in- 'ist. #any tan3s a'so to To+ ,aste& <teastep@shorewall.net > for is -reat sorewa''
&ac3a-e and is dedicated su&&ort.
Te 01erin-0 distribution as benefited fro+ +any co++ents= e'& and su--estions fro+ /ynn %vants= 2ad
2arr= /uis F. 2orreia= %''en .i''ery= 2ristian .oste'et= To+ ,aste&= Jeff New+i''er= 1roc3 Nanson= Tor
Ny'ander= /arry P'atAe3 and 1ob Pocius.
1. About LEAF "Bering" 5
1.&. Bering do$nload areas
%'' 1erin- re'ated fi'es= inc'udin- arcives= are avai'ab'e in te /,%F fi'es area .
1erin- +odu'es= &ac3a-es= &atces= contrib and &ossib'e erratas are &rovided ere for te +ost recent
versions.
1.'. Bering su((ort
1erin- is &rovided wit an extensive docu+entation 6an insta''ation -uide and a user4s -uide7 a'so avai'ab'e as
&df fi'es in te /,%F fi'es area .
Re?uest for su&&ort sou'd be directed on'y to te 'eaf>user +ai'in- 'ist . P'ease do not send re?uest for e'&
direct'y to te autorsB Cou wi'' -enera''y -et a faster res&onse if your re?uest is &osted to te 'eaf>users 'ist
and tis res&onse wi'' benefit to oters as we''. %'so do not for-et to use te searc faci'ty associated wit te
'eaf>users +ai'in- arcives .
Prev .o+e Next
/,%F 01erin-0 insta''ation -uide D& /,%F 01erin-0 2an-e'o-
2. LEAF "Bering" Changelog 6
. LEAF "Bering" )hangelog
.1. )urrent *ersion+ 1.,-stable - No*e%ber.1# ,,
sorewa'' u&dated to version 1.3.10
&c+cia>cs u&dated to version 3.2.3
freeswan;i&sec u&dated to version 1.""
1erin- wini+a-e now -enerated in ,n-'is 9>7
Ty&o corrected in /usr/sbin/lrcfg.back.script. Partia' bac3u&s sou'd now wor3 *E
/dev/nftla added to /var/lib/lrpkg/root.mount to fix a &rob'e+ wen tryin- to boot
fro+ 5o2
.. /ersion+ 1.,-rc# - 0ctober., ,,
new 3erne' confi- fi'e to a''ow for +ount usbdevfs and 'ar-e routin- tab'es
2.!.18 3erne' now &atced wit Frsecurity 1.".$ and custo+iAed confi-uration
sorewa'' u&dated to version 1.3."b
tiny'o-in u&dated to version 1.2
ifu&down u&dated to version 0.(.!.!. New o&tions a''ow to setu& +tu= waddress and 'abe' for a -iven
interface
tc.lrp &ac3a-e re+oved fro+ te 1erin- f'o&&y to te 1erin- &ac3a-es down'oad
area i&tab'es now &rovided as an iptables.lrp &ac3a-e to ease u&dates
wtmp now -enerated in /var/log. last co++and now wor3s *E.
/usr/bin/savelog fixed > -Ai& now wor3s for 'o- fi'es
can-e -rou& fro+ ad+ to wee' in rotate'o-s67 save'o- state+ent9 te content of /var/log can
now be viewed fro+ web'et
/etc/passwd= /etc/shadow and /etc/groups c'eaned u&. New users added9 ssd and
s?uid Aebra re'ated services added to /etc/services
sshd co++ented out in inetd.conf
xargs added to busybox to a''ow dc'ient to sto& c'ean'y wit ifdown
So+e bu- fixes in P!"#ness.mail and lrcfg.back
1u- in /etc/cron.dail$/multicron%d corrected9 GP%T. variab'e +ust be redefined for
severa' function to wor3 under cron
.*STN%#, defined a'so in /etc/cron.d/multicron oterwise won4t be used
witin +u'ticron>d functions
1u- in /usr/sbin/lrcfg.back.script corrected to a''ow &ro&er wor3in- of &artia'
bac3u&s New cec3frees&ace function in /etc/cron.dail$/multicron.d wic a''ows
s&ace to be cec3ed on +u'ti&'e directories
/dev/nftla devices ave now te &ro&er +a:or nu+ber. /linuxrc &atced to a''ow bootin-
fro+ 5is3>on>2i& devices. Tan3s to 1rad FritA for is contribution on tis and is exce''ent new
ca&ter of te 1erin- user4s -uide B
So+e 1erin- &ac3a-es ave been u&dated9 &c+cia.'r& 6H3.2.17 and i&sec.'r& 61.".8b7 wic a'so
corrects so+e bu-s
New &ac3a-es are avai'ab'e9 nt&date.'r& 6!.0.17= a ti+e server c'ient and nt&si+&'.'r& 6!.0.17 wic
&rovides te nt&d dae+on.
.ost %P drivers for drivers for 8ntersi' Pris+2;2.$;3 fro+ tt&9;;osta&.e&itest.fi
6osta&>2002>10>127 ava'ai'ab'e in te 1erin- +odu'es directory
drivers for 8ntersi' Pris+2;2.$;3 fro+ tt&9;;www.'inux>w'an.or- 6'inux>w'an>n-.0.1.1$7 ava'ai'ab'e
in te 1erin- +odu'es directory . Dser'and &ro-ra+s are now &ac3a-ed in w'an>n-.'r&
5ona'd 1ec3er networ3 drivers are now in te 1erin- +odu'es directory
% fu'' new ca&ter avai'ab'e in te 1erin- insta''ation -uide about 0Syste+ confi-uration0
Tree new ca&ters avai'ab'e in te 1erin- user4s -uide about 0Settin- ti+e in 1erin-0= 0te +ai' and
cron faci'ities and 08nsta''in- and bootin- 1erin- fro+ a #>Syste+ 5is3>on>2i&
.". /ersion+ 1.,-rc" - June.1' ,,
1erin- now su&&orts a&+ and v'an as +odu'es. New netfi'ter +odu'es &rovided for .323= &&t&= sft&
and ta'3.
1erin- 3erne' now &atced wit -rsecurity v1.".!. Eerne' co+&i'ed wit 0+ediu+0 'eve'.
Sorewa'' u&dated to 'atest 1.3.1 version wit te June 1$= 2002 errata.
1usybox u&dated to 0.(0.39 saves 103 and s co++and out&ut is now in co'our 9>7
root.dev.mk u&dated to create +td= nft'a1>I!= '&0= '&1 devices for 5o2 and &ara''e'
&rinter su&&ort
8n /lib/P!"#ness= P!"#ness.text re+oved= P!"#ness.mail corrected 6tan3s to
E.P. EircdJrfer7= P!"#ness.s$stem c'eaned>u& and P!"#ness.linuxrouter
+odified so tat r$kg )i 8anydir8$ackage.r$ can wor3.
/etc/passwd and /etc/group u&dated so tat ?+ai'.'r& can now wor3 out of te
box brid-e scri&ts in brid-e.'r& fixed
sys'inux u&dated to version 1.)$
web'et.'r& u&dated9 s>tt&d as F85 10 6wee's7 to be ab'e to run wit -rsecurity &atc. 2orrection
for 'ayout &rob'e+s in viewsys and viewnet. 5is&'ay of statistiscs i+&roved usin- te 0i& >s 'in3
sow0 co++and. #e+ory cec3 can-ed9 now on'y te +e+ory in te t+&fs and dev;root are
cec3ed. #ounted f'o&&ies and cdro+s are i-nored.
Dser4s -uide u&dated to revision 0.3. wit so+e editin-. %'so now avai'ab'e as &df fi'e in te 1erin-
down'oad area .
8nsta''ation -uide u&dated to revision 0.). %'so avai'ab'e as &df fi'e in te 1erin- down'oad area .
.#. /ersion+ 1.,-rc - A(ril. ,,
1erin- now su&&ort 8PS,2 6Freeswan > version 1.")7 as a +odu'e. i&sec.'r& < i&sec$0".'r& &ac3a-es
avai'ab'e. Tan3s to 2ad 2arr <ccarr@franzdoodle.com > for is -reat wor3B
1erin- now su&&ort &&t& tunne's . Eerne' was &atced accordin-'y and &&&d dae+on as we''
1erin- can now boot fro+ a 25>Ro+. Te resu't of a -reat tea+ wor3 invo'vin- /uis F. 2orreia
<lfcorreia@users.sourceforge.net >= %''en .i''ery <ah@slumnet.com > and
2ritian .oste'et <c.hostelet@wanadoo.fr >. /uis a'so wrote a new section of te 1erin-
user4s -uide ex&'ainin- ow to create te 25>Ro+.
Sorewa'' u&dated to 'atest 1.2.12 version. Para+eteriAed two>interfaces setu& re+oved and re&'aced
by te new two>interfaces sa+&'e fro+ To+. Te 1erin-4s insta''ation +anua' about Sorewa'' as
been co+&'ete'y rewritten.
P2#28% 3erne' +ode re+oved. @e now -o for &c+ciaKcs &ac3a-e and +odu'es. See+s +ore robust
and a'so su&&ort P28;P2#28% brid-e
/ast version 62.217 of te e3 editor now &rovided
Eerne' now co+&i'ed wit seria' su&&ort 6by &o&u'ar de+and 9>77
1usybox +ount co++and now wor3s for NFS vo'u+es
i&tab'es u&dated wit te 'ast 1.2.(a version
Dser4s -uide u&dated to revision 0.2. wit five new ca&ters and +any u&dates B
8nsta''ation -uide u&dated to revision 0.$.
.&. /ersion+ 1.,-rc1 - 1arch.1' ,,
D&dated wit te 2.!.18 'inux 3erne' wic fixes te Netfi'ter;8R2 bu-. Su&&ort is now &rovided for
%&&'eta'3 and 8PL trou- a&&ro&riate +odu'es
Sorewa'' u&dated version 1.2.". %''ows now #%2 addresses fi'terin-
i&tab'es u&dated wit te 'ast 1.2.$ version
lrcfg.back.script u&dated wit te +ost recent version fro+ 5acstein wic a''ows
&artia' bac3u& and adat&ed to wor3 witout ctar. 1ac3u& &rob'e+s ex&erienced in beta>! sou'd be
-one. ,ric s&ent ?uite so+e ti+e on tis one 9>7.
New &c+cia.'r& &ac3a-es 6tested and +ore co+&act and wit a +ore detai'ed docu+entation7.
5ocu+entation u&dated to revision 0.!.
.'. /ersion+ beta# - Februar! ,,
ifu&down &ro-ra+ ada&ted to on'y use i& addr and i& route co++ands. ifconfi- re+oved
Sorewa'' u&dated to 'atest 1.2.( version
ar& &ro-ra+ added to ;sbin to ave &roxy>ar& wor3in- wit Sorewa'' 6tan3s to Cvo Ne'e+ans for
noticin- tis7
1eta2 /usr/sbin/lrcfg.back.initrd scri&t restored. %uto+atic co+&utation of
8N8TR5KS8M, in beta3 was bu--y
/oadin- of +odu'es stored in /boot/lib/modules ri-t after initrd is +ounted is now
wor3in- &ro&er'y
ctar re+oved fo''owin- a su--estion by S. 2aron
Te &c+cia.'r& confi-uration 'ist is no +ore bro3en
So+e c'ean>u& in web'et.'r&
5ocu+entation u&dated to revision 0.3.
.2. /ersion+ beta" - Februar! ,,
Te distribution as now a na+e9 1erin- B
Eerne' 2.!.1( u&dated. 8nc'udes now su&&ort for .ard dis3s= 5*2= ext2;ext3;reiserfs fi'esyste+s=
PPP*%= 8PH(
Sorewa'' u&dated to 'atest 1.2.$ version
@ini+a-e f'o&&y i+a-e now avai'ab'e for @indows users
8N8TR5KS8M, &ara+eter re+oved9 /usr/sbin/lrcfg.back.initrd now co+&utes
o&ti+a' siAe of 8N8TR5 fi'esyste+
/etc/init.d/netbase re+oved and re&'aced by /etc/init.d/inetd. Port+a& wi''
be &rovided as a se&arate &ac3a-e.
So+e c'ean>u& in te /etc/init.d R25/8NESN &ara+eters to co+&'y wit 5ebian;@oody
Su&&'e+enta' &ac3a-es avai'ab'e &rovidin- o&enss= &c+cia= &&& 6wit active>fi'ter enab'ed7 and
wire'ess su&&ort. 2ec3 te 1erin- &ac3a-es directory .
Pu+&.'r& reco+&i'ed wit &ro&er o&tions and /etc/shorewall.pump scri&t corrected. %'so
/etc/init.d/pump scri&t re+oved9 Pu+& fu''y contro''ed by ifu&;down
libnsl.so re+oved 6and tcpd and sshd reco+&i'ed accordin-'y7. Save about 10E
6co+&ressed7.
/usr/sbin/ticker re&'aced by a se'' scri&t 6Tan3s Ray B7. Save 1=3E 6co+&ressed7
5ocu+entation u&dated to revision 0.2. Tan3s to /. %vants= T. ,aste& < /. P'atAe3 for teir
su--estions B
2. LEAF "Bering" Changelog
.3. /ersion+ beta - Januar! ,,
Eerne' 2.!.1( now used. New 3erne' confi- fi'e . 8nc'udes in &articu'ar su&&ort for P2#28%= PPP=
PPP;PPP*,= 8S5N= DS1 and brid-in-
Dse sorewa'' 1.2.2 a''owin- a+on- +any oter tin-s traffic sa&&in- < b'ac3'istin-
Pu+& 60.8.11>37 bein- used as defau't 5.2P;1**TP c'ient to save dis3 s&ace 6dc'ient.'r& sti'' *E7
networ3in- scri&t now fu''y debian;sid co+&atib'e. 5acstein4s /etc/network.conf=
/etc/ipchains.conf and /etc/init.d/network fi'es;scri&ts co+&'ete'y re+oved
ifconfi- 61.!.27 and ifu&down 60.(.!7 avai'ab'e
new a&&'ets in bbox 'ibrary 60.(0.27
new version of i&route2 601082!7. tc &atced to a''ow for .T1 ?ueuin- disci&'ine
brid-e now avai'ab'e as a se&arate &ac3a-e. Provides brct' fro+ brid-e>uti's 60.".!7
&&&.'r& and &&&oe.'r& &rovided in te standard distro for seria';+ode+ and ads';&&&oe connections.
&&&oe.'r& &rovides te PPPo, 2.!.1( 3erne' &'u-in. Te &&& dae+on is te 2.!.1 version &atced for
3erne' +ode PPPo, avai'ab'e ere .
&on= &off and &'o- scri&ts &rovided in &&&.'r& for &&& on de+and.
web'et.'r& +odified to and'e iptable out&ut. 5o not need netstat
any+ore first draft of insta''ation -uide avai'ab'e 6wat your are readin- now7
.4. 0lder *ersions
version9 2.!.1!>b1 > 12 5ece+ber 2001
version9 2.!.1!>a'& a > 20 Nove+ber 2001
Prev .o+e Next
%bout /,%F 01erin-0 D& %vai'ab'e &ac3a-es on te /,%F
01erin-0 f'o&&y
3. A!ailable "a#$ages on the LEAF "Bering" %lo""& 1'
". A*ailable (ackages on the LEAF "Bering" 5lo((!
".1. 6he LEAF "Bering" 5lo((! disk content
Te fo''owin- fi'es are avai'ab'e on te 1(80E for+atted /,%F 01erin-0 f'o&&y9
&root@versa root'( ls %la /mnt/flopp$/
drwxr%xr%x ) root root *+,) -an . ./01 .
drwxr%xr%x )) root root 21/+ 3ov ) .)41. ..
%rwxr%xr%x . root root 50/* 3ov .2 ))4., bridge.lrp
%rwxr%xr%x . root root 2,0+5 3ov .2 ))4., dhcpd.lrp
%rwxr%xr%x . root root ),5.+ 3ov .2 ))4.) dnscache.lrp
%rwxr%xr%x . root root )2).2 3ov .2 ))4.) etc.lrp
%rwxr%xr%x . root root 2.155. 3ov .2 ))4.. initrd.lrp
%rwxr%xr%x . root root *2050 3ov .2 ))4.) iptables.lrp
%rwxr%xr%x . root root ../2. 3ov .2 ))4.) ke$board.lrp
%r%xr%xr%x . root root 0..) -un .+ .,4.. ldlinux.s$s
%rwxr%xr%x . root root *.1250 3ov .. 1/4*0 linux
%rwxr%xr%x . root root 2/) 3ov .2 ))4.) local.lrp
%rwxr%xr%x . root root )/+ -un .+ .+4,0 log.lrp
%rwxr%xr%x . root root .12)0/ 3ov .2 ))4.) modules.lrp
%rwxr%xr%x . root root /*0,, 3ov .2 ))4., ppp.lrp
%rwxr%xr%x . root root .2.)* 3ov .2 ))4., pppoe.lrp
%rwxr%xr%x . root root )2*++ 3ov .2 ))4.) pump.lrp
%rwxr%xr%x . root root )11 3ov .. 1/4*0 readme
%rwxr%xr%x . root root )+)2*+ 3ov .2 ))4.. root.lrp
%rwxr%xr%x . root root 2+151 3ov .2 ))4.) shorwall.lrp
%rwxr%xr%x . root root ).* 3ov .2 ))4.1 s$slinux.cfg
%rwxr%xr%x . root root .101 3ov .2 ).4*2 s$slinux.dp$
%rwxr%xr%x . root root ./*2+ 3ov .2 ))4., weblet.lrp
".. 7escri(tion
Te different &ac3a-es and fi'es are described in te two fo''owin- tab'es9
Table 1. Available LEAF packages
Package name Purpose Version Status
brid-e.'r& Provides brct' and brid-in- faci'ities 0.".! *&tionna'
dc&d.'r& Provides a 5.2P server to your 'oca' networ3 2.0&'$ *&tionna'
dnscace.'r& Provides 5.J. 1ernstein fast cacin- reso'ver for 5NS 1.0$ Reco++ended
etc.'r& Provides syste+ ;etc fi'es 1.0>stab'e Re?uired
initrd.'r& Provides /,%F bootstra& and core syste+ fi'es 1.0>stab'e Re?uired
i&tab'es.'r& Provides i&tab'es &ro-ra+ 1.2.(a Re?uired
3eyboard.'r& Provides 3$ 8nternationa' 3eyboard 'ayouts 0.3 *&tionna'
'oca'.'r& Provides syste+ fi'es 1.0>stab'e Re?uired
'o-.'r& Provides syste+ ;var;'o- fi'es 1.0>stab'e Re?uired
3. A!ailable "a#$ages on the LEAF "Bering" %lo""& 11
+odu'es.'r& Provides 2.!.18 3erne' +odu'es fi'es 1.0>stab'e Re?uired
&&&.'r& Provides te &&& dae+on &atced for 3erne' +ode PPPo, 2.!.1 *&tionna'
&&&oe.'r& Provides te PPPo, 3erne' &'u-in 2.!.1 *&tionna'
&u+&.'r& Provides te Redat 5.2P;1**TP c'ient 0.8.11 *&tionna'
root.'r& Provides te /,%F syste+ fi'es 1.0>stab'e Re?uired
sorwa''.'r& Provides te sorewa'' firewa'' 1.3.10 Re?uired
web'et.'r& Provides a @eb based /,%F +onitorin- too' 1.2.0 *&tionna'
Table . !t"er #iles
File name Purpose Version Status
'd'inux.sys sys'inux 6boot 'oader7 syste+ fi'e 1.)$ Re?uired
'inux /inux 3erne' 2.!.18 Re?uired
sys'inux.cf- sys'inux /,%F confi-uration fi'e 1.)$ Re?uired
sys'inux.d&y sys'inux screen 'o-o fi'e 1.)$ Re?uired
Prev .o+e Next
/,%F 01erin-0 2an-e'o- D& 8nsta''ation > ste& 19 down'oad te
distribution
/,%F 01erin-0 insta''ation -uide Prev Next
4. (nstallation ) ste" 1* do+nload the distribution 12
#. 8nstallation - ste( 1+ do$nload the distribution
#.1. Linu9 users
%s root= down'oad te 1(80E dis3 i+a-e in your /tmp directory and co&y it to a 1(80E for+atted
f'o&&y dis39
For+at a b'an3 f'o&&y dis39
superformat /dev/fd1u.+51
or
fdformat /dev/fd1u.+51
2o&y te dis3 i+a-e on te f'o&&y9
dd if6/tmp/7ering8..1%stable8img8bering8.+51.bin of6/dev/fd1u.+51
#.. Windo$s users
Fro+ your favorite browser= down'oad te 1(80E @ini+a-e in any avai'ab'e directory. .ave a b'an3 1=!! #
for+atted dis3 ready. Ten c'ic3 on te down'oaded dis3 wini+a-e and fo''ow te instructions.
Prev .o+e Next
%vai'ab'e &ac3a-es on te /,%F
01erin-0 f'o&&y
D& 8nsta''ation > ste& 29 down'oad te
+odu'es
5. (nstallation ) ste" 2* do+nload the ,odules 13
&. 8nstallation - ste( + do$nload the %odules
8n order to use te /,%F firewa'' you wi'' need to insta'' te +odu'es tat wi'' be 'oaded to co+&'e+ent your
3erne'. Cou wi'' need one for your eternet card6s7 in &articu'ar.
#odu'es can be stored in two different &'aces9
8n /boot/lib/modules9 tese +odu'es wi'' be 'oaded at te very be-inin- of te bootin-
&rocess. Tis faci'ity is used to 'oad drivers wic wi'' be necessary in order to be ab'e to 'oad te
re+ainin- of te &ac3a-es 625>R*# or .ard>dis3 drivers for exa+&'es wen you are bootin- off
tose +edia9 cf. te 01ootin- 1erin- fro+ different boot>+edia0 section of te 1erin- user4s -uide7.
Tese +odu'es wi'' be saved in te initrd.'r& &ac3a-e. None are &rovided by defau't in te /,%F
distribution since +ost users won4t need any. 8f you use tis faci'ity= you wi'' a'so need to edit
/boot/etc/modules in order to dec'are te se?uence of +odu'es you want to 'oad at tis sta-e.
8n /lib/modules9 tese +odu'es are &rovided by te +odu'es.'r& &ac3a-e wic is 'oaded as any
oter &ac3a-e. Tis &ac3a-e sou'd &rovide +ost > if not a'' > of te +odu'es re?uired to ave te
/,%F firewa'' wor3in- on your s&ecific ardware. Cou wi'' a'so need to edit /etc/modules in
order to dec'are te se?uence of +odu'es you want to 'oad.
1y defau't= te +odu'es.'r& &ac3a-e of te /,%F 01erin-0 firewa'' &rovides9
( ls %la
drwxr%x%%% ) root root 1 3ov .. .242+ .
drwxr%xr%x * root root 1 3ov .. .242+ ..
lrwxrwxrwx . root root .) 3ov .. .242+ ).2..5 %> /lib/modules
%rw%r%%r%% . root root ,+.)1 3ov .. .,4)* ,c*/x.o
%rw%r%%r%% . root root 550) 3ov .. .,4)* 5,/1.o
%rw%r%%r%% . root root )+,)5 3ov .. .,4)* eepro.11.o
%rw%r%%r%% . root root */,+ 3ov .. .,4)* ip8conntrack8ftp.o
%rw%r%%r%% . root root *0.+ 3ov .. .,4)* ip8conntrack8irc.o
%rw%r%%r%% . root root 2025 3ov .. .,4)* ip8nat8ftp.o
%rw%r%%r%% . root root 2)11 3ov .. .,4)* ip8nat8irc.o
%rw%r%%r%% . root root /5.+ 3ov .. .,4)* n8hdlc.o
%rw%r%%r%% . root root 5.22 3ov .. .,4)* ne.o
%rw%r%%r%% . root root 5*.+ 3ov .. .,4)* ne)k%pci.o
%rw%r%%r%% . root root //25 3ov .. .,4)* ppp8as$nc.o
%rw%r%%r%% . root root ,/2)2 3ov .. .,4)* ppp8deflate.o
%rw%r%%r%% . root root ),0.) 3ov .. .,4)* ppp8generic.o
%rw%r%%r%% . root root )),*) 3ov .. .,4)* ppp8mppe.o
%rw%r%%r%% . root root 0/15 3ov .. .,4)* ppp8s$nctt$.o
%rw%r%%r%% . root root ..0,) 3ov .. .,4)* pppoe.o
%rw%r%%r%% . root root ,+,+ 3ov .. .,4)* pppox.o
%rw%r%%r%% . root root +022 3ov .. .,4)* slhc.o
firewall4 %root%
(
3c$"x= 83"0= ee&ro100= ne and ne23>&ci are drivers for co++on networ3 cards.
nKd'c= &&&K-eneric= &&&Kasync= &&&Kdef'ate= &&&Ksynctty= &&&K+&&e= &&&oe= &&&ox= s'c are &&& and
&&&;&&&oe re'ated +odu'es.
i&Kconntrac3KO and i&KnatKO +odu'es are use for +as?ueradin-.
5. (nstallation ) ste" 2* do+nload the ,odules 14
Cou wi'' &robab'y need to down'oad oter +odu'es for your own networ3 card or to -et access
to s&ecific functionna'ities 6brid-e.o for brid-in-= ...7. Te wo'e set of 1erin- 'inux 3erne'
+odu'es is avai'ab'e for down'oad ere . 8f you :ust want to down'oad a s&ecific +odu'e -o
trou- te 1erin- +odu'es down'oad area .
Prev .o+e Next
8nsta''ation > ste& 19 down'oad te
distribution
D& 8nsta''ation > ste& 39 %dd;re+ove
te 6un7needed &ac3a-es and
+odu'es
6. (nstallation ) ste" 3* Add-re,o!e the .un/needed "a#$ages and ,odules 15
'. 8nstallation - ste( "+ Add:re%o*e the ;un<needed
(ackages and %odules
Te /,%F 01erin-0 f'o&&y dis3 is &rovided wit &ac3a-e6s7 and;or +odu'e6s7 you won4t necessary need. Fet
rid of te+ to be-in wit.
2ec3 te 'ist of &ac3a-es &rovided above to see if you need te+. So+e exa+&'es fo''ow9
% DS user can re+ove te 3eyboard.'r& &ac3a-e
% cab'e +ode+ user wit dyna+ic 8P can -et rid of te &&&.'r& and &&&oe.'r& &ac3a-es
% user wit a fixed externa' 8P does not need &u+&.'r&
% 5S/;PPPo, user wi'' not necessari'y need &u+&.'r&
'.1. =e%o*ing unneeded (ackages
To re+ove a -iven &ac3a-e 6say unneeded.'r&7 fro+ te /,%F dis3= insert it in your f'o&&y drive and boot it.
@en you wi'' see te /,%F confi-uration +enu= ty&e ? 6?uit7 to -et access to te 'inux se''. Ten execute
te fo''owin- co++ands9
mount %t msdos /dev/fd1u.+51 /mnt
cd /mnt
rm unneeded.lrp
cd /
umount /mnt
'.. Edit the syslinux.cfg 5ile
#a3e sure te 'ist of &ac3a-es tat you want to 'oad wen te /,%F firewa'' f'o&&y is booted corres&ond to
tose &ac3a-es you want to 'oad9
1y defau't te sys'inux.cf- fi'e 'oo3s 'i3e9
displa$ s$slinux.dp$
timeout 1
default linux initrd6initrd.lrp init6/linuxrc root6/dev/ram1 boot6/dev/fd1u.+514msdos P9:P;<=6
To edit tis fi'e9
mount %t msdos /dev/fd1u.+51 /mnt
cd /mnt
ae s$slinux.cfg
>edit the ?@P6 list to fit $our needsA
>then save and exitA
cd /
umount /mnt
*ter sys'inux &ara+eters9
ogAsi?eB 5efines te siAe of te /var/log directory. 5efau'tN 2#
systAsi?eB 5efines te siAe of te T#PFS fi'esyste+. 5efau'tN (#.
t!$Asi?eB 5efines te siAe of te /tmp directory. 5efau'tN re+ainin- avai'ab'e +e+ory
<CD<A4EB 5efines 'ocation of &ac3a-es defined in te L;<B 'ist. 8.,. if tey are stored on two
different f'o&&ies= one wi'' ave so+etin- 'i3e9
displa$ s$slinux.dp$
timeout 1
default linux initrd6initrd.lrp log8size62B init6/linuxrc root6/dev/ram1 boot6/dev/fd1u.+514ms
8n te exa+&'e above &ac3a-es not avai'ab'e on te first f'o&&y drive 6e.-. 'ibA.'r& and ssd.'r&7 wi'' be 'oaded
fro+ a 1(80E for+atted f'o&&y inserted in te second drive. *n te to& of tat !# are a''ocated to
/var/log fi'es.
Te /,%F editor is e3 . Te docu+entation is ere . 5ifferent e+u'ations are avai'ab'e9 vi= ae or
e3ws are te +ost co++on one.
'.". =e%o*ing unneeded %odules
*nce you ave re+oved te unneeded &ac3a-es= you can re+ove te unneeded.o +odu'e6s7 as fo''ow9
cd /lib/modules
rm unneeded.o
lrcfg
*nce you are bac3 wit te /,%F confi-uration +enu se'ect te /,%F &ac3a-es bac3u& entry and bac3u& te
+odu'es &ac3a-e.
'.#. Adding a ne$ (ackage
To add a new &ac3a-e :ust co&y it to te /,%F f'o&&y and dec'are te na+e in te s$slinux.cfg /RPN
'ist.
'.&. Adding e9tra %odules in :lib:%odules
Cou can add +any features to your /,%F 01erin-0 distribution by addin- extra 3erne' +odu'es. *nce you
3now wic +odu'es you need= down'oad te+ fro+ te /,%F 1erin- +odu'es directory to a standard
61=!!# for+atted7 f'o&&y dis3. 1oot te /,%F 01erin-0 f'o&&y. *nce you see te /,%F +enu= re+ove te
/,%F f'o&&y and re&'ace it wit te +odu'es f'o&&y. Ten issue te fo''owin- co++ands9
mount %t msdos /dev/fd1 /mnt
cd /mnt
cp needed..o needed).o ... /lib/modules
cd /
umount /mnt
lrcfg
Trou- te /,%F Pac3a-es confi-uration +enu se'ect 0+odu'es0 and dec'are tose +odu'es you need to
'oad in /etc/modules.
Re+e+ber to save and bac3u& +odu'es.'r& B
Te /,%F 01erin-0 /etc/modules fi'e contains te+&'ates to setu& a brid-e= to access to an
85, .ard>dis3 or 25>R*# and to activate DS1.
'.'. Adding e9tra %odules in :boot:lib:%odules
Cou can coose to 'oad tose extra 3erne' +odu'es at te ear'y sta-e of te boot &rocess ri-t after initrd
fi'esyste+ is +ounted. Tis is ty&ica''y used to -et access to a stora-e device were te re+ainin- /,%F
&ac3a-es are stored. *nce you 3now wic +odu'es you need= down'oad te+ fro+ te /,%F 1erin-
+odu'es directory to a standard 61=!!# for+atted7 f'o&&y dis3. 1oot te /,%F 01erin-0 f'o&&y. *nce you
see te /,%F +enu= re+ove te /,%F f'o&&y and re&'ace it wit te +odu'es f'o&&y. Ten issue te
fo''owin- co++ands9
mount %t msdos /dev/fd1 /mnt
cd /mnt
cp needed..o needed).o ... /boot/lib/modules
cd /
umount /mnt
lrcfg
Trou- te /,%F Pac3a-es confi-uration +enu se'ect 0initrd0 and dec'are tose +odu'es you need to 'oad in
/boot/etc/modules.
Re+e+ber to save and bac3u& initrd.'r& B
Prev .o+e Next
8nsta''ation > ste& 29 down'oad te
+odu'es
D& 8nsta''ation > ste& !9 confi-ure your
3eyboard
/,%F 01erin-0 insta''ation -uide Prev Next
7. (nstallation ) ste" 4* #on%igure &our $e&board 18
2. 8nstallation - ste( #+ con5igure !our ke!board
8f you are a non DS user you wi'' &robab'y need one of te 3$ 3eyboard 'ayouts &rovided in te 3eyboard.'r&
&ac3a-e.
To confi-ure 3eyboard -o to te /,%F &ac3a-es confi-uration +enu and coose 3eyboard.
Te fo''owin- +enu wi'' a&&ear9
ke$board configuration files
.A change ke$board language maps
CA Cuit
Ty&e 1 to -et access to te /etc/init.d/ke$board scri&t were you wi'' ave to re&'ace te E,C#%P
variab'e 6defau'tN0us.+a&07 by te a&&ro&riate 3eyboard settin-.
Te E,C#%P variab'e +ust be cosen a+on- te 3$ fo''owin- entries9
( azert$.map cz.map fi.map jp.map ro.map trC.map
( be.map de%latin..map fr%latin..map la.map ru.map ua.map
( bg.map de.map fr.map lt.map se.map uk.map
( br%a.map dk.map gr.map mk.map sg.map us.map
( br%l.map dvorak.map hu.map nl.map sk%$.map wangbe.map
( b$.map es.map il.map no.map sk%z.map
( cf.map et.map is.map pl.map slovene.map
( croat.map fi%latin..map it.map pt.map trf.map
To activate te new 3eyboard +a& -et access to te 'inux se'' and ty&e9
/etc/init.d/ke$board start
Cou can ten re+ove te 3ey+a&s you do not need once you are a&&y wit your coice. 8t wi'' stri& te
3eyboard.'r& &ac3a-e to 13. Fro+ te /,%F conso'e si+&'y run9
/etc/init.d/ke$board remove
To save your +odification6s7 do not for-et to bac3u& ke$board.lrpB
Prev .o+e Next
8nsta''ation > ste& 39 %dd;re+ove
te 6un7needed &ac3a-es and
+odu'es
D& 8nsta''ation > ste& $9 confi-ure your
networ3
8. (nstallation ) ste" 5* #on%igure &our net+or$ 1
3. 8nstallation - ste( &+ con5igure !our net$ork
Cou are now -oin- to dec'are your networ3 confi-uration trou- te Networ3 confi-uration +enu.
8f you want to &er+anent'y can-e any of te fo''owin- &ara+eters= do not for-et to bac3u& etc.'r& B
Trou- te /,%F confi-uration +enu ty&e 1 to access to te Networ3 confi-uration +enu9
3etwork configuration menu
.A interfaces file >/etc/network/interfacesA
)A network options file >/etc/network/optionsA
,A hosts "P addresses >/etc/hostsA
2A hostname >/etc/hostnameA
*A resolv.conf >/etc/resolv.confA
+A super server daemon configuration >/etc/inetd.confA
0A hosts.allow >/etc/hosts.allowA
5A hosts.den$ >/etc/hosts.den$A
/A networks >/etc/networksA
CA Cuit
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
!election4
3.1. inter5aces 5ile ;/etc/network/interfaces<
1y defau't= te /,%F 01erin-0 firewa'' uses et0 as te externa' interface wit a dyna+ic 8P &rovided by
&u+&.'r& and et1 as te interna' interface at address 1"2.1(8.1.2$!.
,dit 17 interfaces to +odify tose settin-s.
Ty&ica' /,%F confi-urations are &rovided in te interfaces fi'e= si+&'y unco++ent wat you need
and co++ent 6P7 wat you wi'' not needB
2ec3 te interfaces +an &a-es or te 5ebian networ3 interfaces exa+&'es for +ore co+&'icated setu&.
Te networ3 confi-uration is activated in te /etc/init.d/networking scri&t trou- te
ifu&down
functions.
*nce your interfaces are confi-ured= re+e+ber to save and bac3u& te etc.'r& &ac3a-e B
1e sure tat any interface can-e is ref'ected in your firewa'' confi-uration 6ste& ( be'ow7. %d:ust
Sorewa'' &ara+s fi'e accordin-'y B
3.. net$ork o(tions 5ile ;/etc/network/options<
5efau't variab'es in tis fi'e are te fo''owin-9
8. (nstallation ) ste" 5* #on%igure &our net+or$ 2'
ip8forward6no
spoofprotect6$es
s$ncookies6no
Tese are defau't variba'es -enera''y acce&tab'e. Te i&Kforward variab'e is set bac3 to yes by Sorewa''. So
if you do not use Sorewa'' and want to enab'e i& forwardin- you wi'' ave to set tis variba'e to yes.
3.". hosts 8> addresses ;/etc/hosts<
Te /etc/hosts fi'e is were you &ut te na+e and 8P address of 'oca' osts. 8f you &'ace a ost in tis
fi'e= ten you do not need to ?uery te do+ain na+e server to -et its 8P %ddress. Te disadvanta-e of doin-
tis is tat if te 8P address for tat ost can-es= you +ust 3ee& tis fi'e u& to date yourse'f . 8n a we''
+ana-ed syste+= te on'y ostna+es tat usua''y a&&ear in tis fi'e are an entry for te 'oo&bac3 interface= and
a'so te 'oca' osts na+e. 1y defau't9
.)0.1.1.. localhost
./)..+5...)*2 firewall
5o not for-et to dec'are te interna' address6es7 of a ss c'ient in tis fi'e if you want to connect
?uic3'y to your firewa'' +acineB
3.#. hostna%e ;/etc/hostname<
1y defau't= te na+e of your +acine is9
firewall
3.&. resol*.con5 ;/etc/resolv.conf<
Te /etc/resolv.conf fi'e is te +ain confi-uration fi'e for 5NS reso'ution. 8ts for+at is ?uite
si+&'e. 8t is a text fi'e tat as one 3eyword &er 'ine. Tere are tree 3eywords ty&ica''y used by te fi'e.
Tese 3eywords are9
do!ain9 Tis 3eyword s&ecifies te 'oca' do+ain na+e
search9 Tis 3eyword s&ecifies a 'ist of a'ternate do+ain na+es to searc for a ostna+e
na!e ser&er9 Tis 3eyword= wic +ay be used +any ti+es= s&ecifies an 8P address of a do+ain
na+e server to ?uery wen reso'vin- na+es
1y defau't tis fi'e is set to9
nameserver .)0.1.1..
nameserver ./)..+5...)*2
Cou sou'd not need to can-e it. Te fi'e= by defau't= sows te address of te 'oca' 5NS server
61"2.1(8.1.2$!7 &rovided by dnscace. Pu+& won4t override te address un'ess you i+&'icit'y a''ow it. 2ec3
te &u+& docu+entation be'ow if you want to can-e tat.
3.'. ?u(er ser*er dae%on con5iguration ;/etc/inetd.conf<
Te /etc/inetd.conf fi'e is te confi-uration fi'e for te inetd server dae+on. 8ts function is to te''
inetd wat to do wen it receives a connection re?uest for a &articu'ar service. For eac service tat you wis
to acce&t connections= you +ust te'' inetd wat networ3 server dae+on to run 6and ow to run it7.
8ts for+at is a'so fair'y si+&'e. 8t is a text fi'e wit eac 'ine describin- a service tat you wis to &rovide.
%ny text in a 'ine fo''owin- a QP4 is bot i-nored= and it is considered a co++ent. ,ac 'ine contains seven
fie'ds se&arated by any nu+ber of wites&ace 6tab or s&ace7 caracters.
1y defau't te tree fo''owin- services are o&en trou- inetd9
ssh stream tcp nowait root /usr/sbin/tcpd /usr/sbin/sshd %i
www stream tcp nowait sh%httpd /usr/sbin/tcpd
/usr/sbin/sh%httpd
stat stream tcp nowait root /usr/sbin/tcpd /usr/sbin/stat.sh
3.2. hosts.allo$ ;/etc/hosts.allow<
Te /etc/hosts.allow fi'e is a confi-uration fi'e for te /usr/sbin/tcpd &ro-ra+. Te
hosts.allow fi'e contains ru'es describin- wic osts are a''owed access to a service on your +acine.
Te defau't for /,%F is9
( /etc/hosts.allow4 list of hosts that are allowed to access the s$stem. !ee
( hosts8access>*A and /usr/doc/net/portmapper.txt
(
( Dxample4 ;??4 ?E;? @some8netgroup
( ;??4 .foobar.edu D#EDP< terminalserver.foobar.edu
(
( ;llow an$thing from the local net
;??4 ./)..+5...1/)**.)**.)**.1
%ny ost fro+ te interna' networ3 in te 1"2.1(8.1.0;2! 8P ran-e wi'' be a''owed to access to ss= www and
stat trou- inetd.
8f you want tat on'y 1"2.1(8.1.1 fro+ your interna' networ3 can access to te firewa'' trou- ss and
web'et= you wi'' ave9
ssh4 ./)..+5..../)**.)**.)**.)**
www4 ./)..+5..../)**.)**.)**.)**
stat4 ./)..+5..../)**.)**.)**.)**
3.3. hosts.den! ;/etc/hosts.deny<
Te /etc/hosts.den$ fi'e is a confi-uration fi'e for te /usr/sbin/tcpd &ro-ra+. Te
hosts.den$ fi'e contains entries for te ru'es definin- wic osts wi'' N*T be a''owed access to a
service on your +acine.
Te defau't in /,%F is9
( /etc/hosts.den$4 list of hosts that are 8not8 allowed to access the s$stem.
( !ee hosts8access>*A and /usr/doc/net/portmapper.txt
(
( Dxample4 ;??4 some.host.nameF .some.domain
( ;?? D#EDP< in.fingerd4 other.host.nameF .other.domain
(
( <he P;@;3"G wildcard matches an$ host whose name does not match its
( address.
;??4 P;@;3"G
( Prevent all access not explicitl$ allowed in hosts.allow
;??4 ;??
3.4. net$ork ;/etc/network<
Te /etc/networks fi'e as a si+i'ar function to tat of te /etc/hosts fi'e.Tis fi'e &rovides a
si+&'e database of networ3 na+es a-ainst networ3 addresses. 8ts for+at differs in tat tere +ay be on'y two
fie'ds &er 'ine= and tat te fie'ds are coded as9
Te defau't in /,%F is9
localnet .)0.1.1.1
Prev .o+e Next
8nsta''ation > ste& !9 confi-ure your
3eyboard
D& 8nsta''ation > ste& (9 confi-ure
Sorewa''
. (nstallation ) ste" 6* #on%igure 0hore+all 23
4. 8nstallation - ste( '+ con5igure ?hore$all
*ne of te distintive feature of 1erin- is tat it re'ies on Sorewa'' to &rovide it4s firewa'' faci'ity.
Te reasons beind tis coice are nu+erous9
Sorewa'' is an i&tab'es based firewa'' wic offers +any features 6#as?ueradin-;SN%T= Port
forwardin-= Static N%T= Proxy %RP= HPN su&&ort= Traffic 2ontro';Sa&in-7 wic are described in
-reater detai' ere.
8t is a very &owerfu'' too' wit wic it is 0si+&'e to do si+&'e tin-s0 but wic a'so offers a -reat
f'exibi'ity.
8t is very we'' docu+ented. 8 stron-'y reco++end tat you &rint out te fu'' docu+entation avai'ab'e
in &df for+at in te Sorewa'' down'oad area and tat you s&end te ti+e to understand te conce&t
beind it. % wortwi'e effort B
8t as a nice Ruic3Start Fuide wic wi'' a''ow te reader to ?uic3'y -ras& te basics. % &rere?uisite
readin- B
8t as a tre+endous su&&ort fro+ it4s deve'o&&er= To+ ,aste&= wo re&'ies very ?uic3'y to re?uests
addressed to te sorewa'' user4s +ai'in- 'ist . #ai' arcives are a'so avai'ab'e and searcab'e.
Te sorwa''.'r& &ac3a-e &rovided on te 1erin- distro 6startin- wit v1.0>rc27 is bui't as fo''ow9
5own'oad te /%T,ST.'r& &ac3a-e fro+ To+4s site and rena+e it sorwa''.'r&.
5own'oad eiter te Two>interfaces #as?ueradin- Firewa'' or te Tree>interfaces #as?ueradin-
Firewa'' wit 5#M de&endin- on your own situation. Tey wi'' &rovide you wit defau't setu& for te
interfaces= +as?= &o'icy= ru'es and Aones fi'es tat wi'' be used in re&'ace+ent of tose &rovided in
To+4s ori-ina' &ac3a-e.
%dd two state+ents in te 0ru'es0 fi'e in order to a''ow ?uery to dnscace and web'et servers fro+ te
interna' networ3. See be'ow.
2reate an *DTPDT fi'e in /etc/shorewallwit a uni?ue state+ent tat wi'' ta3e care of te
ic+&>dnat netfi'ter bu- wor3around9
( <ake care of icmp%dnat netfilter bug workaround
( http4//www.netfilter.org/securit$/)11)%12%1)%icmp%dnat.html
( -3 -une )11). !uggestion b$ <om Dastep ><hks <om HA
run8iptables %" I<PI< , %m state %p icmp %%state "3J;?"G %j G@P
Te four &revious ste&s wi'' a''ow you to u&date sorwa''.'r& on your own 1erin- distro wenever a +ore
recent Sorewa'' version is re'eased.
1erin- sorwa''.'r& &ac3a-e is &rovided by defau't wit te Two>interfaces #as?ueradin-
Firewa'' and te two extra ru'es +entionned ear'ier. Tis setu& assu+es tat et0 is connected to
te 8nternet via a dyna+ic 8P and tat your 'oca' networ3 is interfaced trou- et1.
To confi-ure Sorewa''= start te /,%F &ac3a-es confi-uration +enu and coose sorwa''. Te fo''owin-
+enu wi'' a&&ear9
shorwall configuration files
.A Params ;ssign parameter values
)A Kones Partition the network into Kones
,A "faces !horewall 3etworking "nterfaces
2A =osts Gefine specific zones
*A Polic$ Lirewall high%level polic$
+A @ules Dxceptions to polic$
0A BasC "nternal B;!M !erver Eonfiguration
5A Prox$;rp Prox$ ;@P Eonfiguration
!toppe/
dA
=osts admitted after Nshorewall stopN
.1A 3at !tatic 3;< Eonfiguration
..A <unnels <unnel Gefinition >ipsecA
.)A <E@ules LOBark @ules
.,A Eonfig !horewall :lobal Parameters
.2A Bodules 3etfilter modules to load
.*A <! <$pe of !ervice polic$
.+A 7lacklist 7lacklisted hosts
@LE./..
05A
Gefines Nnorfc./.5N interface option
CA Cuit
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
!election4
2ec3 te y&er'in3s above= te Ruic3start Fuide or te Sorewa'' docu+entation to ave a fu'' ex&'anation
on tose confi-uration fi'es.
Four fi'es +ust be cec3ed abso'ute'y to +a3e sure tey fit your needs9
%; Te zone fi'e 6entry 27. For a two interfaces settin- > 1erin-4s defau't > it 'oo3s 'i3e9
(K3D G"!P?;P EBBD3<!
net 3et "nternet
loc ?ocal ?ocal networks
(?;!< ?"3D % ;GG PI@ D3<@"D! ;7JD <="! 3D % G 3< @DBJD a>
1; Te interfaces fi'e 6entry 37 defines your interfaces. 5efau't in 1erin- is9
>...A
(K3D "3<D@L;ED 7@;GE;!< P<"3!
net eth1 detect dhcpFroutefilterFnorfc./.5
loc eth. detect routestopped
(?;!< ?"3D %% ;GG PI@ D3<@"D! 7DL@D <="! 3D %% G 3< @DBJD
2; Te rules fi'e 6entry (7 is one of te +ost i+&ortant fi'es in Sorewa''. .ere is te one fro+ 1erin-9
>...A
( Pour entries for this setup would look like4
(
;EEDP< fw net tcp *,
;EEDP< fw net udp *,
(
( ;ccept !!= connections from the local network for administration
(
;EEDP< loc fw tcp ))
( 7ering specific rules4
( allow loc to fw udp/*, for dnscache to work
( allow loc to fw tcp/51 for weblet to work
(
;EEDP< loc fw udp *,
;EEDP< loc fw tcp 51
(?;!< ?"3D %% ;GG PI@ D3<@"D! 7DL@D <="! 3D %% G 3< @DBJD
%s you can notice fro+ above= two ru'es ave been added to te two>interfaces fi'e. Tey a''ow9
D5P re?uests fro+ te 'oca' networ3 6'oc7 to te firewa'' 6fw7 on &ort $3. Tis is te &ort used by
dnscace to 'isten at dns re?uests co+in- fro+ te interna' networ3.
T2P re?uests fro+ te 'oca' networ3 6'oc7 to te firewa'' 6fw7 on &ort 80. Tis is te &ort used by
web'et for its web server.
5; Fina''y te masC fi'e 6entry )7. 8n 1erin- it 'oo3s 'i3e9
>...A
("3<D@L;ED !I73D<
eth1 eth.
(?;!< ?"3D %% ;GG PI@ D3<@"D! ;7JD <="! ?"3D %% G 3< @DBJD
8f you can-e any of te sorewa'' &ara+eters= re+e+ber to bac3u& sorwa''.'r& B
Prev .o+e Next
8nsta''ation > ste& $9 confi-ure your
networ3
D& 8nsta''ation > ste& )9 confi-ure your
syste+
1'. (nstallation ) ste" 7* #on%igure &our s&ste, 26
1,. 8nstallation - ste( 2+ con5igure !our s!ste%
8t4s now ti+e to fine tune your insta''ation.Cou are now -oin- to fine tune your syste+ confi-uration trou-
te Syste+ confi-uration +enu.
Tis ca&ter is for te ex&erienced 8f you want to &er+anent'y can-e any of te fo''owin-
&ara+eters= do not for-et to bac3u& etc.'r& B
Trou- te /,%F confi-uration +enu ty&e 2 to access to te Syste+ confi-uration +enu9
!$stem configuration menu
.A Baster ?@P settings >/etc/lrp.confA
)A P!"#ness mail settings >/etc/P!"#ness.confA
,A Lile s$stem mounts >/etc/fstabA
2A ?owest level boot%up configuration >/etc/inittabA
*A !$stem wide profile >/etc/profileA
+A Ports root is allowed to login to >/etc/securett$A
0A !$stem logging configuration >/etc/s$slog.confA
5A !ervice name to number translation >/etc/servicesA
/A ?ocal timezone <K setup >/etc/tzvalueA
CA Cuit
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
!election4
1,.1. 1aster L=> settings ;/etc/lrp.conf<
Te fi'e 'oo3s 'i3e9
(<his is the master config file for s$stemwide ?@P functions.
("t is referenced b$ multicron%Q and P!"#ness.
( ?og files in /var/log/ to rotate. GDP<= 66 ;mount to keep.
lrp8?:!8G;"?P6Rdaemon.log debug kern.log messages s$slog user.log S
ppp.log pslave.logR
lrp8?:!8ODD9?P6Rauth.log lastlogR
lrp8?:!8B3<=?P6RwtmpR
lrp8?:!8GDP<=62
8n tis &art of te lrp.conf fi'e= you dec'are tose fi'e for wic tere wi'' be a dai'y= wee3'y and
+ont'y bac3u&. Te nu+ber of 'o-= for eac fre?uency= is -iven by te 'r&K/*FSK5,PT. variab'e. Te
defau't va'ues -iven to tose variab'es sou'd be *E for +ost users.
( Dmail address to use for notices and alerts. "f blank alerts wonNt be sent.
(lrp8B;"?8;GB"36Radmin@m$domain.netR
Te na+e of te variab'e says it a''9 you -ive ere te ,>+ai' address of te router ad+inistrator to wo+ te
+onitorin- +essa-es wi'' be sent. 5o not for-et to unco++ent te variab'e na+e if you want to activate tat
faci'ityB
( !erver that will be contacted via NrdateN for the time service dail$.
( <urning this on also updates the EB! clock
(lrp8G;<D8!D@JD@6Rtime.nist.govR
8f you unco++ent 'r&K5%T,KS,RH,R and dec'are a ti+e server na+e ere= tis ti+e server wi'' ?ueried
&eriodica''y to u&date your 1erin- box ti+e. Cou +ust be sure tat your server acce&t rdate re?uests since
teir nu+ber is &ro-ressive'y di+inisin- in favour of nt& server.
8n order to ave rdate re?uests wor3in- &ro&er'y= you need9
To o&en &ort 3) in Sorewa''. Te fo''owin- state+ent in te /etc/shorewall/rules
fi'e wi'' do9
;EEDP< fw net tcp ,0
To be sure tat your ti+e server a''ows re?uest directed to &ort 3). Tis is not te case of every
ti+eserver wose 'ist is avai'ab'e ere .
( ?ist of hosts to ping check. ;GB"3 will be sent mail if an$ fail.
(lrp8P"3:8=!<!6Rrouter..upstream.com server).theirnet.orgR
Cou dec'are in 'r&KP8NFK.*STS te na+e of te osts you want to &in- cec3. 5o not for-et to unco++ent
te variab'e na+e if you want to activate tat faci'ityB
( !P;EDE=DE9F will check the space available on a defined device.
( Lor each device $ou must define a tag and a group of parameters
( associated with this tag. >!ee belowA. <henF for each deviceF
( if the remaining free space is <6 B"397 or <6 B"3PD@F each level
( of file mask>sA will be wipedF until the minimum available space
( is met or level * is reached. Liles are individuall$ nullNed
( to 1 size. <he$ are not rmNed. >s$slogd will not be interruptedA
( Ohen the level set in B;"?8?DJD?F is reached or exceededF an
( alert will be sent to ;GB"3. >"f setA
( Pou can have as man$ tags as $ou want 4%A
( Gefault6ne tag >?A associated to /var/log
(
lrp8!P;EDE=DE963 ( PD! or 3 >defaultA
lrp8!E8BI3<6R?R ( define here the tag>sA of directories to be checked
(lrp8!E8BI3<6R? <R ( an alternative if $ou want to check two directories
lrp8!E8B;"?8?DJD?6) ( >6 + to disable.
( <he following block defines the parameters for the R?R tag
lrp8!E8B3<8?6R/var/logR ( Girector$ to be checked
lrp8!E8B"3978?6%. ( <6 %. to disable.
lrp8!E8B"3PD@8?6* ( >6 .1. to disable. Gefault *T.
lrp8!E8GD?8?.6R/var/log/Q&,%2'.gzR ( defines the files that will be set to 1 when space l
lrp8!E8GD?8?)6R/var/log/Q&.%)'.gzR
lrp8!E8GD?8?,6R/var/log/Q.gzR
lrp8!E8GD?8?26R/var/log/Q.1R
lrp8!E8GD?8?*6R/var/log/wtmpR
( <he following block defines the parameters for the R<R tag
(lrp8!E8B3<8<6R/tmpR ( Girector$ to be checked
(lrp8!E8B"3978<6%. ( <6 %. to disable.
(lrp8!E8B"3PD@8<6* ( >6 .1. to disable. Gefault *T.
(lrp8!E8GD?8<.6R/tmp/...R ( defines the files that will be set to 1 when space l
(lrp8!E8GD?8<)6R/tmp/...R
(lrp8!E8GD?8<,6R/tmp/...R
(lrp8!E8GD?8<26R/tmp/...R
(lrp8!E8GD?8<*6R/tmp/...R
8f 'r&KSP%2,2.,2E is set to yes= te s&ace 'eft on s&ecified device6s7 wi'' be cec3ed. 8f te s&ace is 'ess
tan te 'i+it you set= ten a +ai' a'ert wi'' be sent to te ad+in. 1y defau't te s&ace is cec3ed on te
/var/log directory.
Te confi-uration +ay see+ a 'itt'e co+&'icated at first. Te 'r&KS2K#*DNT variab'e assi-ns a one
caracter ta- for eac directory tat sou'd be tested. ,ac ta- is se&arated by a s&ace. For exa+&'e you can
ave9
lrp8!E8BI3<6R? <R
Ten for eac ta- &revious'y defined you sou'd dec'are an 'r&KS2K#NTK4AD variab'e do dec'are te
na+e of te corres&ondin- directory= an 'r&K#8NE1K4AD= an 'r&K#8NP,RK4AD and= o&tionna''y= a 'ist of
fi'es to be c'eaned u& s&'itted in $ 'eve's. Te first 'eve' wi'' be c'eaned u& first= ten te second if s&ace
constraint is sti'' enforced and so on... For exa+&'e9
lrp8!E8B3<8?6R/var/logR
Now you can s&ecify a treso'd for te +e+ory to ta3e an action. Cou can s&ecify tis treso'd in E1
6'r&KS2K#8NE17 or as &ercent of te &artition.6'r&KS2K#8NP,R7
lrp8!E8B"3978?6R)11R
lrp8!E8B"3PD@8?6R,1R
8n te above exa+&'e tere wi'' be an a'ert as soon as te free +e+ory on /var/log is 'ess tan 200 E1
*R as soon as te a+ount of free s&ace on /var/log wi'' be 'ess tan 30S. %s soon as one of te
treso'd for a dec'ared &artition is reaced ten te &ro-ra+ wi'' 'oo3= if tey exist= for te
'r&KS2K5,/K4AD variab'es and wi'' Aero out tose fi'es unti' tere is enou- s&ace 'eft.
if you indicated an e+ai' address for te ad+inistrator e wi'' be infor+ed by +ai' about te reaced 'eve'.
1,.. >0?8@ness setting ;/etc/POSIXness.conf<
Te infor+ation ere a''ows you to dec'are te defau't &ara+eters of your 1erin- box +ai' &ro-ra+.
(<his is the master config file for the P!"#ness.mail scripts
( =ost !B<P server for the NmailN command. "f blank the host NmailN is used.
(B;"?8!D@JD@6Rsmtp.m$domain.netR
( Lrom4 domain to send to mail server. "f blankF Uhostname %fU is used.
(B;"?8GB;"36Rm$domain.netR
( @eturn%Path will be I!D@@B;"?8GB;"3
(I!D@6Rm$nameR
Te #%8/KS,RH,R variab'e is te FR5N of your +ai' server. 8n +ost cases it wi'' be your 8SP s+t& +ai'
server 6e.-. 0+ai'.+yis&.co+0 or 0s+t&.+yis&.co+07. 1e sure tat you can use it to re'ay +ai' B
Te #%8/K5*#%8N variab'e wi'' te do+ain &art of te +ai' return address 6e.-. +yis&.co+7
Te DS,R variab'e wi'' be te user na+e of te +ai' return address
8f you want to be ab'e to send a +ai' fro+ your 1erin- box do not for-et to ad:ust
your firewa'' ru'es accordin-'yB Cou wi'' ave to inc'ude in te Sorewa'' rules
fi'e te fo''owin- state+ent9
;EEDP< fw net tcp )*
1,.". File s!ste% %ounts ;/etc/fstab<
1y defau't= tis fi'e 'oo3s 'i3e9
( /etc/fstab4 static file s$stem information.
(
( <file s$stem> <mount point> <t$pe> <options> <dump> <pass>
proc /proc proc noauto 1 1
8f you want to add a ard>dis3 and want it to be +ounted auto+atica''y at boot ti+e= add it to your
/etc/fstab
fi'e.
1,.#. Lo$est le*el boot-u( con5iguration ;/etc/inittab<
Te inittab fi'e describes wic &rocesses are started at bootu& and durin- nor+a' o&eration
6e.-.
/etc/init.d/boot= /etc/init.d/rc= gett$s...7. 8nit687 distin-uises +u'ti&'e run'eve's= eac of
wic can ave its own set of &rocesses tat are started. Ha'id run'eve's are 0>( &'us %= 1= and 2 for
onde+and entries. %n entry in te inittab fi'e as te fo''owin- for+at9
id4runlevels4action4process
/ines be-innin- wit QP4 are i-nored. Tere sou'd no reason for +ost users to can-e tis fi'e.
1,.&. ?!ste% $ide (ro5ile ;/etc/profile<
Tis fi'e is read ri-t after 'o-in and is used to deca're environne+ent variab'e. Cou can a'so use it to dec'are
se'' a'iases. #ost users won4t can-e it.
1,.'. >orts root is allo$ed to login to ;/etc/securetty<
/etc/securett$ is used by 'o-in617T te fi'e contains te device na+es of tty 'ines 6one &er 'ine=
witout 'eadin- ;dev;7 on wic root is a''owed to 'o-in. 1erin- defau't fi'e 'oo3s 'i3e9
( /etc/securett$4 list of terminals on which root is allowed to login.
( !ee securett$>*A and login>.A.
(
( "nclude tt$p1F tt$p.F etc to allow telnet access. Q3< @DEBBD3GDGQ
tt$.
tt$)
tt$,
tt$2
tt$*
1'. (nstallation ) ste" 7* #on%igure &our s&ste, 3'
tt$+
tt$0
tt$5
1,.2. ?!ste% logging con5iguration ;/etc/syslog.conf<
Te s$slog.conf fi'e is te +ain confi-uration fi'e for te sys'o-d wic 'o-s syste+ +essa-es on
Onix syste+s. Tis fi'e s&ecifies ru'es for 'o--in-. For s&ecia' features see te sys3'o-d +an&a-e. ,very
ru'e consists of two fie'ds= a se'ector fie'd and an action fie'd. Tese two fie'ds are se&arated by one or
+ore s&aces or tabs. Te se'ector fie'd s&ecifies a &attern of faci'ities and &riorities be'on-in- to te
s&ecified action.
/ines startin- wit a as +ar3 6QQP447 and e+&ty 'ines are i-nored.
Tis fi'e sou'd on'y be +odified by ex&erienced /inux users.
1,.3. ?er*ice na%e to nu%ber translation ;/etc/services<
/etc/services is a &'ain %S288 fi'e &rovidin- a +a&&in- between friend'y textua' na+es for internet
services= and teir under'yin- assi-ned &ort nu+bers and &rotoco' ty&es. ,very networ3in- &ro-ra+ sou'd
'oo3 into tis fi'e to -et te &ort nu+ber 6and &rotoco'7 for its service. Port nu+bers are assi-ned by te 8%N%
68nternet %ssi-ned Nu+bers %utority7= and teir current &o'icy is to assi-n bot T2P and D5P &rotoco's
wen assi-nin- a &ort nu+ber. Terefore= +ost entries wi'' ave two entries= even for T2P on'y services. Port
nu+bers be'ow 102! 6so>ca''ed 4'ow nu+bered4 &orts7 can on'y be bound to by root 6see bind627= tc&6)7= and
ud&6)7.7 Tis is so tat c'ients connectin- to 'ow nu+bered &orts can trust tat te service runnin- on te &ort
is te standard i+&'e+entation= and not a ro-ue service run by a user of te +acine. @e''>3nown &ort
nu+bers s&ecified by te 8%N% are nor+a''y 'ocated in tis root on'y s&ace. Te &resence of an entry for a
service in te services fi'e does not necessari'y +ean tat te service is current'y runnin- on te +acine. See
inetd.conf6$7 for te confi-uration of 8nternet services offered. Note tat not a'' networ3in- services are
started by inetd687= and so won4t a&&ear in inetd.conf6$7. 8n &articu'ar= news 6NNTP7 and +ai' 6S#TP7 servers
are often initia'ised fro+ te syste+ boot scri&ts.
1,.4. Local ti%ezone 6A setu( ;/etc/tvalue<
(
( <his file contains the <K setting for the timezone. "t is best to set
( up /etc/localtime instead. Incomment to activate it.
(
(Lormat4 <K6<timezone>VW%==&4BB' !ign Vve east of :reenwichF %ve otherwise.
(export <K6:B<
,x&'anation about te TM variab'e is avai'ab'e ere . #ost users won4t can-e tat variab'e
Te easiest way to define your 'oca' ti+e Aone of your 1erin- box is to down'oad te corres&ondin- 'oca'ti+e
fi'e. P'ease refer to te 1erin- user4s -uide 0Ti+e in 1erin-0
Prev .o+e Next
8nsta''ation > ste& (9 confi-ure
Sorewa''
D& 8nfor+ation on &ac3a-es &rovided
on te 1erin- f'o&&y dis3
11. (n%or,ation on "a#$ages "ro!ided on the Bering %lo""& dis$ 31
11. 8n5or%ation on (ackages (ro*ided on the Bering
5lo((! disk
11.1. bridge.lr(
So+e infor+ation on brid-e confi-uration is avai'ab'e ere . 8f so+eone fee's 'i3e writin- a user4s -uide
ca&ter on 1erin-= &'ease do not esitate 9>7
2urrent 01erin-0 version9 0.".!
11.. dhc(d.lr(
Tis is te 8S2 dc& server fro+ 2ar'es4s @eb site. % fu'' docu+entation is avai'ab'e ere .
5o not for-et te dc& &ara+eter in your Sorewa'' interface fi'e 6See Sorewa'' docu+entation7.
2urrent 01erin-0 version9 2.0&'$
11.". dnscache.lr(
% fu'' docu+entation is avai'ab'e ere .
2urrent 01erin-0 version9 1.0$
11.#. etc.lr(
1erin- re?uired &ac3a-e.
2urrent 01erin-0 version9 1.0>stab'e
11.&. initrd.lr(
11.'. i(tables.lr(
Provides i&tab'es &ro-ra+ fro+ te Netfi'ter &ro:ect.
2urrent 01erin-0 version9 1.2.(a
11.2. ke!board.lr(
11.3. local.lr(
11.4. log.lr(
11.1,. %odules.lr(
1erin- re?uired 3erne' +odu'es &ac3a-e.
11.11. (((.lr(
&&&.'r& &rovides te &&& dae+on &atced to a''ow for PPPo, connection. 8t wi'' a'so be needed for a standard
seria' +ode+ connection. To confi-ure &&& -o to te /,%F Pac3a-es confi-uration +enu and coose &&&.
ppp configuration files
.A "!P pppd options
)A "!P login script
,A !$stem wide pppd options
2A chap secret
*A pap secret
+A pppd daemon script
CA Cuit
*&tion 1 -ive you access to te /etc/ppp/peer/provider fi'e. Te sa+&'e fi'e is ready to
use for a 2o+&userve +ode+ dia'>u& connection. %d:ust it to you needs.
*&tion 2 -ives you access to te /etc/chatscripts/provider. Te sa+&'e fi'e is a sa+&'e
scri&t fi'e for 2o+&userve. %d:ust it to your needs.
*&tion 3 -ives you access to te /etc/ppp/options syste+ wide
fi'e *&tion ! -ives you access to te /etc/ppp/chap%secrets fi'e
*&tion $ -ives you access to te /etc/ppp/pap%secrets fi'e
*&tion ( -ives you access to te /etc/init.d/ppp scri&t fi'e
Te +an &a-e for te &&& dae+on is avai'ab'e ere.
Te peer/provider and chatscript/provider fi'es are te one used by defau't for a
+ode+ connection. Cou can i-nore tose two fi'es if you run &&&.'r& to-ter wit te &&&oe.'r&
&ac3a-e. 8n tis
case you wi'' edit te two ads'>&rovider fi'es avai'ab'e trou- te &&&oe confi-uration +enu.
Te 1erin- &&&d dae+on co+es fro+ te &&&>2.!.1.tar.-A &ac3a-e. Tis &ro-ra+ is &atced for &&&oe
su&&ort wit te &&&>2.!. 1>&&&oe.&atc! &atc. Te resu't of te co+&i'ation -ives te 01erin-0 &&&d
dae+on &rovided in &&&.'r&.
8f you want su&&ort for #S2.%P 6&&t& tunne's7 or for te active>fi'ter &&&d o&tion you wi'' ave to re&'ace
te &&&d dae+on &rovided on te 1erin- &&&.'r& &ac3a-e by te a&&ro&riate version avai'ab'e ere .
Te fo''owin- &atced &&&d dae+ons are avai'ab'e9
pppd%pptp
R7eringR pppd daemon V the two following patches4
ppp%).2..%openssl%1./.+%mppe%patch.gz
ppp%).2..%B!E=;Pv)%fix.patch.gz
pppd%pptp%reCmppe
pppd%pptp V the following patch4
reCuire%mppe.diff
pppd%pptp%reCmppe%filter
pppd%pptp%reCmppe compiled with the L"?<D@ flag enabled and
statiscall$ compiled against libpcap.
pppd%filter
R7eringR pppd daemon compiled with the L"?<D@ flag enabled and
staticall$ compiled against libpcap. 3o pptp support.
2urrent 01erin-0 version9 2.!.1
11.1. (((oe.lr(
&&&oe.'r& &rovides te PPPo, &&&d &'u-in to a''ow for a 3erne' based PPPo, connection. To confi-ure
PPPo,= -o to te /,%F &ac3a-es confi-uration +enu and se'ect &&&oe.
pppoe configuration files
.A G!? pppd options
)A pap secret
CA Cuit
*&tion 1 -ive you access to te /etc/ppp/peer/dsl%provider fi'e. Te sa+&'e fi'e is
ready to use for T>5S/. %d:ust it to you needs.
8#P*RT%NT9 be sure to can-e te user $a$na!e wit your va'id 'o-in na+e. Dsua''y you need te
U&rovider.co+ suffix. Tis na+e +ust be te sa+e as te one in te /etc/ppp/pap%secrets
be'ow.
*&tion 2 -ives you access to te /etc/ppp/pap%secrets fi'e. Te for+at is userna!e 6te
sa+e as above7 O yoursecret
Te /,%F 01erin-0 distribution uses te PPPo, 3erne' +ode &'u-in. 5o not use te instructions for
Roarin- Pen-uin &&&oeB
2urrent 01erin-0 version9 2.!.1
11.1". (u%(.lr(
Pu+& is te 5.2P;1**TP c'ient fro+ Redat. To confi-ure it -o to te /,%F &ac3a-es confi-uration +enu
and coose &u+&.
pump configuration files
.A pump configuration file
)A pump default config file
,A pump init script
CA Cuit
*&tion 1 -ive you access to te &u+& confi-uration fi'e 6/etc/pump.conf7. #an &a-es are
avai'ab'e ere.
*&tion 2 defines defau't &ara+eters
*&tion 3 -ives you access to te /etc/init.d/pump scri&t 6ex&erienced users
on'yB7 2urrent 01erin-0 version9 0.8.11>3
11.1#. root.lr(
11.1&. shor$all.lr(
Te Sorewa'' firewa'' fro+ To+ ,aste&. See te 02onfi-ure Sorewa''0 ca&ter of tis insta''ation -uide.
2urrent 01erin-0 version9 1.3."b
11.1'. $eblet.lr(
Dsed to +onit0r your 1erin- box trou- a @eb interface. 5ocu+entation is avai'ab'e on 2ar'e4s @eb site .
2urrent 01erin-0 version9 1.2.0
Prev .o+e Next
8nsta''ation > ste& )9 confi-ure your
syste+
D& 8nfor+ation on &ac3a-es &rovided
in te 1erin- &ac3a-es down'oad
area
12. (n%or,ation on "a#$ages "ro!ided in the Bering "a#$ages do+nload area 36
Prev /,%F 01erin-0 insta''ation -uide
1. 8n5or%ation on (ackages (ro*ided in the Bering
(ackages do$nload area
1erin- s&ecific &ac3a-es are avai'ab'e in te 1erin- &ac3a-es directory . @at fo''ows is on'y a sort
descri&tion wit 'in3 to te &ro&er docu+entation= wen avai'ab'e 9>7
@it 1erin- rc!= te fo''owin- s&ecific &ac3a-es are avai'ab'e 6as of Nove+ber 1!=200279
drwxr%sr%x , jnilo leaf 21/+ 3ov .. 154)+ .
drwxr%sr%x 2 jnilo leaf 21/+ 3ov .. 1+4., ..
%rw%r%%r%% . jnilo leaf 2,/*. -un ) .14). dhclient.lrp
%rw%r%%r%% . jnilo leaf ,221.* 3ov .. 154)+ ipsec.lrp
%rw%r%%r%% . jnilo leaf ,0.+*, 3ov .. 154,, ipsec*1/.lrp
%rw%r%%r%% . jnilo leaf ,/+./ ;pr )* )11) libm.lrp
%rw%r%%r%% . jnilo leaf ,.)+/ ct + 1/4,, ntpdate.lrp
%rw%r%%r%% . jnilo leaf **.,+ ct + 1/4,, ntpsimpl.lrp
%rw%r%%r%% . jnilo leaf .1.002 3ov .1 .)4.5 pcmcia.lrp
%rw%r%%r%% . jnilo leaf ..,555 3ov .1 .)4.5 pcmcia8orinoco.lrp
%rw%r%%r%% . jnilo leaf 5*2*1 3ov .1 .)4.5 pcmcia8xircom.lrp
%rw%r%%r%% . jnilo leaf .10/.2 Ba$ .5 ..4,1 pppatm.lrp
drwxr%sr%x ) jnilo leaf 21/+ Ba$ * )11) pppd
%rw%r%%r%% . jnilo leaf .02,/ -ul )0 1,4** pptpd.lrp
%rw%r%%r%% . jnilo leaf 2.0/5 ct )1 .14,2 tc.lrp
%rw%r%%r%% . jnilo leaf 25/5 -un .1 .)4*) vlan.lrp
%rw%r%%r%% . jnilo leaf ).1/5 ct + .14)2 wireless.lrp
%rw%r%%r%% . jnilo leaf .+)*/ ct + .14)2 wireutil.lrp
%rw%r%%r%% . jnilo leaf *+,/2 ct + 1+41+ wlan%ng.lrp
1.1. dhclient.lr(
For tose wo do not want to use &u+&.'r&= tis is te dc'ient.'r& fro+ 2ar'es site ada&ted for 1erin-.
5ocu+entation can be found ere .
2urrent 01erin-0 version9 2.0&'$
1.. i(sec.lr(
Tis is te freeswan i&sec &ac3a-e. Refer to te 1erin- user4s -uide for ex&'anations.
2urrent 01erin-0 version9 1.""
1.". i(sec&,4.lr(
Tis is te freeswan i&sec &ac3a-e &atced for x$0" certificate su&&ort 6version. Refer to te 1erin- user4s
-uide for ex&'anations.
2urrent 01erin-0 version9 1.""
1.#. lib%.lr(
Tis is te 'ib+ 'ibrary. Re?uired by so+e &ac3a-es nt&si+&'.'r&= wire'ess.'r& and wireuti'.'r& in &articu'ar.
2urrent 01erin-0 version9
1.&. nt(date.lr(
Tis is te nt& c'ient fro+ 5ebian.
2urrent 01erin-0 version9 !.1.0>8
1.'. nt(si%(l.lr(
Tis is te nt& server fro+ 5ebian. Tis &ac3a-e re?uires 'ib+.'r&
2urrent 01erin-0 version9 !.1.0>8
1.2. (c%cia.lr(:(c%ciaBorinoco.lr(:(c%ciaB9irco%.lr(
Tis &ac3a-e is bui't fro+ &c+cia>cs . To confi-ure &c+cia= -o to te /,%F &ac3a-es confi-uration +enu
and se'ect &c+cia.
Te functionna'ities of tis &ac3a-e are 'i+ited to networ3= wire'ess < seria' setu&. Te fo''owin- +enu wi''
a&&ear9
pcmcia configuration files
.A pcmcia default parameters
)A pcmcia configuration
,A wireless configuration
CA Cuit
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
!election4
Refer to te P2#28% .ow>to for a fu'' ex&'anation of te confi-uration &ara+eters. Te +an &a-es are ere .
8n order to ave a wor3in- &c+cia &ac3a-e= you need to down'oad in /lib/modules/pcmcia tose
+odu'es wic are necessary for your own P2#28% card9
Startin- wit 1erin- v1.0>rc2= &c+cia +odu'es co+e fro+ te &c+cia>cs &ac3a-e and N*T fro+ te 3erne'.
Non 3erne' +ode P2#28% su&&ort trou- &c+cia>cs a&&ears +ore stab'e.
Te P2#28% drivers are ere
Two 0core0 +odu'es are +andatory9 &c+ciaKcore.o and ds.o and are &rovided wit te &c+cia.'r& &ac3a-e.
Cou wi'' ten need a soc3et driver 6tcic.o or i823($.o for exa+&'e7 and your networ3 card drivers.
Te interface &rovided by your &c+cia ardware 6e.-. et0 and &&&07 sou'd N*T be &ut in te auto
state+ent of te /etc/interface fi'e. Te /etc/pcmcia/network scri&t wi'' be 'aunced by te
card+-r &ro-ra+ wic is 'aunced by /etc/init.d/pcmcia scri&t. Te interface confi-uration wi''
be ten read fro+ te interface fi'e. See te 1erin- user4s -uide for &ractica' exa+&'es.
*n te to& of te standard &c+cia.'r& &ac3a-e &rovided witout any &c+cia 3erne' +odu'es= two oter
&ac3a-es are &rovided in te 1erin- &ac3a-e area9
&c+ciaKxirco+.'r& 9 &rovides a ready>to>-o &c+cia &ac3a-e for L8R2*# 1( bits P2#28% cards.
Te necessary &c+cia>cs 63.2.17 drivers are inc'uded. 8t as been tested successfu''y on a Rea'Port
,ternet 10;100 V #ode+ $(3 6R,#$(F>1001TL7. Tis fi'e is stri&&ed to a bare +ini+u+ to save
s&ace.
&c+ciaKorinoco.'r& 9 &rovides a ready>to>-o &c+cia &ac3a-e for orinoco cards. Te necessary
&c+cia>cs 63.2.17 drivers are inc'uded.
Te &revious two &ac3a-es sou'd be rena+ed &c+cia.'r& after down'oadin-. %'so +a3e sure tat te
+odu'es &rovided wit &c+ciaKxirco+.'r& and &c+ciaKorinoco.'r& corres&ond to te +odu'es &rovided
wit your 1erin- re'ease B
1.3. (((at%.lr(
Provides te PPPd 5ea+on &atced for &&&oa. See9 tt&9;;www.sf-ot.co+;W+itc;'inux;at+;&&&oat+; for
furter info.
2urrent 01erin-0 version9 2.!.0b2. Stran-e'y enou- no recent version of &&&d su&&orts &&&oa 9>6
1.4. ((t(d.lr(
Provides &&t&d= te PPTP server for /inux. See9 tt&9;;www.&o&to&.or- for furter info.
1.1,. *lan.lr(
Tis &ac3a-e &rovides vconfi- &ro-ra+ and te necessary scri&ts. Te vconfi- &ro-ra+ co+es fro+ te v'an
'inux web site were you wi'' find usefu' infor+ation.
2urrent 01erin-0 version9 1.(
1.11. tc.lr(
Te tc.'r& &ac3a-e &rovides te tc &ro-ra+ fro+ te i&route2 uti'ities used wit /,%F 01erin-0. Tis &ro-ra+
is &atced for tb 6H27 su&&ort . Tere is no confi-uration fi'e for tis &ro-ra+= wic is on'y used if you want
for traffic>sa&&in- trou- Sorewa''. Refer to te sorewa'' docu+entation if you are &'annin- to use
traffic>sa&&in-.
2urrent 01erin-0 version9 SS01082!
1.1. $ireless.lr( and $ireutil.lr(
Tese are too's for +ani&u'atin- /inux @ire'ess ,xtensions written by Jean Tourri'es . Tese two &ac3a-es
contain te @ire'ess too's= used to +ani&u'ate te /inux @ire'ess ,xtensions. Te @ire'ess ,xtension is an
interface a''owin- you to set @ire'ess /%N s&ecific &ara+eters and -et te s&ecific stats.
Te wire'ess.'r& &ac3a-e &rovides te wire'ess uti'ities used for confi-uration= na+e'y9 iwconfi-= iw&riw=
iws&y
Te wireuti'.'r& &ac3a-e &rovides te wire'ess uti'ities used for infor+ation= na+e'y9 iw-etid= iw'ist and
iwevent.
Cou need to down'oad te 'ib+.'r& &ac3a-e to ave wor3in- wire'ess.'r& and wireuti'.'tr& &ac3a-es. Tere is
no confi-uration fi'e for tose &ac3a-es wic are ty&ica''y used in cun:unction wit &c+cia.'r&. 8n +ost
cases on'y wire'ess.'r& wi'' be necessary.
2urrent 01erin-0 version9 2$
1.1". $lan-ng.lr(
Tese are uti'ities for wire'ess &ris+2 cards. w'an>n-.'r& &rovides a set of drivers and uti'ities tat is intended
to &rovide te fu'' ran-e of 8,,, 802.11 #%2 +ana-e+ent ca&abi'ities for use in user>+ode uti'ities and
scri&ts. Te &ac3a-e current'y su&&orts te 8ntersi' 802.11b Pris+2= Pris+2.$= and Pris+3 reference desi-ns
for P2#28%= P28= and DS1. %dditiona''y= te &ac3a-e inc'udes su&&ort for te P/L"0$2 based P28 to
P2#28% ada&ter wit a few different P2#28% cards.
Tis &ac3a-e is use'ess witout te a&&ro&riate 'inux>w'an>n- +odu'es avai'ab'e in te 1erin- +odu'es
down'oad area .
Tis &ac3a-e &rovides te nwe&-en= w'ancf-= w'anct'>n- and w'and user'and &ro-ra+s and debian scri&ts for
'inux>w'an>n- .
2urrent 01erin-0 version9 0.1.1$
Prev .o+e
8nfor+ation on &ac3a-es &rovided D&
on te 1erin- f'o&&y dis3

Bering Doc Install 1.0-Stable

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Bering Doc Install 1.0-Stable

Enviado por

Direitos autorais:

Formatos disponíveis

LEAF "Bering" installation guide

LEAF "Bering" installation guide

Você também pode gostar